Time-based proxy re-encryption scheme for secure data sharing in a cloud environment
نویسندگان
چکیده
A fundamental approach for secure data sharing in a cloud environment is to let the data owner encrypt data before outsouring. To simultaneously achieve fine-grained access control on encrypted data and scalable user revocation, existing work combines attribute-based encryption (ABE) and proxy re-encryption (PRE) to delegate the cloud service provider (CSP) to execute re-encryption. However, the data owner should be online in order to send the PRE keys to the CSP in a timely fashion, to prevent the revoked user from accessing the future data. The delay of issuing the PRE keys may cause potential security risks. In this paper, we propose a time-based proxy re-encryption (TimePRE) scheme to allow a user’s access right to expire automatically after a predetermined period of time. In this case, the data owner can be offline in the process of user revocations. The basic idea is to incorporate the concept of time into the combination of ABE and PRE. Specifically, each data is associated with an attribute-based access structure and an access time, and each user is identified by a set of attributes and a set of eligible time periods which denote the period of validity of the user’s access right. Then, the data owner and the CSP are required to share a root secret key in advance, with which CSP can automatically update the access time of the data with the time that it receives a data access request. Therefore, ∗Corresponding Author: Email address: [email protected] (Guojun Wang) URL: http://trust.csu.edu.cn/faculty/~csgjwang (Guojun Wang) Preprint submitted to Elsevier Information Sciences September 18, 2012 given the re-encrypted ciphertext, only the users whose attributes satisfy the access structure and whose access rights are effective in the access time can recover corresponding data.
منابع مشابه
A Key-insulated Proxy Re-encryption Scheme for Data Sharing in a Cloud Environment
Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case th...
متن کاملAn Efficient Secret Sharing-based Storage System for Cloud-based Internet of Things
Internet of things (IoTs) is the newfound information architecture based on the internet that develops interactions between objects and services in a secure and reliable environment. As the availability of many smart devices rises, secure and scalable mass storage systems for aggregate data is required in IoTs applications. In this paper, we propose a new method for storing aggregate data in Io...
متن کاملA ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds
Ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) extends the traditional Proxy ReEncryption (PRE) by allowing a semi-trusted proxy to transform a ciphertext under an access policy to another ciphertext with the same plaintext under a new access policy (i.e., attribute-based re-encryption). The proxy, however, learns nothing about the underlying plaintext. CP-ABPRE has many real ...
متن کاملA Secure Index Management Scheme for Providing Data Sharing in Cloud Storage
Cloud storage is provided as a service in order to keep pace with the increasing use of digital information. It can be used to store data via networks and various devices and is easy to access. Unlike existing removable storage, many users can use cloud storage because it has no storage capacity limit and does not require a storage medium. Cloud storage reliability has become a topic of importa...
متن کاملMulti-Owner Data Sharing Using Key Policy Attribute-Based Encryption Method in the cloud
There is a Major problem in public clouds about the sharing of documents on attribute based policies, sharing data in a dynamic groups . With the help of advantage of low maintenance, cloud computing gives the effective solution for sharing group resource among cloud users. As the sharing of documents with different keys like attribute based encryption (ABE), and/or proxy re-encryption (PRE) ap...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Inf. Sci.
دوره 258 شماره
صفحات -
تاریخ انتشار 2014