Multi-authority scheme based CP-ABE with attribute revocation for cloud data storage

Ramesh, Dharavath; Priya, Rashmi

doi:10.1109/microcom.2016.7522518

Cited by 13 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, a masquerade attack may occur when a user has left in the Sekhar scheme [4], and in the Zhu scheme [5] attackers can access data using other users' attributes. The Xu scheme [6], Yang scheme [7], and Ramesh scheme [8] apply attribute retraction upon user withdrawal. However, the Xu scheme and Yang scheme are inefficient because when users withdraw, they update both the key of other users participating in the cloud and the ciphertext stored in the cloud.…”

Section: Previously Proposed Cp-abe Schemesmentioning

confidence: 99%

“…but some schemes are vulnerable to a variety of security threats or are inefficient. Especially from a security point of view, the CP-ABE scheme should not be accessible after unsubscribing because the user's attributes are completely removed when the user leaves the existing cloud environment [4][5][6][7][8][9][10][11][12]. A user who has left creates a problem if he / she can access the cloud environment with their existing attributes and the secret key they had.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CP-ABE Access Control that Block Access of Withdrawn Users in Dynamic Cloud

2020

KSII TIIS

View full text Add to dashboard Cite

Recently, data can be safely shared or stored using the infrastructure of cloud computing in various fields. However, issues such as data security and privacy affect cloud environments. Thus, a variety of security technologies are required, one of them is security technology using CP-ABE. Research into the CP-ABE scheme is currently ongoing, but the existing CP-ABE schemes can pose security threats and are inefficient. In terms of security, the CP-ABE approach should be secure against user collusion attacks and masquerade attacks. In addition, in a dynamic cloud environment where users are frequently added or removed, they must eliminate user access when they leave, and so users will not be able to access the cloud after removal. A user who has left should not be able to access the cloud with the existing attributes, secret key that had been granted. In addition, the existing CP-ABE scheme increases the size of the ciphertext according to the number of attributes specified by the data owner. This leads to inefficient use of cloud storage space and increases the amount of operations carried out by the user, which becomes excessive when the number of attributes is large. In this paper, CP-ABE access control is proposed to block access of withdrawn users in dynamic cloud environments. This proposed scheme focuses on the revocation of the attributes of the withdrawn users and the output of a ciphertext of a constant-size, and improves the efficiency of the user decryption operation through outsourcing.

show abstract

Section: Previously Proposed Cp-abe Schemesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

CP-ABE Access Control that Block Access of Withdrawn Users in Dynamic Cloud

2020

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…Chase [13] proposes a multiauthority ABE scheme, which transfers the generation of private keys to multiple authorities to complete together. Ramesh and Priya [14], Fan et al [15] propose a multiauthority CP-ABE scheme, in which every attribute authority should register itself to the KA, the KA then assigns a unique global authority identity AID to each legitimate attribute authority. After that, the attribute authority uses its AID to generate the attribute key for users.…”

Section: A Key Authoritymentioning

confidence: 99%

Security and Efficiency Enhanced Revocable Access Control for Fog-Based Smart Grid System

Wen

Chen

et al. 2019

IEEE Access

View full text Add to dashboard Cite

With the popularity of smart grids, plentiful of smart devices have been put into use, such as smart meters and power assets. Due to limited computation capabilities and storage spaces of these devices, the collected data need to be ''outsourced'' towards the data server for processing and storage. The data owners, therefore, lose direct control over these ''outsourced'' data, leading to significant security issues of the users' data. In this paper, aiming at solving this problem, we propose a multi-authority Ciphertext Policy Attribute-based Encryption (CP-ABE) scheme with revocation for the fog-based smart grid system. Specifically, in order to achieve attribute revocation without requiring users to be always online, we use the DH (Diffie-Hellman) tree to distribute the group key statelessly, which also solves the problem of collusion attack initiated by revoked user and valid user. To improve security of our proposed scheme, we remove the trusted key authority (KA) by using a secure two-party computation (2PC) protocol between the KA and the cloud service provider to generate user private key. To improve efficiency of our proposed scheme, we combine user and attribute revocation, and outsource complex calculations to fog nodes. Furthermore, our proposed scheme uses attribute group key and leaf private key together to protect user proxy key, which reduces the storage overhead of the system and improves the security. Both security analysis and experimental results demonstrate that our proposed scheme can balance the security objectives with the efficiency.

show abstract

“…The outsourcing of authorization services to the cloud has been traditionally considered as a successful workaround to alleviate the computational burden incurred by standalone systems. For instance, [13] proposes a distributed architecture where IoT data are outsourced to cloud components and attribute-based authorization functionalities are handled by the cloud as well. However, authentication and authorization functionalities are handled at the same time, and the access is granted only if the entity is online.…”

Section: Security Issues and Literature Reviewmentioning

confidence: 99%

On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems

Sciancalepore

Piro

Caldarola

et al. 2018

IEEE Internet Things J.

View full text Add to dashboard Cite

While enabling brand new services and opportunities, the federation of vertical Internet of Things platforms presents new challenges in terms of secure and controlled access to heterogeneous resources, especially when authorization permissions must be regulated by multiple decentralized authorities. The work presented herein designs, develops, and experimentally validates a flexible and effective Attribute-Based Access Control framework, properly devised to operate in a federated and cloudassisted Cyber-Physical System. Our main novelty stems in the original way we turn a policy-based encryption scheme, customarily used for accessing data, into a Cyber-Physical resource access control protocol. The proposed design approach is able to address several security issues characterizing the emerging use cases in this context, including the decoupling between authentication and authorization, fine-grained, offline, and timelimited authorization, protection against collusion attacks, access rights revocation, and user privacy. A security analysis and a performance evaluation executed through experimental tests clearly demonstrate the viability of the proposed approach in realistic cloud-assisted Cyber-Physical Systems, as well as its ability to overcome the lacks affecting competitive approaches without introducing huge communication and computational requirements.

show abstract

Multi-authority scheme based CP-ABE with attribute revocation for cloud data storage

Cited by 13 publications

References 16 publications

CP-ABE Access Control that Block Access of Withdrawn Users in Dynamic Cloud

CP-ABE Access Control that Block Access of Withdrawn Users in Dynamic Cloud

Security and Efficiency Enhanced Revocable Access Control for Fog-Based Smart Grid System

On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems

Contact Info

Product

Resources

About