[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
article

Time-based proxy re-encryption scheme for secure data sharing in a cloud environment

Published: 01 February 2014 Publication History

Abstract

A fundamental approach for secure data sharing in a cloud environment is to let the data owner encrypt data before outsouring. To simultaneously achieve fine-grained access control on encrypted data and scalable user revocation, existing work combines attribute-based encryption (ABE) and proxy re-encryption (PRE) to delegate the cloud service provider (CSP) to execute re-encryption. However, the data owner should be online in order to send the PRE keys to the CSP in a timely fashion, to prevent the revoked user from accessing the future data. The delay of issuing the PRE keys may cause potential security risks. In this paper, we propose a time-based proxy re-encryption (TimePRE) scheme to allow a user's access right to expire automatically after a predetermined period of time. In this case, the data owner can be offline in the process of user revocations. The basic idea is to incorporate the concept of time into the combination of ABE and PRE. Specifically, each data is associated with an attribute-based access structure and an access time, and each user is identified by a set of attributes and a set of eligible time periods which denote the period of validity of the user's access right. Then, the data owner and the CSP are required to share a root secret key in advance, with which CSP can automatically update the access time of the data with the time that it receives a data access request. Therefore, given the re-encrypted ciphertext, only the users whose attributes satisfy the access structure and whose access rights are effective in the access time can recover corresponding data.

References

[1]
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A. and Stoica, I., A view of cloud computing. Communications of the ACM. v53 i4. 50-58.
[2]
K. Bennett, C. Grothoff, T. Horozov, I. Patrascu, Efficient sharing of encrypted data, in: Proceedings of the Australian Conference on Information Security and Privacy (ACISP), 2002, pp. 107-120.
[3]
J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in: Proceedings of IEEE Symposium on Security and Privacy (SP), 2007, pp. 321-334.
[4]
M. Blaze, G. Bleumer, M. Strauss, Divertible protocols and atomic proxy cryptography, in: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT), 1998, pp. 127-144.
[5]
D. Boneh, M. Franklin, Identity-based encryption from the weil pairing, in: Proceedings of International Cryptology Conference (CRYPTO), 2001, pp. 213-229.
[6]
R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, J. Molina, Controlling data in the cloud: outsourcing computation without outsourcing control, in: Proceedings of the ACM Workshop on Cloud Computing Security (CCS), 2009, pp. 85-90.
[7]
ComPUtING, C., Cloud computing privacy concerns on our doorstep. Communications of the ACM. v54 i1. 36-38.
[8]
G. DeCandia, D. Hastorun, M. Jampani, G. Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, P. Vosshall, W. Vogels, Dynamo: amazon's highly available key-value store, in: Proceedings of the ACM SIGOPS Symposium on Operating Systems Principles (SOSP), 2007, pp. 205-220.
[9]
T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, in: Proceedings of International Cryptology Conference (CRYPTO), 1984, pp. 10-18.
[10]
C. Gentry, A. Silverberg, Hierarchical id-based cryptography, in: Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), 2002, pp. 149-155.
[11]
E.J. Goh, H. Shacham, N. Modadugu, D. Boneh, Sirius: securing remote untrusted storage, in: Proceedings of Network and Distributed Systems Security Symposium (NDSS), 2003, pp. 131-145.
[12]
V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in: Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2006, pp. 89-98.
[13]
M. Green, G. Ateniese, Identity-based proxy re-encryption, in: Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS), 2007, pp. 288-306.
[14]
M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, K. Fu, Plutus: scalable secure file sharing on untrusted storage, in: Proceedings of the USENIX Conference on File and Storage Technologies (FAST), 2003, pp. 29-42.
[15]
S. Kamara, K. Lauter, Cryptographic cloud storage, in: Proceedings of the International Conference on Financial Cryptograpy and Data Security (FC), 2010, pp. 136-149.
[16]
J. Li, Q. Huang, X. Chen, S.S.M. Chow, D.S. Wong, D. Xie, Multi-authority ciphertext-policy attribute-based encryption with accountability, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011, pp. 386-390.
[17]
Q. Liu, C.C. Tan, J. Wu, G. Wang, Reliable re-encryption in unreliable clouds, in: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM), 2011.
[18]
Q. Liu, C.C. Tan, J. Wu, G. Wang, Efficient information retrieval for ranked queries in cost-effective cloud environments, in: Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), 2012.
[19]
S. Müller, S. Katzenbeisser, C. Ecker, Distributed attribute-based encryption, in: Proceedings of Annual International Conference on Information Security and Cryptology (ICISC), 2009, pp. 20-36.
[20]
S. Narayan, M. Gagne, R. Safavi-Naini, Privacy preserving EHR system using attribute-based infrastructure, in: Proceedings of the ACM workshop on Cloud Computing Security (CCS), 2010, pp. 47-52.
[21]
B. Patel, J. Crowcroft, Ticket based service access for the mobile user, in: Proceedings of the ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom), 1997, pp. 223-233.
[22]
Pirretti, M., Traynor, P., McDaniel, P. and Waters, B., Secure attribute-based systems. Journal of Computer Security. v18 i5. 799-837.
[23]
A. Sahai, B. Waters, Fuzzy identity-based encryption, in: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT), 2005, pp. 557-557.
[24]
Stone, B. and Vance, A., Companies Slowly Join Cloudcomputing. 2010. New York Times.
[25]
Subashini, S. and Kavitha, V., A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications. v34 i1. 1-11.
[26]
G. Wang, Q. Liu, J. Wu, Hierarchical attribute-based encryption for fine-grained access control in cloud storage services, in: Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2010, pp. 735-737.
[27]
Wang, G., Liu, Q. and Wu, J., Achieving fine-grained access control for secure data sharing on cloud servers. Concurrency and Computation: Practice and Experience. v23 i12. 1443-1464.
[28]
Wang, G., Liu, Q., Wu, J. and Guo, M., Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Computers & Security. v30 i5. 320-331.
[29]
S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in: Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), 2010, pp. 534-542.
[30]
S. Yu, C. Wang, K. Ren, W. Lou, Attribute based data sharing with attribute revocation, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2010, pp. 261-270.

