Time-based proxy re-encryption scheme for secure data sharing in a cloud environment

Authors:
Qin Liu;Guojun Wang;Jie Wu
Affiliations:
School of Information Science and Engineering, Central South University, Changsha, Hunan Province 410083, PR China and Department of Computer and Information Sciences, Temple University, Philadelp ...;School of Information Science and Engineering, Central South University, Changsha, Hunan Province 410083, PR China;Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA
Venue:
Information Sciences: an International Journal
Year:
2014

Citing 23
Cited 1

A public key cryptosystem and a signature scheme based on discrete logarithms

Proceedings of CRYPTO 84 on Advances in cryptology
Ticket based service access for the mobile user

MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
Efficient Sharing of Encrypted Data

ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Identity-Based Encryption from the Weil Pairing

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Hierarchical ID-Based Cryptography

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Plutus: Scalable Secure File Sharing on Untrusted Storage

FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Attribute-based encryption for fine-grained access control of encrypted data

Proceedings of the 13th ACM conference on Computer and communications security
Ciphertext-Policy Attribute-Based Encryption

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Dynamo: amazon's highly available key-value store

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Identity-Based Proxy Re-encryption

ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Controlling data in the cloud: outsourcing computation without outsourcing control

Proceedings of the 2009 ACM workshop on Cloud computing security
A view of cloud computing

Communications of the ACM
Attribute based data sharing with attribute revocation

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Achieving secure, scalable, and fine-grained data access control in cloud computing

INFOCOM'10 Proceedings of the 29th conference on Information communications
Secure attribute-based systems

Journal of Computer Security
Hierarchical attribute-based encryption for fine-grained access control in cloud storage services

Proceedings of the 17th ACM conference on Computer and communications security
Cloud computing privacy concerns on our doorstep

Communications of the ACM
Privacy preserving EHR system using attribute-based infrastructure

Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Review: A survey on security issues in service delivery models of cloud computing

Journal of Network and Computer Applications
Cryptographic cloud storage

FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Multi-authority ciphertext-policy attribute-based encryption with accountability

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Achieving fine-grained access control for secure data sharing on cloud servers

Concurrency and Computation: Practice & Experience
Fuzzy identity-based encryption

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Speeding-up codon analysis on the cloud with local MapReduce aggregation

Information Sciences: an International Journal

Quantified Score

Hi-index	0.07

Visualization

Abstract

A fundamental approach for secure data sharing in a cloud environment is to let the data owner encrypt data before outsouring. To simultaneously achieve fine-grained access control on encrypted data and scalable user revocation, existing work combines attribute-based encryption (ABE) and proxy re-encryption (PRE) to delegate the cloud service provider (CSP) to execute re-encryption. However, the data owner should be online in order to send the PRE keys to the CSP in a timely fashion, to prevent the revoked user from accessing the future data. The delay of issuing the PRE keys may cause potential security risks. In this paper, we propose a time-based proxy re-encryption (TimePRE) scheme to allow a user's access right to expire automatically after a predetermined period of time. In this case, the data owner can be offline in the process of user revocations. The basic idea is to incorporate the concept of time into the combination of ABE and PRE. Specifically, each data is associated with an attribute-based access structure and an access time, and each user is identified by a set of attributes and a set of eligible time periods which denote the period of validity of the user's access right. Then, the data owner and the CSP are required to share a root secret key in advance, with which CSP can automatically update the access time of the data with the time that it receives a data access request. Therefore, given the re-encrypted ciphertext, only the users whose attributes satisfy the access structure and whose access rights are effective in the access time can recover corresponding data.