Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

Download Full-text

Fine-Grained Access Control with Efficient Revocation in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.79 ◽

2014 ◽

Vol 571-572 ◽

pp. 79-89

Author(s):

Ting Zhong ◽

You Peng Sun ◽

Qiao Liu

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Fine Grained ◽

Computational Overhead ◽

Attribute Based Encryption ◽

Encrypt Data ◽

User Revocation ◽

Ciphertext Policy ◽

Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

Download Full-text

Efficient Ciphertext Policy Attribute Based Encryption (ECP-ABE) for Data Deduplication in Cloud Storage

Communications in Computer and Information Science - Security in Computing and Communications ◽

10.1007/978-981-15-4825-3_26 ◽

2020 ◽

pp. 322-334

Author(s):

Abhishek Kumar ◽

P. Syam Kumar

Keyword(s):

Cloud Storage ◽

Data Deduplication ◽

Attribute Based Encryption ◽

Ciphertext Policy

Download Full-text

Insecurity of Cheng et al.'s Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptographic Cloud Storage

2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA/IUCC) ◽

10.1109/ispa/iucc.2017.00210 ◽

2017 ◽

Author(s):

Changji Wang ◽

Jiayuan Wu ◽

Yuan Yuan ◽

Jing Liu

Keyword(s):

Cloud Storage ◽

Attribute Based Encryption ◽

Ciphertext Policy

Download Full-text

Accountable CP-ABE with Public Verifiability: How to Effectively Protect the Outsourced Data in Cloud

International Journal of Foundations of Computer Science ◽

10.1142/s0129054117400147 ◽

2017 ◽

Vol 28 (06) ◽

pp. 705-723

Author(s):

Gang Yu ◽

Xiaoxiao Ma ◽

Zhenfu Cao ◽

Guang Zeng ◽

Wenbao Han

Keyword(s):

Cloud Storage ◽

Third Party ◽

Access Structures ◽

Public Verifiability ◽

Attribute Based Encryption ◽

Outsourced Data ◽

Identity Based ◽

Commercial Applications ◽

Ciphertext Policy ◽

Cloud Storage Services

Ciphertext-policy attribute-based encryption, denoted by CP-ABE, extends identity based encryption by taking a set of attributes as users’ public key which enables scalable access control over outsourced data in cloud storage services. However, a decryption key corresponding to an attribute set may be owned by multiple users. Then, malicious users are subjectively willing to share their decryption keys for profits. In addition, the authority who issues decryption keys in CP-ABE system is able to generate arbitrary decryption key for any (including unauthorized) user. Key abuses of both malicious users and the authority have been regarded as one of the major obstacles to deploy CP-ABE system in real-world commercial applications. In this paper, we try to solve these two kinds of key abuses in CP-ABE system, and propose two accountable CP-ABE schemes supporting any LSSS realizable access structures. Two proposed accountable CP-ABE schemes allow any third party (with the help of authorities if necessary) to publicly verify the identity of an exposed decryption key, allow an auditor to publicly audit whether a malicious user or authorities should be responsible for an exposed decryption key, and the key abuser can’t deny it. At last, we prove the two schemes can achieve publicly verifiable traceability and accountability.

Download Full-text