Achieving Scalable and Optimized Attribute Revocation in Cloud Computing

Somchart FUGKEAW  Hiroyuki SATO  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E100-D   No.5   pp.973-983
Publication Date: 2017/05/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016NTP0006
Type of Manuscript: Special Section PAPER (Special Section on the Architectures, Protocols, and Applications for the Future Internet)
Category: 
Keyword: 
revocation,  data access control,  policy update,  proxy re-encryption,  

Full Text: PDF(1.5MB)>>
Buy this Article




Summary: 
Revocation is one of the major problems for access control systems. Especially, the revocation cost for the data outsourced in the third party environment such as cloud storage systems. The revocation in the cloud-based access control typically deals with the cryptographic operations that introduce costly overheads for key re-generation, file re-encryption, and key re-distribution. Also, the communication for retrieving files for re-encryption and loading them back to the cloud is another non-trivial cost for data owners. In this paper, we propose a Very Lightweight Proxy Re-Encryption (VL-PRE) scheme to efficiently support attribute-based revocation and policy update in the collaborative data sharing in cloud computing environment. To this end, we propose three-phase VL-PRE protocol including re-encryption key generation, re-encryption key update, and re-encryption key renewal for supporting the optimized attribute revocation and policy update. Finally, we conduct the experiments to evaluate the performance of our VL-PRE and show that it exhibits less computation cost with higher scalability in comparison with existing PRE schemes.