A Lightweight and Generic Access Rights Update Mechanism for Attribute-Based Encryption in cloud storage

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-08-23 DOI:10.1016/j.sysarc.2025.103550

Zhiqiang Zhang , Youwen Zhu , Xiaohui Ding , Jian Wang , Junbeom Hur

{"title":"A Lightweight and Generic Access Rights Update Mechanism for Attribute-Based Encryption in cloud storage","authors":"Zhiqiang Zhang , Youwen Zhu , Xiaohui Ding , Jian Wang , Junbeom Hur","doi":"10.1016/j.sysarc.2025.103550","DOIUrl":null,"url":null,"abstract":"<div><div>Cloud storage has emerged as a foundational tool in managing massive volumes of sensitive data across diverse domains. Attribute-Based Encryption provides fine-grained access control to encrypted data in these scenarios. However, the practical application of ABE in cloud environments faces significant challenges, including lack of a generic mechanism for updating access rights and inefficiencies in handling large-scale data. Existing methods suffer from high computational overhead and rely heavily on fully trusted clouds, limiting scalability and increasing privacy risks. To address these challenges, we propose a Lightweight and Generic Access Rights Update Mechanism (LGUM) for ABE. LGUM offers a universal framework for access rights update, leveraging precise ciphertext update components to minimize computation and communication costs. It supports efficient multi-user access rights update with constant complexity <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mn>1</mn><mo>)</mo></mrow></mrow></math></span>, eliminating reliance on fully trusted clouds. And then, we exhibit its generality across various ABE paradigms, including CP-ABE and KP-ABE. Comprehensive performance evaluations demonstrate significant reductions in communication and computational overhead compared to existing approaches, with formal security guarantees based on the BDH and MBDH assumptions.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"168 ","pages":"Article 103550"},"PeriodicalIF":4.1000,"publicationDate":"2025-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S138376212500222X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Cloud storage has emerged as a foundational tool in managing massive volumes of sensitive data across diverse domains. Attribute-Based Encryption provides fine-grained access control to encrypted data in these scenarios. However, the practical application of ABE in cloud environments faces significant challenges, including lack of a generic mechanism for updating access rights and inefficiencies in handling large-scale data. Existing methods suffer from high computational overhead and rely heavily on fully trusted clouds, limiting scalability and increasing privacy risks. To address these challenges, we propose a Lightweight and Generic Access Rights Update Mechanism (LGUM) for ABE. LGUM offers a universal framework for access rights update, leveraging precise ciphertext update components to minimize computation and communication costs. It supports efficient multi-user access rights update with constant complexity

O (1)

, eliminating reliance on fully trusted clouds. And then, we exhibit its generality across various ABE paradigms, including CP-ABE and KP-ABE. Comprehensive performance evaluations demonstrate significant reductions in communication and computational overhead compared to existing approaches, with formal security guarantees based on the BDH and MBDH assumptions.

查看原文本刊更多论文

云存储中基于属性的加密的轻量级通用访问权限更新机制

云存储已经成为管理跨不同领域的大量敏感数据的基础工具。基于属性的加密为这些场景中的加密数据提供了细粒度的访问控制。然而，ABE在云环境中的实际应用面临着重大挑战，包括缺乏更新访问权限的通用机制以及处理大规模数据的效率低下。现有方法的计算开销高，严重依赖于完全可信的云，限制了可伸缩性，增加了隐私风险。为了解决这些挑战，我们提出了一种轻量级通用访问权限更新机制（LGUM）。LGUM为访问权限更新提供了一个通用框架，利用精确的密文更新组件来最小化计算和通信成本。它支持高效的多用户访问权限更新，复杂度恒定为0(1)，消除了对完全可信云的依赖。然后，我们展示了其在各种ABE范式（包括CP-ABE和KP-ABE）中的普遍性。综合性能评估表明，与现有方法相比，通信和计算开销显著减少，并具有基于BDH和MBDH假设的正式安全保证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.