Abstract: Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.

云存储中基于属性加密的通用型用户撤销系统

[1]Attrapadung N, Libert B, de Panafieu E, 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. LNCS, 6571:90-108.

[2]Attrapadung N, Herranz J, Laguillaumie F, et al., 2012. Attribute-based encryption schemes with constant-size ciphertexts. Theor Comput Sci, 422(9):15-38.

[3]Au MH, Tsang PP, Susilo W, et al., 2009. Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. LNCS, 5473:295-308.

[4]Benaloh J, de Mare M, 1993. One-way accumulators: a decentralized alternative to digital signatures. LNCS, 765:274-285.

[5]Bethencourt J, Sahai A, Waters B, 2007. Ciphertext-policy attribute-based encryption. Proc IEEE Symp on Security and Privacy, p.321-334.

[6]Boneh D, Franklin M, 2003. Identity-based encryption from the Weil pairing. SIAM J Comput, 32(3):586-615.

[7]Brickell E, Camenisch J, Chen LQ, 2004. Direct anonymous attestation. Proc 11^th ACM Conf on Computer and Communications Security, p.132-145.

[8]Camenisch J, Lysyanskaya A, 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. LNCS, 2442:61-76.

[9]Canetti R, Halevi S, Katz J, 2004. Chosen-ciphertext security from identity-based encryption. LNCS, 3027:207-222.

[10]Carroll M, van der Merwe A, Kotzé P, 2011. Secure cloud computing: benefits, risks and controls. Information Security South Africa, p.1-9.

[11]Chase M, 2007. Multi-authority attribute based encryption. Proc 4^th Conf on Theory of Cryptography, p.515-534.

[12]Chase M, Chow SS, 2009. Improving privacy and security in multi-authority attribute-based encryption. Proc 16^th ACM Conf on Computer and Communications Security, p.121-130.

[13]Chen C, Zhang ZF, Feng DG, 2011. Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost. LNCS, 6980:84-101.

[14]Chen C, Chen J, Lim HW, et al., 2013. Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. LNCS, 7779:50-67.

[15]Cheung L, Newport C, 2007. Provably secure ciphertext policy ABE. Proc 14^th ACM Conf on Computer and Communications Security, p.456-465.

[16]Chow R, Golle P, Jakobsson M, et al., 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. Proc ACM Cloud Computing Security Workshop, p.85-90.

[17]Emura K, Miyaji A, Nomura A, et al., 2009. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. LNCS, 5451:13-23.

[18]Gibson J, Rondeau R, Eveleig D, et al., 2012. Benefits and challenges of three cloud computing service models. 4^th Int Conf on Computational Aspects of Social Networks, p.198-205.

[19]Goyal V, Pandey O, Sahai A, et al., 2006. Attribute-based encryption for fine-grained access control of encrypted data. Proc 13^th ACM Conf on Computer and Communications Security, p.89-98.

[20]Goyal V, Jain A, Pandey O, et al., 2008. Bounded ciphertext policy attribute based encryption. LNCS, 5126:579-591.

[21]Han JG, Susilo W, Mu Y, et al., 2012. Privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Parall Distrib Syst, 23(11):2150-2162.

[22]Hayes B, 2008. Cloud computing. Commun ACM, 51(7):9-11.

[23]Herranz J, Laguillaumie F, R‘afols C, 2010. Constant size ciphertexts in threshold attribute-based encryption. LNCS, 6056:19-34.

[24]Hur J, Noh DK, 2011. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parall Distrib Syst, 22(7):1214-1221.

[25]Ibraimi L, Tang Q, Hartel P, et al., 2009. Efficient and provable secure ciphertext-policy attribute-based encryption schemes. LNCS, 5451:1-12.

[26]Jahid S, Mittal P, Borisov N, 2011. Easier: encryption-based access control in social networks with efficient revocation. Proc 6^th ACM Symp on Information, Computer and Communications Security, p.411-415.

[27]Junod P, Karlov A, 2010. An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies. Proc 10^th Annual ACM Workshop on Digital Rights Management, p.13-24.

[28]Karchmer M, Wigderson A, 1993. On span programs. Proc 8^th Annual Structure in Complexity Theory Conf, p.102-111.

