research-article

A universal cloud user revocation scheme with key-escrow resistance for ciphertext-policy attribute-based access control

Authors:

Nazatul Haque Sultan,

Ferdous Ahmed Barbhuiya,

Nityananda SarmaAuthors Info & Claims

SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

Pages 11 - 18

https://doi.org/10.1145/3136825.3136877

Published: 13 October 2017 Publication History

Abstract

Cloud storage service allows its users to store and share data in a cloud environment. To secure the data from unauthorized entities while sharing, cryptographic mechanisms are used. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one such mechanism, which has been widely used to achieve fine-grained access control over encrypted data. However, user revocation and keyescrow, in CP-ABE, are still remaining as challenging problems. In this paper, we propose a key-escrow resistant CP-ABE based access control scheme to provide efficient user revocation. The security analysis of the scheme has been done using Information Theory Tools. The security analysis establishes that it is unconditionally secure and provides any-wise revocation capability. Moreover, comparison with the other notable works in the area shows that it outperforms them in terms of computational and communication overheads.

References

[1]

Z. Qin, H. Xiong, S. Wu, and J. Batamuliza. A survey of proxy re-encryption for secure data sharing in cloud computing. IEEE Transactions on Services Computing, PP(99), 2016.

[2]

S. Kamara and K. Lauter. Cryptographic cloud storage. In Procedings of the 14th International Conference on Financial Cryptograpy and Data Security, FC'10, pages 136--149, 2010.

Digital Library

[3]

N. H. Sultan and F. A. Barbhuiya. A secure re-encryption scheme for data sharing in unreliable cloud environment. In Procedings of the 12th IEEE World Congress on Services, SERVICES 2016, pages 75--80, June 2016.

[4]

J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP '07, pages 321--334, 2007.

Digital Library

[5]

S. Yu, C. Wang, K. Ren, and W. Lou. Attribute based data sharing with attribute revocation. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 261--270, 2010.

Digital Library

[6]

M. Horváth. Attribute-based encryption optimized for cloud computing. In Procedings of the 41st International Conference on Current Trends in Theory and Practice of Computer Science, SOFSEM, pages 566--577, Jan. 2015.

Digital Library

[7]

A. Sahai and B. Waters. Fuzzy identity-based encryption. In Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT'05, pages 457--473, 2005.

Digital Library

[8]

M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In Proceedings of the ACM Conference on Computer and Communications Security, CCS '06, pages 99--112, 2006.

Digital Library

[9]

M. Chase. Multi-authority attribute based encryption. In Proceedings of the 4th Conference on Theory of Cryptography, TCC'07, pages 515--534, 2007.

Digital Library

[10]

J. Hur. Improving security and efficiency in attribute-based data sharing. IEEE Transactions on Knowledge and Data Engineering, 25(10):2271--2282, Oct 2013.

Digital Library

[11]

K. Yang, X. Jia, and K. Ren. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13, pages 523--528, 2013.

Digital Library

[12]

S. Ruj, M. Stojmenovic, and A. Nayak. Decentralized access control with anonymous authentication of data stored in clouds. IEEE Transactions on Parallel and Distributed Systems, 25(2):384--394, Feb 2014.

Digital Library

[13]

R. Ostrovsky, A. Sahai, and B. Waters. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 195--203, 2007.

Digital Library

[14]

P. Zhang, Z. Chen, K. Liang, S. Wang, and T. Wang. A cloud-based access control scheme with user revocation and attribute update. In Proceedings of the 21st Australasian Conference Information Security and Privacy, ACISP, pages 525--540, July 2016.

Digital Library

[15]

G. Zhang, L. Liu, and Y. Liu. An attribute-based encryption scheme secure against malicious kgc. In Procedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pages 1376--1380, June 2012.

Digital Library

[16]

J. Hur, D. Koo, S. O. Hwang, and K. Kang. Removing escrow from ciphertext policy attribute-based encryption. Computers and Mathematics with Applications: Advanced Information Security, 65(9):1310--1317, 2013.

[17]

S. Wang, K. Liang, J. K. Liu, J. Chen, J. Yu, and W. Xie. Attribute-based data sharing scheme revisited in cloud computing. IEEE Transactions on Information Forensics and Security, 11(8):1661--1673, Aug 2016.

[18]

M. Sookhak, F. R. Yu, M. K. Khan, Y. Xiang, and R. Buyya. Attribute-based data access control in mobile cloud computing. Future Generation Computer Systems, 72(C):273--287, July 2017.

