Achieving fine-grained access control with discretionary user revocation over cloud data

Qiuxiang Dong; Dijiang Huang; Jim Luo; Myong Kang

doi:10.1109/CNS.2018.8433128

Achieving fine-grained access control with discretionary user revocation over cloud data

Qiuxiang Dong, Dijiang Huang, Jim Luo, Myong Kang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.

Original language	English (US)
Title of host publication	2018 IEEE Conference on Communications and Network Security, CNS 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Print)	9781538645864
DOIs	https://doi.org/10.1109/CNS.2018.8433128
State	Published - Aug 10 2018
Event	6th IEEE Conference on Communications and Network Security, CNS 2018 - Beijing, China Duration: May 30 2018 → Jun 1 2018

Other

Other	6th IEEE Conference on Communications and Network Security, CNS 2018
Country	China
City	Beijing
Period	5/30/18 → 6/1/18

Keywords

Access Control
Cloud Storage
CP-ABE
Directory
Discretionary Revocation
Encryption
IAM

ASJC Scopus subject areas

Computer Networks and Communications
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CNS.2018.8433128

Fingerprint Dive into the research topics of 'Achieving fine-grained access control with discretionary user revocation over cloud data'. Together they form a unique fingerprint.

Cite this

Achieving fine-grained access control with discretionary user revocation over cloud data. / Dong, Qiuxiang; Huang, Dijiang; Luo, Jim; Kang, Myong.

2018 IEEE Conference on Communications and Network Security, CNS 2018. Institute of Electrical and Electronics Engineers Inc., 2018. 8433128.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Dong, Q, Huang, D, Luo, J & Kang, M 2018, Achieving fine-grained access control with discretionary user revocation over cloud data. in 2018 IEEE Conference on Communications and Network Security, CNS 2018., 8433128, Institute of Electrical and Electronics Engineers Inc., 6th IEEE Conference on Communications and Network Security, CNS 2018, Beijing, China, 5/30/18. https://doi.org/10.1109/CNS.2018.8433128

@inproceedings{3823f0ea15274b2a8dbb98fac4e8c2b6,

title = "Achieving fine-grained access control with discretionary user revocation over cloud data",

abstract = "Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.",

keywords = "Access Control, Cloud Storage, CP-ABE, Directory, Discretionary Revocation, Encryption, IAM",

author = "Qiuxiang Dong and Dijiang Huang and Jim Luo and Myong Kang",

year = "2018",

month = aug,

day = "10",

doi = "10.1109/CNS.2018.8433128",

language = "English (US)",

isbn = "9781538645864",

booktitle = "2018 IEEE Conference on Communications and Network Security, CNS 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "6th IEEE Conference on Communications and Network Security, CNS 2018 ; Conference date: 30-05-2018 Through 01-06-2018",

}

TY - GEN

T1 - Achieving fine-grained access control with discretionary user revocation over cloud data

AU - Dong, Qiuxiang

AU - Huang, Dijiang

AU - Luo, Jim

AU - Kang, Myong

PY - 2018/8/10

Y1 - 2018/8/10

N2 - Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.

AB - Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.

KW - Access Control

KW - Cloud Storage

KW - CP-ABE

KW - Directory

KW - Discretionary Revocation

KW - Encryption

KW - IAM

UR - http://www.scopus.com/inward/record.url?scp=85052593148&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85052593148&partnerID=8YFLogxK

U2 - 10.1109/CNS.2018.8433128

DO - 10.1109/CNS.2018.8433128

M3 - Conference contribution

AN - SCOPUS:85052593148

SN - 9781538645864

BT - 2018 IEEE Conference on Communications and Network Security, CNS 2018

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 6th IEEE Conference on Communications and Network Security, CNS 2018

Y2 - 30 May 2018 through 1 June 2018

ER -