Research Area:  Cloud Security
Cloud computing provides a flexible and convenient way for data sharing, which brings various benefits for both the society and individuals. But there exists a natural resistance for users to directly outsource the shared data to the cloud server since the data often contain valuable information. Thus, it is necessary to place cryptographically enhanced access control on the shared data. Identity-based encryption is a promising cryptographical primitive to build a practical data sharing system. However, access control is not static. That is, when some user-s authorization is expired, there should be a mechanism that can remove him/her from the system. Consequently, the revoked user cannot access both the previously and subsequently shared data. To this end, we propose a notion called revocable-storage identity-based encryption (RS-IBE), which can provide the forward/backward security of ciphertext by introducing the functionalities of user revocation and ciphertext update simultaneously. Furthermore, we present a concrete construction of RS-IBE, and prove its security in the defined security model. The performance comparisons indicate that the proposed RS-IBE scheme has advantages in terms of functionality and efficiency, and thus is feasible for a practical and cost-effective datasharing system. Finally, we provide implementation results of the proposed scheme to demonstrate its practicability.
Keywords:  
Cloud computing
data sharing
revocation
Identity-based encryption
ciphertext update
decryption key exposure
Author(s) Name:  Jianghong Wei; Wenfen Liu; Xuexian Hu
Journal name:   IEEE Transactions on Cloud Computing
Conferrence name:  
Publisher name:  IEEE
DOI:  10.1109/TCC.2016.2545668
Volume Information:  Volume: 6, Issue: 4, 01 Oct.-Dec. 2018, Page(s): 1136 - 1148
Paper Link:   https://ieeexplore.ieee.org/abstract/document/7439787