Digital Library

[19]

T. Cover and J. Thomas. Elements of Information Theory. John Wiley and Sons, Inc., 1991.

Digital Library

[20]

R. Dutta and S. Mukhopadhyay. Improved self-healing key distribution with revocation in wireless sensor network. In Procedings of the IEEE Wireless Communications and Networking Conference, WCNC 2007, pages 2963--2968, March 2007.

Digital Library

[21]

J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean. Self-healing key distribution with revocation. In Proceedings 2002 IEEE Symposium on Security and Privacy, pages 241--257, 2002.

Digital Library

[22]

D. Liu, P. Ning, and K. Sun. Efficient self-healing group key distribution with revocation capability. In Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS '03, pages 231--240, 2003.

Digital Library

[23]

S. Yu, C. Wang, K. Ren, and W. Lou. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proceedings of the 29th Conference on Information Communications, INFOCOM'10, pages 534--542, 2010.

Digital Library

[24]

PBC (Pairing-Based Cryptography) library. http://crypto.stanford.edu/pbc/ {Online accessed: 15-Jan.-2017}.

[25]

GMP (GNU Multiple Precision) arithmetic library. http://gmplib.org/ {Online accessed: 15-Jan.-2017}.

Cited By

Sultan NKaaniche NLaurent MBarbhuiya F(2022)Authorized Keyword Search over Outsourced Encrypted Data in Cloud EnvironmentIEEE Transactions on Cloud Computing10.1109/TCC.2019.293189610:1(216-233)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TCC.2019.2931896
Malina LDzurenda PRicci SHajny JSrivastava GMatulevicius RAffia ALaurent MSultan NTang Q(2021)Post-Quantum Era Privacy Protection for Intelligent InfrastructuresIEEE Access10.1109/ACCESS.2021.30622019(36038-36077)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3062201

Index Terms

A universal cloud user revocation scheme with key-escrow resistance for ciphertext-policy attribute-based access control
1. Security and privacy
  1. Security services
    1. Access control
    2. Authorization

Recommendations

A ciphertext-policy attribute-based encryption scheme with constant ciphertext length

An Attribute-Based Encryption (ABE) is an encryption scheme where users with some attributes can decrypt ciphertexts associated with these attributes. The length of the ciphertext depends on the number of attributes in previous ABE schemes. In this ...
Key escrow-free attribute based encryption with user revocation
Abstract
There exists a key escrow issue in ciphertext-policy attribute-based encryption (CP-ABE). The key generator center issues all users’ secret keys and can decrypt each ciphertext by calculating the corresponding secret key. Besides, ...
Comments on Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation

Attribute-based encryption (ABE) with outsourced decryption not only allows fine-grained and versatile sharing of encrypted data, but also largely mitigates the decryption overhead and the ciphertext size in the standard ABE schemes. Very recently, Xu et ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

October 2017

321 pages

ISBN:9781450353038

DOI:10.1145/3136825

General Chairs:
Rajveer Singh Shekhawat
Manipal University Jaipur, India
,
M. S. Gaur
IIT Jammu, India
,
Atilla Elci
Aksaray University, Turkey
,
Jaideep Vaidya
Rutgers University
,
Oleg Makarevich
Southern Federal University, Russia
,
Ron Poet
University of Glasgow, UK
,
Mehmet Orgun
McQuarie Univ, Australia
,
Vijaypal S. Dhaka
Manipal University Jaipur, India
,
Manoj K. Bohra
Manipal University Jaipur, India
,
Virender Singh
IIT Bombay, India
,
Ludmila Babenko
Southern Federal University, Russia
,
Naghmeh M. Sheykhkanloo
Napier University, UK
,
Behnam Rahnama
Medis Inc., Iran

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Science and Engineering Research Board, Govt. of India

Conference

SIN '17

SIN '17: Security of Information and Networks

October 13 - 15, 2017

Jaipur, India

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
167
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sultan NKaaniche NLaurent MBarbhuiya F(2022)Authorized Keyword Search over Outsourced Encrypted Data in Cloud EnvironmentIEEE Transactions on Cloud Computing10.1109/TCC.2019.293189610:1(216-233)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TCC.2019.2931896
Malina LDzurenda PRicci SHajny JSrivastava GMatulevicius RAffia ALaurent MSultan NTang Q(2021)Post-Quantum Era Privacy Protection for Intelligent InfrastructuresIEEE Access10.1109/ACCESS.2021.30622019(36038-36077)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3062201

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents