Abstract
Attribute-based encryption(ABE) can enable user-centered data sharing in untrusted cloud scenario where users usually lack control on their outsourced data. However, existing ABE schemes have intrinsic limitations on scalability and revocation efficiency due to the bottleneck of a central authority and heavy re-encryption overhead on revocations. In this paper, we present a revocable decentralized attribute-based encryption scheme for data access control in cloud storage. In particular, by integrating decentralized attribute-based encryption, key regression technique, all-or-nothing transform, revocation list for involved attributes, and blacklist in a novel way, we provide a revocable ABE scheme with practical dynamic group membership and identity privacy protection, and meanwhile, it enhances the re-encryption efficiency caused by revocations without sacrificing security. We analyzed the security of our scheme. The experimental evaluation demonstrates that the cryptographic overhead on key derivation, encryption(decryption), and ABE ciphertext update are reasonable, and for the throughput of accessing encrypted data from the cloud, our scheme outperforms other schemes.
Similar content being viewed by others
References
Gartner. (2019). Security risks in cloud computing. Retrieved from https://www.gartner.com/en/documents/3937043/security-risks-in-cloud-computing
Cyber threat and security portal. (2020). What are the security risks of cloud computing? Retrieved from https://cyberthreatportal.com/what-are-the-security-risks-of-cloud-computing/
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Annual international Conference on the Theory and Applications of Cryptographic Techniques. pp 457–473. Springer
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. Acm, pp 89–98
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, 2007. SP’07. IEEE, pp 21–334
Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: International Workshop on Public Key Cryptography. pp. 53–70. Springer
Kumar P, Alphonse PJA (2018) Attribute based encryption in cloud computing: a survey, gap analysis, and future directions. J Netw Comput Appl 108:37–52
Al-Dahhan RR, Shi Q, Lee GM, Kifayat K (2019) Survey on revocation in ciphertext-policy attribute-based encryption. Sensors 19(7):1695
Zhang Y, Deng RH, Xu S, Sun J, Li Q, Zheng D (2020) Attribute-based encryption for cloud computing access control: a survey. ACM Comput Surv (CSUR) 53(4):1–41
Chase M (2007) Multi-authority attribute based encryption. Theory Cryptogr, pp 515–534. Springer
Yang K, Jia X (2014) Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25(7):1735–1744
Lewko A, Waters B (2011) Decentralizing attribute-based encryption. Adv Cryptol EUROCRYPT 2011, pp 568–588. Springer
Boneh D, Lewi K, Montgomery H, Raghunathan A (2013) Key homomorphic proofs and their applications. Adv Cryptol CRYPTO 2013, pp 410–428. Springer
Everspaugh A, Paterson K, Ristenpart T, Scott S (2017) Key rotation for authenticated encryption. In: Annual International Cryptology Conference. pp 98–129. Springer
Lehmann A, Tackmann B (2018) Updatable encryption with post-compromise security. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp 685–716. Springer
Myers S, Shull A (2018) Practical revocation and key rotation. In: Cryptographers’ Track at the RSA Conference. pp 157–178. Springer
Dodis Y, Sahai A, Smith A (2001) On perfect and adaptive security in exposure-resilient cryptography. In: International Conference on the Theory and Applications of Cryptographic Techniques. pp 301–324. Springer
Attrapadung N, Libert B, De Panafieu E (2011) Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: International Workshop on Public Key Cryptography. pp 90–108. Springer
Deng H, Wu Q, Qin B, Domingo-Ferrer J, Zhang L, Liu J, Shi W (2014) Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf Sci 275:370–384
Cui H, Deng RH (2016) Revocable and decentralized attribute-based encryption. Comput J 59(8):1220–1235
Liu J. K, Yuen T. H, Zhang P, Liang K (2018) Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. In: International Conference on Applied Cryptography and Network Security, pp 516–534. Springer
Yu P, Wen Q, Ni W, Li W, Sun C, Zhang H, Jin Z (2019) Decentralized, revocable and verifiable attribute-based encryption in hybrid cloud system. Wireless Personal Commun 106(2):719–738
Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes. Int J Inf Security 17(5):533–548
Xiong H, Zhao Y, Peng L, Zhang H, Yeh KH (2019) Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Generation Comput Syst 97:453–461
Zhang Y, Zheng D, Deng RH (2018) Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J 5(3):2130–2145
