Research Article
Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage
@INPROCEEDINGS{10.1007/978-3-319-23802-9_26, author={Weiyu Jiang and Zhan Wang and Limin Liu and Neng Gao}, title={Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II}, proceedings_a={SECURECOMM}, year={2015}, month={12}, keywords={Access control policy Over-encryption Batch revocation}, doi={10.1007/978-3-319-23802-9_26} }
- Weiyu Jiang
Zhan Wang
Limin Liu
Neng Gao
Year: 2015
Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23802-9_26
Abstract
To protect sensitive data from unauthorized access, encrypting data at the user end before outsourcing them to the cloud storage, has become a common practice. In this case, the access control policy is enforced through assigning proper cryptographic keys among collaborators. However, when the access control policy needs to be updated (e.g. new collaborators join or some collaborators leave), it is very costly for the data owner or other parties to re-encrypt the data with a new key in order to satisfy the new policy. To address this problem, we propose a dual-header structure and batch revocation, which makes the overhead for privileges grant independent of data size and significantly improves the efficiency of privilege revocation by applying lazy revocation to certain groups of revocation requests, respectively. We also analyze the overhead for authorization showing that our approach is able to efficiently manage frequent policy updates.