Please wait a minute...
Front. Inform. Technol. Electron. Eng.  2018, Vol. 19 Issue (11): 1362-1384    DOI:
    
Generic user revocation systems for attribute-based encryption in cloud storage
Genlang CHEN, Zhiqian XU, Hai JIANG, Kuan-ching LI
Institute of Ningbo Technology, Zhejiang University, Ningbo 315000, China
Independent Scholar
Department of Computer Science, Arkansas State University, Jonesboro 72467, USA
Department of Computer Science and Information Engineering, Providence University, Taiwan 43301, China
Download:   PDF(0KB)
Export: BibTeX | EndNote (RIS)      

Abstract  Cloud-based storage is a service model for businesses and individual users that involves paid or free
storage  resources.   This service  model  enables  on-demand storage  capacity  and management to  users anywhere
via the Internet.  Because most cloud storage is provided by third-party service providers, the trust required for
the cloud storage providers and the shared multi-tenant environment present special challenges for data protection
and access control.  Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or
decryption keys associated with fine-grained access policies that are automatically enforced during the decryption
process.  This enforcement puts data access under control at each data item level.  However, ABE schemes have
practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for
ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via
cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.


Key wordsAttribute-based encryption      Generic user revocation      User privacy      Cloud storage      Access control     
Received: 27 June 2018      Published: 13 June 2019
Cite this article:

Genlang CHEN, Zhiqian XU, Hai JIANG, Kuan-ching LI. Generic user revocation systems for attribute-based encryption in cloud storage. Front. Inform. Technol. Electron. Eng., 2018, 19(11): 1362-1384.

URL:

http://www.zjujournals.com/xueshu/fitee/     OR     http://www.zjujournals.com/xueshu/fitee/Y2018/V19/I11/1362


Generic user revocation systems for attribute-based encryption in cloud storage

Cloud-based storage is a service model for businesses and individual users that involves paid or free
storage  resources.   This service  model  enables  on-demand storage  capacity  and management to  users anywhere
via the Internet.  Because most cloud storage is provided by third-party service providers, the trust required for
the cloud storage providers and the shared multi-tenant environment present special challenges for data protection
and access control.  Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or
decryption keys associated with fine-grained access policies that are automatically enforced during the decryption
process.  This enforcement puts data access under control at each data item level.  However, ABE schemes have
practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for
ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via
cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.

关键词: Attribute-based encryption,  Generic user revocation,  User privacy,  Cloud storage,  Access control 
[1] Liang-fang Qian, Sen-lin Zhang, Mei-qin Liu. A slotted floor acquisition multiple access based MAC protocol for underwater acoustic networks with RTS competition[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(3): 217-226.
[2] Shuang Tan, Yan Jia. NaEPASC: a novel and efficient public auditing scheme for cloud data[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(9): 794-804.
[3] Yong Cheng, Zhi-ying Wang, Jun Ma, Jiang-jiang Wu, Song-zhu Mei, Jiang-chun Ren. Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage[J]. Front. Inform. Technol. Electron. Eng., 2013, 14(2): 85-97.
[4] Jian-zong Wang, Peter Varman, Chang-sheng Xie. Optimizing storage performance in public cloud platforms[J]. Front. Inform. Technol. Electron. Eng., 2011, 12(12): 951-964.
[5] Guang-yu Fan, Hui-fang Chen, Lei Xie, Kuang Wang. Funneling media access control (MAC) protocol for underwater acoustic sensor networks[J]. Front. Inform. Technol. Electron. Eng., 2011, 12(11): 932-941.
[6] Chen-hua Ma, Guo-dong Lu, Jiong Qiu. An authorization model for collaborative access control[J]. Front. Inform. Technol. Electron. Eng., 2010, 11(9): 699-717.
[7] Jie Shi, Hong Zhu. A fine-grained access control model for relational databases[J]. Front. Inform. Technol. Electron. Eng., 2010, 11(8): 575-586.
[8] Chao Huang, Jian-ling Sun, Xin-yu Wang, Yuan-jie Si. Minimal role mining method for Web service composition[J]. Front. Inform. Technol. Electron. Eng., 2010, 11(5): 328-339.