Li J, Yu Q, Zhang Y (2019) Hierarchical attribute based encryption with continuous leakage-resilience. Inf Sciences 484:113–134
Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener Comput Syst 78:720–729
Xu S, Yang G, Mu Y, Deng RH (2018) Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans Inf Foren Security 13(8):2101–2113
Li J, Zhang Y, Chen X, Xiang Y (2018) Secure attribute-based data sharing for resource-limited users in cloud computing. Comput Security 72:1–12
Fu X, Nie X, Wu T, Li F (2018) Large universe attribute based access control with efficient decryption in cloud storage system. J Syst Software 135:157–164
Ma H, Zhang R, Yang G, Song Z, Sun S, Xiao Y (2018) Concessive online/offline attribute based encryption with cryptographic reverse firewalls–Secure and efficient fine-grained access control on corrupted machines. In European symposium on research in computer security (pp 507–526). Springer
Rouselakis Y, Waters B (2015) Efficient statically-secure large-universe multi-authority attribute-based encryption. In: International Conference on Financial Cryptography and Data Security. pp 315–332. Springer
Li W, Xue K, Xue Y, Hong J (2016) Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parallel Distrib Syst 27(5):1484–1496
Xue K, Xue Y, Hong J, Li W, Yue H, Wei DS, Hong P (2017) Raac: robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans Inf Forensics Security 12(4):953–967
Yang K, Liu Z, Cao Z, Jia X, Wong DS, Ren K (2012) Taac: Temporal attribute-based access control for multi-authority cloud storage systems. IACR Cryptol EPrint Arch 2012:651
Ruj S, Stojmenovic M, Nayak A (2014) Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans Parallel Distrib Syst 25(2):384–394
Yang Y, Liu J. K, Liang K, Choo K. K. R, Zhou J (2015) Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data. In European symposium on research in computer security. pp 146–166. Springer
Cui H, Deng R.H, Li Y, Qin B (2016) Server-aided revocable attribute-based encryption. In: European Symposium on Research in Computer Security. pp 570–587. Springer
Li J, Yao W, Han J, Zhang Y, Shen J (2017) User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst J 12(2):1767–1777
Imine Y, Lounis A, Bouabdallah A (2017) Immediate attribute revocation in decentralized attribute-based encryption access control. In: Trustcom/BigDataSE/ICESS, 2017 IEEE. pp 33–40. IEEE
Zhong H, Zhu W, Xu Y, Cui J (2018) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22(1):243–251
Zheng H, Wu J, Wang B, Chen J (2017) Modified ciphertext-policy attribute-based encryption scheme with efficient revocation for phr system. Math Prob Eng
Sakurai K, Nishide T, Syalim A (2017) Improved proxy re-encryption scheme for symmetric key cryptography. In: International Workshop on Big Data and Information Security (IWBIS), 2017, pp 105–111. IEEE
Yasumura Y, Imabayashi H, Yamana H (2017) Attribute-based proxy re-encryption method for revocation in cloud data storage. In: 2017 IEEE International Conference on Big Data (Big Data), pp 4858–4860. IEEE
Wang F, Mickens J, Zeldovich N, Vaikuntanathan V (2016) Sieve: Cryptographically enforced access control for user data in untrusted clouds. In: NSDI. vol.16, pp. 611–626
Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: Annual International Cryptology Conference, pp 213–229. Springer
Boneh D, Lynn B, Shacham H (2001) Short signatures from the weil pairing. In: International Conference on the Theory and Spplication of Cryptology and Information Security. pp 514–532. Springer
Liu Z, Cao Z, Wong DS (2010) Efficient generation of linear secret sharing scheme matrices from threshold access trees. Tech rep, IACR Cryptology ePrint Archive
Fu K, Kamara S, Kohno T (2006) Key regression: Enabling efficient key distribution for secure distributed storage. Comput Sci Depart Faculty Pub Ser, p 149
Jin H, Zhou K, Jiang H, Wei R, Lei D, Li C (2018) Full integrity and freshness for cloud data. Future Generat Comput Syst 80:640–652
Pepple K (2011) Deploying OpenStack. “O’Reilly Media, Inc.”
Akinyele JA, Garman C, Miers I, Pagano MW, Rushanan M, Green M, Rubin AD (2013) Charm: a framework for rapidly prototyping cryptosystems. J Cryptogr Eng 3(2):111–128
ssbench 0.3.9. https://pypi.org/project/ssbench/#description
Acknowledgements
Our research is supported in part by the National Natural Science Foundation of China under Grants 61502189, and the National Key Research and Development Program of China (No.2016YFB0800402).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Wang, C., Jin, H., Wei, R. et al. Revocable, dynamic and decentralized data access control in cloud storage. J Supercomput 78, 10063–10087 (2022). https://doi.org/10.1007/s11227-021-04277-3
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-021-04277-3