[29]Lewko A, Waters B, 2011. Decentralizing attribute-based encryption. LNCS, 6632:568-588.

[30]Lewko A, Sahai A, Waters B, 2010a. Revocation systems with very small private keys. IEEE Symp on Security and Privacy, p.273-285.

[31]Lewko A, Okamoto T, Sahai A, et al., 2010b. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. LNCS, 6110:linebreak 62-91.

[32]Li J, Huang Q, Chen XF, et al., 2011. Multi-authority ciphertext-policy attribute-based encryption with accountability. Proc ACM Symp on Information, Computer and Communications Security, p.386-390.

[33]Lin H, Cao ZF, Liang XH, et al., 2008. Secure threshold multi authority attribute based encryption without a central authority. LNCS, 5365:426-436.

[34]Miller HG, Veiga J, 2009. Cloud computing: will commodity services benefit users long term? IT Prof, 11(6):57-59.

[35]Nguyen L, 2005. Accumulators from bilinear pairings and applications. LNCS, 3376:275-292.

[36]Okamoto T, Takashima K, 2010. Fully secure functional encryption with general relations from the decisional linear assumption. LNCS, 6223:191-208.

[37]Ostrovsky R, Sahai A, Waters B, 2007. Attribute-based encryption with non-monotonic access structures. Proc 14^th ACM Conf on Computer and Communications Security, p.195-203.

[38]Parno B, Raykova M, Vaikuntanathan V, 2012. How to delegate and verify in public: verifiable computation from attribute-based encryption. LNCS, 7194:422-439.

[39]Pirretti M, Traynor P, McDaniel P, et al., 2006. Secure attribute-based systems. Proc 13^th ACM Conf on Computer and Communications Security, p.99-112.

[40]Ren K, Wang C, Wang Q, 2012. Security challenges for the public cloud. IEEE Int Comput, 16(1):69-73.

[41]Sahai A, Waters B, 2005. Fuzzy identity-based encryption. LNCS, 3494:457-473.

[42]Sahai A, Seyalioglu H, Waters B, 2012. Dynamic credentials and ciphertext delegation for attribute-based encryption. LNCS, 7417:199-217.

[43]Shamir A, 1979. How to share a secret. Commun ACM, 22(11):612-613.

[44]Wang C, Wang Q, Ren K, et al., 2009. Ensuring data storage security in cloud computing. 17^th Int Workshop on Quality of Service, p.1-9.

[45]Wang GJ, Liu Q, Wu J, et al., 2011. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur, 30(5):320-331.

[46]Wang ZJ, Huang DJ, 2018. Privacy-preserving mobile crowd sensing in ad hoc networks. Ad Hoc Networks, 73:14-26.

[47]Wang ZJ, Huang DJ, Wu HJ, et al., 2014. Towards distributed privacy-preserving mobile access control. IEEE Global Communications Conf, p.582-587.

[48]Wang ZJ, Huang DJ, Zhu Y, et al., 2015. Efficient attribute-based comparable data access control. IEEE Trans Comput, 64(12):3430-3443.

[49]Waters B, 2011. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. LNCS, 6571:53-70.

[50]Weiss A, 2007. Computing in the clouds. NetWorker, 11(4):16-25.

[51]Xu ZQ, Martin KM, 2012. Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. 11^th IEEE Int Conf on Trust, Security and Privacy in Computing and Communications, p.844-849.

[52]Xu ZQ, Martin KM, 2013. A practical deployment framework for use of attribute-based encryption in data protection. IEEE 10^th Int Conf on High Performance Computing and Communications & IEEE Int Conf on Embedded and Ubiquitous Computing, p.1593-1598.

[53]Yang K, Jia XH, Ren K, 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. Proc 8^th ACM SIGSAC Symp on Information, Computer and Communications Security, p.523-528.

[54]Yu SC, Ren K, Lou WJ, 2008. Attribute-based content distribution with hidden policy. 4^th Workshop on Secure Network Protocols, p.39-44.

[55]Yu SC, Wang C, Ren K, et al., 2010. Achieving secure, scalable, and fine-grained data access control in cloud computing. Proc IEEE INFOCOM, p.534-542.