International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II

Research Article

Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage

Download
192 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-23802-9_26,
        author={Weiyu Jiang and Zhan Wang and Limin Liu and Neng Gao},
        title={Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage},
        proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II},
        proceedings_a={SECURECOMM},
        year={2015},
        month={12},
        keywords={Access control policy Over-encryption Batch revocation},
        doi={10.1007/978-3-319-23802-9_26}
    }
    
  • Weiyu Jiang
    Zhan Wang
    Limin Liu
    Neng Gao
    Year: 2015
    Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-23802-9_26
Weiyu Jiang,*, Zhan Wang,*, Limin Liu,*, Neng Gao,*
    *Contact email: wyjiang@lois.cn, zwang@lois.cn, lmliu@lois.cn, gaoneng@lois.cn

    Abstract

    To protect sensitive data from unauthorized access, encrypting data at the user end before outsourcing them to the cloud storage, has become a common practice. In this case, the access control policy is enforced through assigning proper cryptographic keys among collaborators. However, when the access control policy needs to be updated (e.g. new collaborators join or some collaborators leave), it is very costly for the data owner or other parties to re-encrypt the data with a new key in order to satisfy the new policy. To address this problem, we propose a dual-header structure and batch revocation, which makes the overhead for privileges grant independent of data size and significantly improves the efficiency of privilege revocation by applying lazy revocation to certain groups of revocation requests, respectively. We also analyze the overhead for authorization showing that our approach is able to efficiently manage frequent policy updates.