Dynamic secure cloud storage with provenance

Authors:
Sherman S. M. Chow;Cheng-Kang Chu;Xinyi Huang;Jianying Zhou;Robert H. Deng
Affiliations:
University of Waterloo, Canada;Institute for Infocomm Research, Singapore;Institute for Infocomm Research, Singapore;Institute for Infocomm Research, Singapore;Singapore Management University, Singapore
Venue:
Cryptography and Security
Year:
2012

Citing 9
Cited 0

Group signatures with verifier-local revocation

Proceedings of the 11th ACM conference on Computer and communications security
Removing Escrow from Identity-Based Encryption

Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Improving privacy and security in multi-authority attribute-based encryption

Proceedings of the 16th ACM conference on Computer and communications security
Real Traceable Signatures

Selected Areas in Cryptography
Secure provenance: the essential of bread and butter of data forensics in cloud computing

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Full-domain subgroup hiding and constant-size group signatures

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Identity-based broadcast encryption with constant size ciphertexts and private keys

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Hierarchical identity based encryption with constant size ciphertext

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

One concern in using cloud storage is that the sensitive data should be confidential to the servers which are outside the trust domain of data owners. Another issue is that the user may want to preserve his/her anonymity in the sharing or accessing of the data (such as in Web 2.0 applications). To fully enjoy the benefits of cloud storage, we need a confidential data sharing mechanism which is fine-grained (one can specify who can access which classes of his/her encrypted files), dynamic (the total number of users is not fixed in the setup, and any new user can decrypt previously encrypted messages), scalable (space requirement does not depend on the number of decryptors), accountable (anonymity can be revoked if necessary) and secure (trust level is minimized). This paper addresses the problem of building a secure cloud storage system which supports dynamic users and data provenance. Previous system is based on specific constructions and does not offer all of the aforementioned desirable properties. Most importantly, dynamic user is not supported. We study the various features offered by cryptographic anonymous authentication and encryption mechanisms; and instantiate our design with verifier-local revocable group signature and identity-based broadcast encryption with constant size ciphertexts and private keys. To realize our concept, we equip the broadcast encryption with the dynamic ciphertext update feature, and give formal security guarantee against adaptive chosen-ciphertext decryption and update attacks.