×

Efficient attribute-based encryption with attribute revocation for assured data deletion. (English) Zbl 1443.68056

Summary: Cloud storage allows customers to store their data on remote cloud servers. With the advantage of reducing the burden of data management and storage, an increasing number of users prefer to store their data on the cloud. While secure data deletion is a crucial, it is a challenging issue in cloud storage. Logically deleted data may be easily exposed to un-authorized users in the cloud storage scenario thanks to its salient features such as multi-tenancy, virtualization and elasticity. Moreover, cloud servers might not delete customers’ data as instructed for hidden business interest. Hence, assured deletion is highly sought after. It helps preserve cloud users’ data privacy and is a necessary component of data retention regulations in cloud storage. In this paper, we first investigate the goals of assured data deletion and formalize its security model. Then, we propose a key-policy attribute-based encryption scheme for assured deletion (AD-KP-ABE) of cloud data. Our construction makes use of the attribute revocation cryptographic primitive and Merkle Hash Tree to achieve fine-grained access control and verifiable data deletion. The proposed AD-KP-ABE enjoys desirable properties such as no secret key update, partial ciphertext update and assured data deletion. The detailed security proof and implementation results demonstrate the security and practicality of our proposal.

MSC:

68P25 Data encryption (aspects in computer science)
68M11 Internet topics
68P20 Information storage and retrieval of data
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Ali, M.; Khan, S. U.; Vasilakos, A. V., Security in cloud computing: opportunities and challenges, Inf. Sci., 305, 357-383 (2015)
[2] Ateniese, G.; Bonacina, I.; Faonio, A., Proofs of space: when space is of the essence, International Conference on Security and Cryptography for Networks, 538-557 (2014), Springer: Springer Cham · Zbl 1378.94019
[3] Bethencourt, J.; Sahai, A.; Waters, B., Ciphertext-policy attribute-based encryption, Security and Privacy, 2007, SP’07, IEEE Symposium on, 321-334 (2007), IEEE
[4] Boneh, D.; Boyen, X., Efficient selective-ID secure identity-based encryption without random oracles, International Conference on the Theory and Applications of Cryptographic Techniques, 223-238 (2004), Springer: Springer Berlin, Heidelberg · Zbl 1122.94355
[5] Boneh, D.; Franklin, M., Identity-based encryption from the weil pairing, Advances in Cryptology, CRYPTO 2001, 213-229 (2001), Springer: Springer Berlin/Heidelberg · Zbl 1002.94023
[6] Du, X.; Xiao, Y.; Guizani, M.; Chen, H. H., An effective key management scheme for heterogeneous sensor networks?, Ad Hoc Networks, Elsevier, 5, 1, 24-34 (2007)
[7] Du, X.; Guizani, M.; Xiao, Y.; Chen, H. H., A routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks, IEEE Trans. Wireless Commun., 8, 3, 1223-1229 (2009)
[8] Friedman, A. A.; West, D. M., Privacy and security in cloud computing, Center for Technology Innovation at Brookings (2010)
[9] Geambasu, R.; Kohno, T.; Levy, A. A., Vanish: Increasing data privacy with self-destructing data, USENIX Security Symposium, 299-316 (2009)
[10] Goyal, V.; Pandey, O.; Sahai, A., Attribute-based encryption for fine-grained access control of encrypted data, Proceedings of the 13th ACM conference on Computer and communications security, 89-98 (2006), Acm
[11] Juels, A.; Jr., B. S.K., PORs: proofs of retrievability for large files, Proceedings of the 14th ACM conference on Computer and communications security, 584-597 (2007), Acm
[12] Karvelas, N. P.; Kiayias, A., Efficient proofs of secure erasure, International Conference on Security and Cryptography for Networks, 520-537 (2014), Springer, Cham · Zbl 1378.94051
[13] Li, Y.; Gai, K.; Qiu, L., Intelligent cryptography approach for secure distributed big data storage in cloud computing, Inf. Sci., 387, 103-115 (2017) · Zbl 1429.68017
[14] Li, Y.; Yu, Y.; Min, G., Fuzzy identity-based data integrity auditing for reliable cloud storage systems, IEEE Trans. Dependable Secure Comput. (2016)
[15] Merkle, R. C., Protocols for public key cryptosystems, IEEE Symposium on Security and Privacy, 122 (1980), IEEE Computer Society
[16] Mo, Z.; Xiao, Q.; Zhou, Y., On deletion of outsourced data in cloud computing, Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, 344-351 (2014), IEEE
[17] Perlman, R., File system design with assured delete, Security in Storage Workshop, 2005. SISW’05. Third IEEE International, volume 6, 88 (2005), IEEE
[18] Ramokapane, K. M.; Rashid, A.; Such, J. M., Assured deletion in the cloud: requirements, challenges and future directions, Proceedings of the 2016 ACM on Cloud Computing Security Workshop, 97-108 (2016), ACM
[19] Reardon, J.; Basin, D. A.; Capkun, S., Secure Data Deletion (2016), Springer
[20] Reardon, J.; Ritzdorf, H.; Basin, D., Secure data deletion from persistent media, Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security, 271-284 (2013), ACM
[21] Rosenbaum, J. M., In defense of the delete key, Green Bag, 3, 4, 393-396 (2000)
[22] Sahai, A.; Waters, B., Fuzzy identity-based encryption, Advances in Cryptology C EUROCRYPT 2005, 457-473 (2005), Springer: Springer Berlin Heidelberg · Zbl 1137.94355
[23] Shacham, H.; Waters, B., Compact proofs of retrievability, Asiacrypt, LNCS 5350, 90-107 (2008) · Zbl 1206.68110
[24] Sookhak, M.; Gani, A.; Khan, M. K., Dynamic remote data auditing for securing big data storage in cloud computing, Inf. Sci., 380, 101-116 (2017)
[25] Tang, Y.; Lee, P. P.C.; Lui, J. C.S., FADE: secure overlay cloud storage with file assured deletion, Security and Privacy in Communication Networks, 380-397 (2010)
[26] Watson, G. J.; Safavi-Naini, R.; Alimomeni, M., Lost: location based storage, Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, 59-70 (2012), ACM
[27] Xiao, Y.; Rayi, V.; Sun, B., A survey of key management schemes in wireless sensor networks, J. Comput. Commun., 30, 11-12, 2314-2341 (2007)
[28] Yu, Y.; Au, M. H.; Ateniese, G., Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage, IEEE Trans. Inf. Forensics Secur., 12, 4, 767-778 (2017)
[29] Yu, Y.; Li, Y.; Ni, J.; Yang, G., Comments on public integrity auditing for dynamic data sharing with multiuser modification, IEEE Trans. Inf. Forensics Secur., 3, 658-659 (2016)
[30] Zhang, O. Q.; Ko, R. K.L.; Kirchberg, M., How to track your data: rule-based data provenance tracing algorithms, Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, 1429-1437 (2012), IEEE
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.