TY - GEN
T1 - Achieving fine-grained access control with discretionary user revocation over cloud data
AU - Dong, Qiuxiang
AU - Huang, Dijiang
AU - Luo, Jim
AU - Kang, Myong
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/8/10
Y1 - 2018/8/10
N2 - Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.
AB - Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.
KW - Access Control
KW - CP-ABE
KW - Cloud Storage
KW - Directory
KW - Discretionary Revocation
KW - Encryption
KW - IAM
UR - http://www.scopus.com/inward/record.url?scp=85052593148&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052593148&partnerID=8YFLogxK
U2 - 10.1109/CNS.2018.8433128
DO - 10.1109/CNS.2018.8433128
M3 - Conference contribution
AN - SCOPUS:85052593148
SN - 9781538645864
T3 - 2018 IEEE Conference on Communications and Network Security, CNS 2018
BT - 2018 IEEE Conference on Communications and Network Security, CNS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th IEEE Conference on Communications and Network Security, CNS 2018
Y2 - 30 May 2018 through 1 June 2018
ER -