Decentralized attribute-based encryption scheme with scalable revocation for sharing data in public cloud servers

2015 International Conference on Cloud Technologies and Applications (CloudTech) Pub Date : 2015-06-02 DOI:10.1109/CLOUDTECH.2015.7336985

Adel Binbusayyis, Ning Zhang

{"title":"Decentralized attribute-based encryption scheme with scalable revocation for sharing data in public cloud servers","authors":"Adel Binbusayyis, Ning Zhang","doi":"10.1109/CLOUDTECH.2015.7336985","DOIUrl":null,"url":null,"abstract":"With the rapid development of cloud computing, it is attractive for enterprise companies to outsource their data files for sharing in cloud servers, as cloud computing can offer desirable characteristics, such as on-demand self-service, broad network access, and rapid elasticity. However, by uploading data files onto cloud servers, data owners (i.e. the companies) will lose control over their own data. This makes it essential to use Attribute-based encryption (ABE) because it can help to protect the data confidentiality by uploading data files in encrypted form. In addition, it can help to facilitate granting access to data by allowing only authorized users to decrypt the encrypted data files based on a set of attributes. However, this ABE approach includes three key issues. The first one is the complexity of user secret key management for large-scale cloud environments. The second is the complexity of revoking the users access rights. The third is the computational complexity involved in assigning user rights, encrypting and accessing data files. This paper addresses these three issues by proposing a decentralized ciphertext-policy ABE scheme (CP-DABE) for a large-scale cooperative cloud environment. The scheme reduces the complexity of user secret key management by providing a secure attribute delegation services between a master authority and a number of multiple attribute authorities. The scheme also reduces the complexity of revocation process by using Proxy Re-encryption technique to revoke any users access right. In addition, by comparing with most relative work, the scheme reduces the computational requirements for assigning user rights, encrypting and accessing data files. The scheme can support any LSSS access structure. In this paper, the cryptographic construction of the CP-DABE scheme is presented, and its efficiency is analyzed and compared with most relative work. The security of the CP-DABE scheme is discussed and selectively proved against chosen-plaintext attacks under the decisional Bilinear Diffie-Hellman Exponent assumption. Finally, ideas to extend the CP-DABE scheme are discussed.","PeriodicalId":293168,"journal":{"name":"2015 International Conference on Cloud Technologies and Applications (CloudTech)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Cloud Technologies and Applications (CloudTech)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLOUDTECH.2015.7336985","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

With the rapid development of cloud computing, it is attractive for enterprise companies to outsource their data files for sharing in cloud servers, as cloud computing can offer desirable characteristics, such as on-demand self-service, broad network access, and rapid elasticity. However, by uploading data files onto cloud servers, data owners (i.e. the companies) will lose control over their own data. This makes it essential to use Attribute-based encryption (ABE) because it can help to protect the data confidentiality by uploading data files in encrypted form. In addition, it can help to facilitate granting access to data by allowing only authorized users to decrypt the encrypted data files based on a set of attributes. However, this ABE approach includes three key issues. The first one is the complexity of user secret key management for large-scale cloud environments. The second is the complexity of revoking the users access rights. The third is the computational complexity involved in assigning user rights, encrypting and accessing data files. This paper addresses these three issues by proposing a decentralized ciphertext-policy ABE scheme (CP-DABE) for a large-scale cooperative cloud environment. The scheme reduces the complexity of user secret key management by providing a secure attribute delegation services between a master authority and a number of multiple attribute authorities. The scheme also reduces the complexity of revocation process by using Proxy Re-encryption technique to revoke any users access right. In addition, by comparing with most relative work, the scheme reduces the computational requirements for assigning user rights, encrypting and accessing data files. The scheme can support any LSSS access structure. In this paper, the cryptographic construction of the CP-DABE scheme is presented, and its efficiency is analyzed and compared with most relative work. The security of the CP-DABE scheme is discussed and selectively proved against chosen-plaintext attacks under the decisional Bilinear Diffie-Hellman Exponent assumption. Finally, ideas to extend the CP-DABE scheme are discussed.

查看原文本刊更多论文

分布式基于属性的加密方案，具有可伸缩的撤销，用于在公共云服务器中共享数据

随着云计算的快速发展，将其数据文件外包到云服务器中共享对企业公司具有很大的吸引力，因为云计算可以提供所需的特性，如按需自助服务、广泛的网络访问和快速的弹性。然而，通过将数据文件上传到云服务器，数据所有者(即公司)将失去对自己数据的控制。这使得使用基于属性的加密(ABE)变得至关重要，因为它可以通过以加密形式上传数据文件来帮助保护数据机密性。此外，通过只允许授权用户基于一组属性解密加密的数据文件，它可以帮助简化对数据的访问。然而，这种ABE方法包括三个关键问题。第一个问题是大规模云环境中用户秘密密钥管理的复杂性。二是撤销用户访问权限的复杂性。第三是分配用户权限、加密和访问数据文件所涉及的计算复杂性。针对这三个问题，本文提出了一种用于大规模协作云环境的去中心化密文策略ABE方案(CP-DABE)。该方案通过在主授权机构和多个多属性授权机构之间提供安全的属性委托服务，降低了用户秘密密钥管理的复杂性。该方案还通过使用代理重加密技术撤销任何用户的访问权限，降低了撤销过程的复杂性。此外，与大多数相关工作相比，该方案减少了分配用户权限、加密和访问数据文件的计算量。该方案支持任意的LSSS访问结构。本文给出了CP-DABE方案的密码结构，并对其有效性进行了分析和比较。在决策双线性Diffie-Hellman指数假设下，讨论了CP-DABE方案的安全性，并有选择地证明了其抗选择明文攻击的安全性。最后，对CP-DABE方案的扩展进行了讨论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 International Conference on Cloud Technologies and Applications (CloudTech)

自引率

0.00%

发文量