TY - JOUR
T1 - Efficient attribute-based encryption with attribute revocation for assured data deletion
AU - Xue, Liang
AU - Yu, Yong
AU - Li, Yannan
AU - Au, Man Ho
AU - Du, Xiaojiang
AU - Yang, Bo
N1 - Funding Information:
This work was supported by the National Key R&D Program of China(No.2017YFB0802000), the National Natural Science Foundation of China ( 61772326 , 61572303 ), NSFC Research Fund for International Young Scientists ( 61750110528 ), National Cryptography Development Fund during the 13th Five-year Plan Period (MMJJ20170216), and the Fundamental Research Funds for the Central Universities(GK201702004).
Publisher Copyright:
© 2018 Elsevier Inc.
PY - 2019/4
Y1 - 2019/4
N2 - Cloud storage allows customers to store their data on remote cloud servers. With the advantage of reducing the burden of data management and storage, an increasing number of users prefer to store their data on the cloud. While secure data deletion is a crucial, it is a challenging issue in cloud storage. Logically deleted data may be easily exposed to un-authorized users in the cloud storage scenario thanks to its salient features such as multi-tenancy, virtualization and elasticity. Moreover, cloud servers might not delete customers’ data as instructed for hidden business interest. Hence, assured deletion is highly sought after. It helps preserve cloud users’ data privacy and is a necessary component of data retention regulations in cloud storage. In this paper, we first investigate the goals of assured data deletion and formalize its security model.Then, we propose a key-policy attribute-based encryption scheme for assured deletion (AD-KP-ABE) of cloud data. Our construction makes use of the attribute revocation cryptographic primitive and Merkle Hash Tree to achieve fine-grained access control and verifiable data deletion. The proposed AD-KP-ABE enjoys desirable properties such as no secret key update, partial ciphertext update and assured data deletion. The detailed security proof and implementation results demonstrate the security and practicality of our proposal.
AB - Cloud storage allows customers to store their data on remote cloud servers. With the advantage of reducing the burden of data management and storage, an increasing number of users prefer to store their data on the cloud. While secure data deletion is a crucial, it is a challenging issue in cloud storage. Logically deleted data may be easily exposed to un-authorized users in the cloud storage scenario thanks to its salient features such as multi-tenancy, virtualization and elasticity. Moreover, cloud servers might not delete customers’ data as instructed for hidden business interest. Hence, assured deletion is highly sought after. It helps preserve cloud users’ data privacy and is a necessary component of data retention regulations in cloud storage. In this paper, we first investigate the goals of assured data deletion and formalize its security model.Then, we propose a key-policy attribute-based encryption scheme for assured deletion (AD-KP-ABE) of cloud data. Our construction makes use of the attribute revocation cryptographic primitive and Merkle Hash Tree to achieve fine-grained access control and verifiable data deletion. The proposed AD-KP-ABE enjoys desirable properties such as no secret key update, partial ciphertext update and assured data deletion. The detailed security proof and implementation results demonstrate the security and practicality of our proposal.
KW - Assured data deletion
KW - Attribute-based encryption
KW - Cloud storage
UR - http://www.scopus.com/inward/record.url?scp=85042168097&partnerID=8YFLogxK
U2 - 10.1016/j.ins.2018.02.015
DO - 10.1016/j.ins.2018.02.015
M3 - Journal article
AN - SCOPUS:85042168097
SN - 0020-0255
VL - 479
SP - 640
EP - 650
JO - Information Sciences
JF - Information Sciences
ER -