Generic user revocation systems for attribute-based encryption in cloud storage

作     者：Genlang CHEN Zhiqian XU Hai JIANG Kuan-ching LI 

作者机构：Institute of Ningbo Technology Zhejiang University Independent Scholar Department of Computer Science Arkansas State University Department of Computer Science and Information Engineering Providence University 

出 版 物：《Frontiers of Information Technology & Electronic Engineering》 (信息与电子工程前沿（英文版）)

年 卷 期：2018年第19卷第11期

页      面：1362-1384页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the Natural Science Foundation of Zhejiang Province,China(No.Y15F020113) Ningbo eHealth Project,China(No.2016C11024) 

主　　题：Attribute-based.encryption Generic user revocation User privacy Cloud storage Access control 

摘      要：Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. Attribute-based encryption(ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption(UR-CRE) and user revocation via cloud storage providers(UR-CSP), which work with any type of ABE scheme to dynamically revoke users.