Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

Hur, Junbeom; Noh, Dong Kun

doi:10.1109/tpds.2010.203

Cited by 517 publications

(320 citation statements)

References 8 publications

Supporting

Mentioning

317

Contrasting

Order By: Relevance

“…Recently, several attribute revocable ABE schemes have been announced [2,3,4]. Undoubtedly, these approaches have two main problems, which consists of security degradation in terms of the backward and forward security [1,5]. In the previous schemes, the key authority periodically announce a key update, that will lead to a bottleneck for the key authority.…”

Section: Related Workmentioning

confidence: 99%

“…However, achieving fine-grained user access control failed. Junbeom et al [1] proposed a CP-ABE scheme with fine-grained attribute revocation with the help of the honest-but-curious proxy deployed in the data service provider.…”

Section: Related Workmentioning

confidence: 99%

“…Many schemes [1,3,9] are proposed to cope with attribute-based access control with efficient revocation. The most remarkable is the scheme proposed by J.Hur and D.K.Noh, which realizes attribute-based access control with efficient fine-grained revocation in outsourcing.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation

Xie

Jin

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Attribute-Based Encryption (ABE) is one of the promising cryptographic primitives for fine-grained access control of shared outsourced data in cloud computing. However, before ABE can be deployed in data outsourcing systems, it has to provide efficient enforcement of authorization policies and policy updates. However, in order to tackle this issue, efficient and secure attribute and user revocation should be supported in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation. Besides, an efficient access control mechanism is given based on the CP-ABE construction with an outsourcing computation service provider.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation

Xie

Jin

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Most ABE schemes enforce monotone access policies over encrypted data [6,13,15,17,22,23,29]. An ABE scheme allows a user to encrypt data into ciphertexts according to a policy.…”

Section: Introductionmentioning

confidence: 99%

“…Yu et al [29] proposed a revocable ABE scheme for revoking a user immediately. In contrast, Hur and Noh [17] proposed a revocable ABE scheme with immediate attribute and user revocation capability. Sahai et al [22] proposed the revocable storage ABE scheme that deals with the issue of efficiently preventing a revoked user from decrypting previously encrypted data.…”

Section: Introductionmentioning

confidence: 99%

CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing

Chen

Chu

Tzeng

et al. 2013

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient for successful cloud services is to control data access while considering the specific features of cloud services. The specific features include great quantity of outsourced data, large number of users, honest-but-curious cloud servers, frequently changed user set, dynamic access control policies, and data accessing for light-weight mobile devices. This paper addresses a cryptographic key assignment problem for enforcing a hierarchical access control policy over cloud data. We propose a new hierarchical key assignment scheme CloudHKA that observes the BellLaPadula security model and efficiently deals with the user revocation issue practically. We use CloudHKA to encrypt outsourced data so that the data are secure against honest-butcurious cloud servers. CloudHKA possesses almost all advantages of the related schemes, e.g., each user only needs to store one secret key, supporting dynamic user set and access hierarchy, and provably-secure against collusive attacks. In particular, CloudHKA provides the following distinct features that make it more suitable for controlling access of cloud data.(1) A user only needs a constant computation time for each data accessing. (2) The encrypted data are securely updatable so that the user revocation can prevent a revoked user from decrypting newly and previously encrypted data. Notably, the updates can be outsourced by using public information only. (3) CloudHKA is secure against the legal access attack. The attack is launched by an authorized, but malicious, user who pre-downloads the needed information for decrypting data ciphertexts in his authorization period. The user uses the pre-downloaded information for future decryption even after he is revoked. Note that the pre-downloaded information are often a small portion of encrypted data only, e.g. the headercipher in a hybrid encrypted data ciphertext. (4) Each user can be flexibly authorized the access rights of Write or Read, or both.

show abstract

A fine‐grained access control and revocation scheme on clouds

Niu

2012

Concurrency and Computation

View full text Add to dashboard Cite

Summary In recent years, more and more companies outsource their data to the cloud service provider to greatly reduce the cost. However, it also raises underlying security and privacy issues for the significant corporate data. Therefore, a natural way to keep sensitive data confidential against an untrusted cloud service provider is only to store the encrypted data in the cloud. Flexible encryption schemes can provide a fine grain access control for the encrypted data and ensure legitimate user to decrypt the corresponding data. The key problems of this approach include establishing access control for the encrypted data and revoking the access rights from users when they are no longer authorized to access the encrypted data on cloud servers. This paper aims to solve these problems. First, with the attribute encryption and the dual encryption system, we propose a concrete access control scheme constructed over the composite‐order bilinear groups, and we prove its security under the standard model. Then, we propose a fully fine‐grained revocation scheme under the direct revocation model so as to efficiently revoke access rights from users on cloud servers. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

Cited by 517 publications

References 8 publications

New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation

New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation

CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing

A fine‐grained access control and revocation scheme on clouds

Contact Info

Product

Resources

About