The Community for Technology Leaders
RSS Icon
Issue No.07 - July (2011 vol.22)
pp: 1214-1221
Junbeom Hur , University of Illinois at Urbana-Champaign, Urbana
Dong Kun Noh , Pai Chai University, Daejeon
Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.
Data outsourcing, ciphertext policy, attribute-based encryption, revocation, access control.
Junbeom Hur, Dong Kun Noh, "Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 7, pp. 1214-1221, July 2011, doi:10.1109/TPDS.2010.203
[1] J. Anderson, "Computer Security Planning Study," Air Force Electronic System Division, Technical Report 73-51, 1972.
[2] S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "A Data Outsourcing Architecture Combining Cryptography and Access Control," Proc. ACM Workshop Computer Security Architecture (CSAW '07), Nov. 2007.
[3] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, "Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application," Proc. Int'l Workshop Information Security Applications (WISA '09), pp. 309-323, 2009.
[4] R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin, "Persona: An Online Social Network with User-Defined Privacy," Proc. ACM SIGCOMM '09, Aug. 2009.
[5] A. Sahai and B. Waters, "Fuzzy Identity-Based Encryption," Proc. Eurocrypt '05, pp. 457-473, 2005.
[6] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," Proc. ACM Conf. Computer and Comm. Security, pp. 89-98, 2006.
[7] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," Proc. IEEE Symp. Security and Privacy, pp. 321-334, 2007.
[8] R. Ostrovsky, A. Sahai, and B. Waters, "Attribute-Based Encryption with Non-Monotonic Access Structures," Proc. ACM Conf. Computer and Comm. Security, pp. 195-203, 2007.
[9] A. Boldyreva, V. Goyal, and V. Kumar, "Identity-Based Encryption with Efficient Revocation," Proc. ACM Conf. Computer and Comm. Security, pp. 417-426, 2008.
[10] N. Attrapadung and H. Imai, "Conjunctive Broadcast and Attribute-Based Encryption," Pairing '09: Proc. Int'l Conf. Palo Alto on Pairing-Based Cryptography, pp. 248-265, 2009.
[11] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, "Secure Attribute-Based Systems," Proc. ACM Conf. Computer and Comm. Security, 2006.
[12] S. Rafaeli and D. Hutchison, "A Survey of Key Management for Secure Group Communication," ACM Computing Surveys, vol. 35, no 3, pp. 309-329, 2003.
[13] D. Naor, M. Naor, and J. Lotspiech, "Revocation and Tracing Schemes for Stateless Receivers," CRYPTO '01: Proc. Int'l Cryptology Conf. Advances in Cryptology, pp. 41-62, 2001.
[14] P. Golle, J. Staddon, M. Gagne, and P. Rasmussen, "A Content-Driven Access Control System," Proc. Symp. Identity and Trust on the Internet, pp. 26-35, 2008.
[15] S. Yu, C. Wang, K. Ren, and W. Lou, "Attribute Based Data Sharing with Attribute Revocation," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS '10), 2010.
[16] X. Liang, R. Lu, X. Lin, and X. Shen, "Ciphertext Policy Attribute Based Encryption with Efficient Revocation," technical report, Univ. of Waterloo, abe%20with%20revocation.pdf, 2011.
[17] S.D.C. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "Over-Encryption: Management of Access Control Evolution on Outsourced Data," Proc. Int'l Conf. Very Large Data Bases (VLDB '07), 2007.
535 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool