Litcius/Paper detail

Policy-Based Broadcast Access Authorization for Flexible Data Sharing in Clouds

Hua Deng, Jixin Zhang, Zheng Qin, Qianhong Wu, Hui Yin, Aniello Castiglione

2021IEEE Transactions on Dependable and Secure Computing24 citationsDOI

Abstract

Cloud storage services allow data owners to outsource their potentially sensitive data (e.g., private genome data) to remote cloud servers in a ciphertext form. To enable data owners to further share the data encrypted in ciphertexts, many proxy re-encryption (PRE) schemes are proposed. However, most schemes only support single-recipient or coarse-grained re-encryption, which may limit the flexibility for data sharing. To address this issue, we propose a Policy-based Broadcast Access Authorization (PBAA) scheme by introducing the well-established identity-based broadcast encryption (IBBE) and key-policy attribute-based encryption into PRE. In our PBAA scheme, a data owner can apply IBBE to encrypt his data to a group of recipients. More importantly, the data owner can generate a delegation key with an access policy, and send this key to the cloud such that it can convert any initial ciphertext satisfying the access policy into a new ciphertext for a new group of recipients. With these features, cloud users can share their remote data in a secure and flexible way. Security analysis and performance evaluation show that the PBAA scheme is secure and efficient, respectively.

Topics & Concepts

Computer scienceEncryptionBroadcast encryptionCloud computingCiphertextAttribute-based encryptionComputer securityData sharingComputer networkClient-side encryptionAccess controlOn-the-fly encryptionPublic-key cryptographyOperating systemMedicineAlternative medicinePathologyCryptography and Data SecurityPrivacy-Preserving Technologies in DataCloud Data Security Solutions