Cited By

View all
  • (2024)Secure and Flexible Data Sharing With Dual Privacy Protection in Vehicular Digital Twin NetworksIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2024.336834225:9(12407-12420)Online publication date: 6-Mar-2024
  • (2024)Proxy Re-Encryption for Secure Data Sharing with Blockchain in Internet of Medical ThingsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110373245:COnline publication date: 1-May-2024
  • (2024)Mh-abe: multi-authority and hierarchical attribute based encryption scheme for secure electronic health record sharingCluster Computing10.1007/s10586-024-04283-z27:5(6013-6038)Online publication date: 1-Aug-2024
  • Show More Cited By
  1. Time-based proxy re-encryption scheme for secure data sharing in a cloud environment

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image Information Sciences: an International Journal
    Information Sciences: an International Journal  Volume 258, Issue
    February, 2014
    463 pages

    Publisher

    Elsevier Science Inc.

    United States

    Publication History

    Published: 01 February 2014

    Author Tags

    1. Attribute-based encryption
    2. Cloud computing
    3. Proxy re-encryption
    4. Time

    Qualifiers

    • Article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 25 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Secure and Flexible Data Sharing With Dual Privacy Protection in Vehicular Digital Twin NetworksIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2024.336834225:9(12407-12420)Online publication date: 6-Mar-2024
    • (2024)Proxy Re-Encryption for Secure Data Sharing with Blockchain in Internet of Medical ThingsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110373245:COnline publication date: 1-May-2024
    • (2024)Mh-abe: multi-authority and hierarchical attribute based encryption scheme for secure electronic health record sharingCluster Computing10.1007/s10586-024-04283-z27:5(6013-6038)Online publication date: 1-Aug-2024
    • (2024)Attribute‐based encryption scheme for secure data sharing in cloud with fine‐grained revocationSecurity and Privacy10.1002/spy2.3367:1Online publication date: 9-Jan-2024
    • (2023)An efficient and revocable attribute-based data sharing scheme with rich expression and escrow freedomInformation Sciences: an International Journal10.1016/j.ins.2022.12.052624:C(435-450)Online publication date: 1-May-2023
    • (2023)Construction of system friendly attribute based fully distributed access control architecture for e-healthcareMultimedia Tools and Applications10.1007/s11042-023-14836-w82:17(26937-26953)Online publication date: 7-Mar-2023
    • (2022)Security Enhancements for Data-Driven SystemsSecurity and Communication Networks10.1155/2022/13176262022Online publication date: 1-Jan-2022
    • (2022)Time-Enabled and Verifiable Secure Search for Blockchain-Empowered Electronic Health Record Sharing in IoTSecurity and Communication Networks10.1155/2022/11038632022Online publication date: 1-Jan-2022
    • (2022)Toward Data Transmission Security Based on Proxy Broadcast Re-encryption in Edge CollaborationACM Transactions on Sensor Networks10.1145/352951018:3(1-27)Online publication date: 24-Aug-2022
    • (2022)A consumer-centered security framework for sharing health data in social networksJournal of Information Security and Applications10.1016/j.jisa.2022.10330369:COnline publication date: 1-Sep-2022
    • Show More Cited By

    View Options

    View options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media