TY - GEN
T1 - Decentralized attribute-based encryption scheme with scalable revocation for sharing data in public cloud servers
AU - Binbusayyis, Adel
AU - Zhang, Ning
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/11/24
Y1 - 2015/11/24
N2 - With the rapid development of cloud computing, it is attractive for enterprise companies to outsource their data files for sharing in cloud servers, as cloud computing can offer desirable characteristics, such as on-demand self-service, broad network access, and rapid elasticity. However, by uploading data files onto cloud servers, data owners (i.e. the companies) will lose control over their own data. This makes it essential to use Attribute-based encryption (ABE) because it can help to protect the data confidentiality by uploading data files in encrypted form. In addition, it can help to facilitate granting access to data by allowing only authorized users to decrypt the encrypted data files based on a set of attributes. However, this ABE approach includes three key issues. The first one is the complexity of user secret key management for large-scale cloud environments. The second is the complexity of revoking the users access rights. The third is the computational complexity involved in assigning user rights, encrypting and accessing data files. This paper addresses these three issues by proposing a decentralized ciphertext-policy ABE scheme (CP-DABE) for a large-scale cooperative cloud environment. The scheme reduces the complexity of user secret key management by providing a secure attribute delegation services between a master authority and a number of multiple attribute authorities. The scheme also reduces the complexity of revocation process by using Proxy Re-encryption technique to revoke any users access right. In addition, by comparing with most relative work, the scheme reduces the computational requirements for assigning user rights, encrypting and accessing data files. The scheme can support any LSSS access structure. In this paper, the cryptographic construction of the CP-DABE scheme is presented, and its efficiency is analyzed and compared with most relative work. The security of the CP-DABE scheme is discussed and selectively proved against chosen-plaintext attacks under the decisional Bilinear Diffie-Hellman Exponent assumption. Finally, ideas to extend the CP-DABE scheme are discussed.
AB - With the rapid development of cloud computing, it is attractive for enterprise companies to outsource their data files for sharing in cloud servers, as cloud computing can offer desirable characteristics, such as on-demand self-service, broad network access, and rapid elasticity. However, by uploading data files onto cloud servers, data owners (i.e. the companies) will lose control over their own data. This makes it essential to use Attribute-based encryption (ABE) because it can help to protect the data confidentiality by uploading data files in encrypted form. In addition, it can help to facilitate granting access to data by allowing only authorized users to decrypt the encrypted data files based on a set of attributes. However, this ABE approach includes three key issues. The first one is the complexity of user secret key management for large-scale cloud environments. The second is the complexity of revoking the users access rights. The third is the computational complexity involved in assigning user rights, encrypting and accessing data files. This paper addresses these three issues by proposing a decentralized ciphertext-policy ABE scheme (CP-DABE) for a large-scale cooperative cloud environment. The scheme reduces the complexity of user secret key management by providing a secure attribute delegation services between a master authority and a number of multiple attribute authorities. The scheme also reduces the complexity of revocation process by using Proxy Re-encryption technique to revoke any users access right. In addition, by comparing with most relative work, the scheme reduces the computational requirements for assigning user rights, encrypting and accessing data files. The scheme can support any LSSS access structure. In this paper, the cryptographic construction of the CP-DABE scheme is presented, and its efficiency is analyzed and compared with most relative work. The security of the CP-DABE scheme is discussed and selectively proved against chosen-plaintext attacks under the decisional Bilinear Diffie-Hellman Exponent assumption. Finally, ideas to extend the CP-DABE scheme are discussed.
KW - Access Control
KW - Attribute Based Encryption
KW - Cloud Computing
KW - Public Key Cryptography
UR - http://www.scopus.com/inward/record.url?scp=84962789119&partnerID=8YFLogxK
U2 - 10.1109/CloudTech.2015.7336985
DO - 10.1109/CloudTech.2015.7336985
M3 - Conference contribution
AN - SCOPUS:84962789119
T3 - Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015
BT - Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015
A2 - Essaaidi, Mohamed
A2 - Zbakh, Mostapha
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th International Conference on Cloud Computing Technologies and Applications, CloudTech 2015
Y2 - 2 June 2015 through 4 June 2015
ER -