Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

IEEE Transactions on Parallel and Distributed Systems (Impact Factor: 2.17). 08/2011; 22(7):1214 - 1221. DOI: 10.1109/TPDS.2010.203
Source: IEEE Xplore


Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

291 Reads
  • Source
    • "Now days in market cloud computing provide different service oriented models have been available, models like 1) IaaS-Infrastructure as a Service, 2) PaaS-Platform as a Service, and 3) SaaS-Software as a Service. Many commercial cloud computing systems have been built at different levels, e.g., Amazon's S3 [3], Amazon's EC2 [2], and IBM's Blue Cloud [4] are IaaS systems, while Engine Yard[3], Google App Engine [5] and Yahoo Pig are representative PaaS systems, and Google's Apps [6] and Salesforce's Customer Relation Management (CRM) System [7] belong to SaaS systems. With these cloud computing services, the enterprise users no longer need to empower in hardware or software systems or hire professionals to maintain these systems, thus they save cost on IT infrastructure and human resources; and also different computing utilities provided by cloud computing are being provide at a comparatively low price in a pay-as-you-use manner[1]. "

    Preview · Article · Jan 2016
  • Source
    • "A new user can be allotted a new attribute by AA or any existing group user may lose the attribute to revoke their access rights. Though, existing attribute revocation schemes [10] [11] [12] [13] [14] [15] depends too on a trustworthy server or are short of efficiency, those were not appropriate to tackle with the attribute revocation issues in data access management in multi-authority based data storage systems. "

    Full-text · Article · Nov 2015 · International Journal of Computer Applications
    • "is an important feature of ABA systems. There has not been much work focused on ABA revocation, but it is well studied in group signatures[17], identity-based encryption (IBE)[29]and attribute-based encryption (ABE)[30,31,33]. We will discuss revocation methods that can be used in ABA schemes. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Attribute-based authentication (ABA) is a way to authenticate users by means of attributes and it requests the properties of those to be authenticated, for example, resources, contextual information (time, location, etc.) or their combination. In ABA schemes, attributes instead of identity are requested to be presented or even evidence showing that users own the required attributes is enough. Such approaches are more flexible and privacy-preserving compared with traditional identity-based authentication. In this paper, we first explain the general structure and security requirements of ABA schemes, and then give an example to demonstrate their cryptographic design. Next, we analyze recent work and discuss future research topics related to the construction of ABA schemes, including attribute tree building, cryptographic construction, security models, hierarchy, traceability and revocation.
    No preview · Article · May 2015 · International Journal of Computing Science and Mathematics
Show more