Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage

Author

Xu, Zhiqian ; Martin, Keith M.

Author_Institution

Inf. Security Group, R. Holloway, Univ. of London, London, UK

fYear

2012

fDate

25-27 June 2012

Firstpage

844

Lastpage

849

Abstract

Cloud storage provides the potential for on-demand massive data storage, but its highly dynamic and heterogeneous environment presents significant data protection challenges. Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control. However, important issues such as efficient user revocation and key refreshing are not straightforward, which constrains the adoption of CP-ABE in cloud storage systems. In this paper we propose a dynamic user revocation and key refreshing model for CP-ABE schemes. A key feature of our model is its generic possibility in general CP-ABE schemes to refresh the system keys or remove the access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. Our model is efficient and suitable for application in cloud storage environments. As an example, we use BSW´s CP-ABE scheme to show the adaptation of our model to a CP-ABE scheme.

Keywords

authorisation; cloud computing; cryptography; storage management; virtualisation; BSW CP-ABE scheme; ciphertext-policy attribute-based encryption; cloud computing technology; cloud storage systems; data protection challenges; dynamic user revocation; fine-grained access control; key refreshing; ondemand massive data storage; storage virtualization; Adaptation models; Cloud computing; Data models; Encryption; Permission; CP-ABE; cloud storage; key refreshing; user revocation;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on

Conference_Location

Liverpool

Print_ISBN

978-1-4673-2172-3

Type

conf

DOI

10.1109/TrustCom.2012.136

Filename

6296058