By Topic

A secure and efficient revocation scheme for fine-grained access control in cloud storage

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Zhiquan Lv ; Institute of Software Chinese Academy of Sciences Beijing, China ; Cheng Hong ; Min Zhang ; Dengguo Feng

To keep data confidential against unauthorized cloud servers and users, cryptographic access control mechanisms must be adopted. However, user revocation is a challenging issue since it would inevitably require data re-encryption, and may need user secret key updates. Considering the complexity of fine-grained access control policy and the large number of users in cloud, this issue would become extremely difficult to resolve. In this paper, we focus on this challenging open issue and present a secure and efficient revocation scheme. We propose a modified CP-ABE algorithm to set up a fine-grained access control method, in which user revocation is achieved based on the theory of Shamir's Secret Sharing. Compared with existing schemes, our scheme introduces a minimal overhead not only to the data owner but also to cloud servers. Collusions between cloud servers and revoked users can be avoided as long as the key-update protocol is honestly executed. Meanwhile, the data owner can delegate key updates to the cloud servers without disclosing data contents, user attributes, and the access policy information. Moreover, our scheme maintains the important feature that the revocation won't affect the users whose attribute set is a superset of the revoked user's.

Published in:

Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on

Date of Conference:

3-6 Dec. 2012