A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
Ticket based service access for the mobile user
MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
Efficient Sharing of Encrypted Data
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Hierarchical ID-Based Cryptography
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Dynamo: amazon's highly available key-value store
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Identity-Based Proxy Re-encryption
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Controlling data in the cloud: outsourcing computation without outsourcing control
Proceedings of the 2009 ACM workshop on Cloud computing security
Communications of the ACM
Attribute based data sharing with attribute revocation
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Achieving secure, scalable, and fine-grained data access control in cloud computing
INFOCOM'10 Proceedings of the 29th conference on Information communications
Secure attribute-based systems
Journal of Computer Security
Hierarchical attribute-based encryption for fine-grained access control in cloud storage services
Proceedings of the 17th ACM conference on Computer and communications security
Cloud computing privacy concerns on our doorstep
Communications of the ACM
Privacy preserving EHR system using attribute-based infrastructure
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Review: A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Multi-authority ciphertext-policy attribute-based encryption with accountability
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Achieving fine-grained access control for secure data sharing on cloud servers
Concurrency and Computation: Practice & Experience
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Speeding-up codon analysis on the cloud with local MapReduce aggregation
Information Sciences: an International Journal
Hi-index | 0.07 |
A fundamental approach for secure data sharing in a cloud environment is to let the data owner encrypt data before outsouring. To simultaneously achieve fine-grained access control on encrypted data and scalable user revocation, existing work combines attribute-based encryption (ABE) and proxy re-encryption (PRE) to delegate the cloud service provider (CSP) to execute re-encryption. However, the data owner should be online in order to send the PRE keys to the CSP in a timely fashion, to prevent the revoked user from accessing the future data. The delay of issuing the PRE keys may cause potential security risks. In this paper, we propose a time-based proxy re-encryption (TimePRE) scheme to allow a user's access right to expire automatically after a predetermined period of time. In this case, the data owner can be offline in the process of user revocations. The basic idea is to incorporate the concept of time into the combination of ABE and PRE. Specifically, each data is associated with an attribute-based access structure and an access time, and each user is identified by a set of attributes and a set of eligible time periods which denote the period of validity of the user's access right. Then, the data owner and the CSP are required to share a root secret key in advance, with which CSP can automatically update the access time of the data with the time that it receives a data access request. Therefore, given the re-encrypted ciphertext, only the users whose attributes satisfy the access structure and whose access rights are effective in the access time can recover corresponding data.