RevokAll: Hardware-Assisted Revocable Data Sharing Framework for Full Data Traffic With Rapid Deployment in Cloud-Edge

Abstract

Secure cloud-edge data sharing has been researched recently to provide high quality on-demand data service. Attribute-based encryption (ABE) is a promising solution that achieves data confidentiality and flexible access control simultaneously. But three major issues remain when adapting ABE in cloud-edge, namely reliable user revocation, high performance on devices, and trust issues of public cloud. First, existing direct user revocation mechanisms focus on preventing a revoked user from decrypting header ciphertexts even when key exposure occurs, but ignore the payload security. Second, how to conveniently apply deployment on diverse platforms and run programs on resource-constrained devices with high efficiency is a challenge. Finally, no universal guarantee of cloud computation and management tasks, thus lazy or malicious cloud may not follow the protocol and perform improper actions on purpose. In this work, we propose a Hardware-Assisted Hybrid Fully Outsourced Revocable Attribute-Based Proxy Re-Encryption (H2O-RABPRE) scheme that supports reliable user revocation for full data traffic and hardware-assisted fully outsourced computation. Moreover, we design a hardware-assisted data-sharing framework with rapid deployment for cloud-edge, which integrates the developed SGX-MCL to protect outsourced tasks executed by cloud/edge devices against malicious behaviors and utilizes the enhanced WebAssembly runtime, WasmCrypto, a unified deployment approach for IoT devices with near-native performance. We implement the scheme on an SGX cloud server, a laptop, a Raspberry Pi, and an ESP32 board, and the results indicate that the proposed scheme is practical.