Revocable Attribute-Based Encryption With Data Integrity in Clouds

Cloud computing enables enterprises and individuals to outsource and share their data. This way, cloud computing eliminates the heavy workload of local information infrastructure. Attribute-based encryption has become a promising solution for encrypted data access control in clouds due to the abilit...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing Vol. 19; no. 5; pp. 2864 - 2872
Main Authors: Ge, Chunpeng, Susilo, Willy, Baek, Joonsang, Liu, Zhe, Xia, Jinyue, Fang, Liming
Format: Journal Article
Language:English
Published: Washington IEEE 01.09.2022
IEEE Computer Society
Subjects:
Access control
Algorithms
Attribute-based encryption
Cloud computing
Cryptography
Cybersecurity
Data encryption
Data integrity
Data retrieval
Encryption
Finance
Integrity
Performance evaluation
revocable
Servers
Systems architecture
ISSN:1545-5971, 1941-0018
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cloud computing enables enterprises and individuals to outsource and share their data. This way, cloud computing eliminates the heavy workload of local information infrastructure. Attribute-based encryption has become a promising solution for encrypted data access control in clouds due to the ability to achieve one-to-many encrypted data sharing. Revocation is a critical requirement for encrypted data access control systems. After outsourcing the encrypted attribute-based ciphertext to the cloud, the data owner may want to revoke some recipients that were authorized previously, which means that the outsourced attribute-based ciphertext needs to be updated to a new one that is under the revoked policy. The integrity issue arises when the revocation is executed. When a new ciphertext with the revoked access policy is generated by the cloud server, the data recipient cannot be sure that the newly generated ciphertext guarantees to be decrypted to the same plaintext as the originally encrypted data, since the cloud server is provided by a third party, which is not fully trusted. In this article, we consider a new security requirement for the revocable attribute-based encryption schemes: integrity. We introduce a formal definition and security model for the revocable attribute-based encryption with data integrity protection (RABE-DI). Then, we propose a concrete RABE-DI scheme and prove its confidentiality and integrity under the defined security model. Finally, we present an implementation result and provide performance evaluation which shows that our scheme is efficient and practical.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2021.3065999