Skip to main content
SpringerLink
Log in

Revocable, dynamic and decentralized data access control in cloud storage

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Attribute-based encryption(ABE) can enable user-centered data sharing in untrusted cloud scenario where users usually lack control on their outsourced data. However, existing ABE schemes have intrinsic limitations on scalability and revocation efficiency due to the bottleneck of a central authority and heavy re-encryption overhead on revocations. In this paper, we present a revocable decentralized attribute-based encryption scheme for data access control in cloud storage. In particular, by integrating decentralized attribute-based encryption, key regression technique, all-or-nothing transform, revocation list for involved attributes, and blacklist in a novel way, we provide a revocable ABE scheme with practical dynamic group membership and identity privacy protection, and meanwhile, it enhances the re-encryption efficiency caused by revocations without sacrificing security. We analyzed the security of our scheme. The experimental evaluation demonstrates that the cryptographic overhead on key derivation, encryption(decryption), and ABE ciphertext update are reasonable, and for the throughput of accessing encrypted data from the cloud, our scheme outperforms other schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Gartner. (2019). Security risks in cloud computing. Retrieved from https://www.gartner.com/en/documents/3937043/security-risks-in-cloud-computing

  2. Cyber threat and security portal. (2020). What are the security risks of cloud computing? Retrieved from https://cyberthreatportal.com/what-are-the-security-risks-of-cloud-computing/

  3. Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Annual international Conference on the Theory and Applications of Cryptographic Techniques. pp 457–473. Springer

  4. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. Acm, pp 89–98

  5. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, 2007. SP’07. IEEE, pp 21–334

  6. Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: International Workshop on Public Key Cryptography. pp. 53–70. Springer

  7. Kumar P, Alphonse PJA (2018) Attribute based encryption in cloud computing: a survey, gap analysis, and future directions. J Netw Comput Appl 108:37–52

    Article  Google Scholar 

  8. Al-Dahhan RR, Shi Q, Lee GM, Kifayat K (2019) Survey on revocation in ciphertext-policy attribute-based encryption. Sensors 19(7):1695

    Article  Google Scholar 

  9. Zhang Y, Deng RH, Xu S, Sun J, Li Q, Zheng D (2020) Attribute-based encryption for cloud computing access control: a survey. ACM Comput Surv (CSUR) 53(4):1–41

    Google Scholar 

  10. Chase M (2007) Multi-authority attribute based encryption. Theory Cryptogr, pp 515–534. Springer

  11. Yang K, Jia X (2014) Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25(7):1735–1744

    Article  Google Scholar 

  12. Lewko A, Waters B (2011) Decentralizing attribute-based encryption. Adv Cryptol EUROCRYPT 2011, pp 568–588. Springer

  13. Boneh D, Lewi K, Montgomery H, Raghunathan A (2013) Key homomorphic proofs and their applications. Adv Cryptol CRYPTO 2013, pp 410–428. Springer

  14. Everspaugh A, Paterson K, Ristenpart T, Scott S (2017) Key rotation for authenticated encryption. In: Annual International Cryptology Conference. pp 98–129. Springer

  15. Lehmann A, Tackmann B (2018) Updatable encryption with post-compromise security. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp 685–716. Springer

  16. Myers S, Shull A (2018) Practical revocation and key rotation. In: Cryptographers’ Track at the RSA Conference. pp 157–178. Springer

  17. Dodis Y, Sahai A, Smith A (2001) On perfect and adaptive security in exposure-resilient cryptography. In: International Conference on the Theory and Applications of Cryptographic Techniques. pp 301–324. Springer

  18. Attrapadung N, Libert B, De Panafieu E (2011) Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: International Workshop on Public Key Cryptography. pp 90–108. Springer

  19. Deng H, Wu Q, Qin B, Domingo-Ferrer J, Zhang L, Liu J, Shi W (2014) Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf Sci 275:370–384

    Article  MathSciNet  Google Scholar 

  20. Cui H, Deng RH (2016) Revocable and decentralized attribute-based encryption. Comput J 59(8):1220–1235

    Article  MathSciNet  Google Scholar 

  21. Liu J. K, Yuen T. H, Zhang P, Liang K (2018) Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. In: International Conference on Applied Cryptography and Network Security, pp 516–534. Springer

  22. Yu P, Wen Q, Ni W, Li W, Sun C, Zhang H, Jin Z (2019) Decentralized, revocable and verifiable attribute-based encryption in hybrid cloud system. Wireless Personal Commun 106(2):719–738

    Article  Google Scholar 

  23. Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes. Int J Inf Security 17(5):533–548

    Article  Google Scholar 

  24. Xiong H, Zhao Y, Peng L, Zhang H, Yeh KH (2019) Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Generation Comput Syst 97:453–461

    Article  Google Scholar 

  25. Zhang Y, Zheng D, Deng RH (2018) Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J 5(3):2130–2145

    Article  Google Scholar 

  26. Li J, Yu Q, Zhang Y (2019) Hierarchical attribute based encryption with continuous leakage-resilience. Inf Sciences 484:113–134

    Article  Google Scholar 

  27. Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener Comput Syst 78:720–729

    Article  Google Scholar 

  28. Xu S, Yang G, Mu Y, Deng RH (2018) Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans Inf Foren Security 13(8):2101–2113

    Article  Google Scholar 

  29. Li J, Zhang Y, Chen X, Xiang Y (2018) Secure attribute-based data sharing for resource-limited users in cloud computing. Comput Security 72:1–12

    Article  Google Scholar 

  30. Fu X, Nie X, Wu T, Li F (2018) Large universe attribute based access control with efficient decryption in cloud storage system. J Syst Software 135:157–164

    Article  Google Scholar 

  31. Ma H, Zhang R, Yang G, Song Z, Sun S, Xiao Y (2018) Concessive online/offline attribute based encryption with cryptographic reverse firewalls–Secure and efficient fine-grained access control on corrupted machines. In European symposium on research in computer security (pp 507–526). Springer

  32. Rouselakis Y, Waters B (2015) Efficient statically-secure large-universe multi-authority attribute-based encryption. In: International Conference on Financial Cryptography and Data Security. pp 315–332. Springer

  33. Li W, Xue K, Xue Y, Hong J (2016) Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parallel Distrib Syst 27(5):1484–1496

    Article  Google Scholar 

  34. Xue K, Xue Y, Hong J, Li W, Yue H, Wei DS, Hong P (2017) Raac: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans Inf Forensics Security 12(4):953–967

    Article  Google Scholar 

  35. Yang K, Liu Z, Cao Z, Jia X, Wong DS, Ren K (2012) Taac: Temporal attribute-based access control for multi-authority cloud storage systems. IACR Cryptol EPrint Arch 2012:651

    Google Scholar 

  36. Ruj S, Stojmenovic M, Nayak A (2014) Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans Parallel Distrib Syst 25(2):384–394

    Article  Google Scholar 

  37. Yang Y, Liu J. K, Liang K, Choo K. K. R, Zhou J (2015) Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data. In European symposium on research in computer security. pp 146–166. Springer

  38. Cui H, Deng R.H, Li Y, Qin B (2016) Server-aided revocable attribute-based encryption. In: European Symposium on Research in Computer Security. pp 570–587. Springer

  39. Li J, Yao W, Han J, Zhang Y, Shen J (2017) User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst J 12(2):1767–1777

    Article  Google Scholar 

  40. Imine Y, Lounis A, Bouabdallah A (2017) Immediate attribute revocation in decentralized attribute-based encryption access control. In: Trustcom/BigDataSE/ICESS, 2017 IEEE. pp 33–40. IEEE

  41. Zhong H, Zhu W, Xu Y, Cui J (2018) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22(1):243–251

    Article  Google Scholar 

  42. Zheng H, Wu J, Wang B, Chen J (2017) Modified ciphertext-policy attribute-based encryption scheme with efficient revocation for phr system. Math Prob Eng

  43. Sakurai K, Nishide T, Syalim A (2017) Improved proxy re-encryption scheme for symmetric key cryptography. In: International Workshop on Big Data and Information Security (IWBIS), 2017, pp 105–111. IEEE

  44. Yasumura Y, Imabayashi H, Yamana H (2017) Attribute-based proxy re-encryption method for revocation in cloud data storage. In: 2017 IEEE International Conference on Big Data (Big Data), pp 4858–4860. IEEE

  45. Wang F, Mickens J, Zeldovich N, Vaikuntanathan V (2016) Sieve: Cryptographically enforced access control for user data in untrusted clouds. In: NSDI. vol.16, pp. 611–626

  46. Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: Annual International Cryptology Conference, pp 213–229. Springer

  47. Boneh D, Lynn B, Shacham H (2001) Short signatures from the weil pairing. In: International Conference on the Theory and Spplication of Cryptology and Information Security. pp 514–532. Springer

  48. Liu Z, Cao Z, Wong DS (2010) Efficient generation of linear secret sharing scheme matrices from threshold access trees. Tech rep, IACR Cryptology ePrint Archive

  49. Fu K, Kamara S, Kohno T (2006) Key regression: Enabling efficient key distribution for secure distributed storage. Comput Sci Depart Faculty Pub Ser, p 149

  50. Jin H, Zhou K, Jiang H, Wei R, Lei D, Li C (2018) Full integrity and freshness for cloud data. Future Generat Comput Syst 80:640–652

    Article  Google Scholar 

  51. Pepple K (2011) Deploying OpenStack. “O’Reilly Media, Inc.”

  52. Akinyele JA, Garman C, Miers I, Pagano MW, Rushanan M, Green M, Rubin AD (2013) Charm: a framework for rapidly prototyping cryptosystems. J Cryptogr Eng 3(2):111–128

    Article  Google Scholar 

  53. ssbench 0.3.9. https://pypi.org/project/ssbench/#description

Download references

Acknowledgements

Our research is supported in part by the National Natural Science Foundation of China under Grants 61502189, and the National Key Research and Development Program of China (No.2016YFB0800402).

Author information

Authors and Affiliations

  1. Wuhan National Lab for Optoelectronics, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China

    Chong Wang, Ronglei Wei & Ke Zhou

  2. Hubei Key Laboratory of Intelligent Robot, School of Computer Science and Engineering, School of Artificial Intelligence, Wuhan Institute of Technology, Wuhan, China

    Hao Jin

Authors
  1. Chong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hao Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ronglei Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ke Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hao Jin.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, C., Jin, H., Wei, R. et al. Revocable, dynamic and decentralized data access control in cloud storage. J Supercomput 78, 10063–10087 (2022). https://doi.org/10.1007/s11227-021-04277-3

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-021-04277-3

Keywords

Search

Navigation