17-01-2014, 02:02 PM
Reliable Re-encryption in Unreliable Clouds
Re-encryption in Unreliable.pdf (Size: 141.8 KB / Downloads: 30)
Abstract
A key approach to secure cloud computing is for
the data owner to store encrypted data in the cloud, and issue
decryption keys to authorized users. Then, when a user is
revoked, the data owner will issue re-encryption commands to
the cloud to re-encrypt the data, to prevent the revoked user
from decrypting the data, and to generate new decryption keys to
valid users, so that they can continue to access the data. However,
since a cloud computing environment is comprised of many cloud
servers, such commands may not be received and executed by all
of the cloud servers due to unreliable network communications.
In this paper, we solve this problem by proposing a time-
based re-encryption scheme, which enables the cloud servers to
automatically re-encrypt data based on their internal clocks. Our
solution is built on top of a new encryption scheme, attribute-
based encryption, to allow fine-grain access control, and does not
require perfect clock synchronization for correctness.
INTRODUCTION
The use of cloud computing is increasingly popular due to
the potential cost savings from outsourcing data to the cloud
service provider (CSP). One technique to protect the data from
a possible untrusted CSP is for the data owner to encrypt the
outsourced data [1], [2]. Flexible encryption schemes such as
attribute based encryption (ABE) [3]–[5] can be adopted to
provide fine grained access control.
ABE allows data to be encrypted using an access structure
comprised of different attributes. Instead of specific decryption
keys for specific files, users are issued attribute keys. Users
must have the necessary attributes that satisfy the access struc-
ture in order to decrypt a file. For example, a file encrypted
using the access structure {(α1 ∧ α2 ) ∨ α3 } means that either
a user with attributes α1 and α2 , or a user with attribute α3 ,
can decrypt the file.
RELATED WORK
Many researchers have proposed storing encrypted data in
the cloud to defend against the CSP [1], [2]. Under this
approach, users are revoked by having a third party to re-
encrypt data such that previous keys can no longer decrypt any
data [14]–[16]. The solution by [15] for instance, lets the data
owner issue a re-encryption key to an untrusted server to re-
encrypt the data. Their solution utilizes PRE [6], which allows
the server to re-encrypt the stored ciphertext to a different
cipertext that can only be decrypted using a different key.
During the process, the server does not learn the contents of
the cipertext or the decryption keys.
ABE is a new cryptographic technique that efficiently sup-
ports fine grained access control. The combination of PRE and
ABE was first introduced by [9], and extended by [8], [17]. In
[8], a hierarchical attribute-based encryption (HABE) scheme
is proposed to achieve high performance and full delegation.
The main difference between prior work and ours is that we do
not require the underlying cloud infrastructure to be reliable
in order to ensure correctness.
CONCLUSION
In this paper, we proposed the R3 scheme, a new method for
managing access control based on the cloud server’s internal
clock. Our technique does not rely on the cloud to reliably
propagate re-encryption commands to all servers to ensure
access control correctness. We showed that our solutions
remain secure without perfect clock synchronization so long
as we can bound the time difference between the servers and
the data owner.