Securing Fine-Grained Data Sharing and Erasure in Outsourced Storage Systems
- 29 November 2022
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Parallel and Distributed Systems
- Vol. 34 (2), 552-566
- https://doi.org/10.1109/tpds.2022.3225274
Abstract
The wide use of internet-connected services makes massive personal data collected by service providers without the need of our consent. Although the archived data may enable them to provide better service experiences for users, it also presents serious risks to individual privacy, especially when active or unexpected data breaches have become commonplace. To mitigate this issue, several acts and regulations (e.g., the European Union general data protection regulation) have been issued and specified a lot of security requirements for personal data management. Among these various requirements, we mainly focus on the requirement of giving back the access control of personal data to data owners themselves and the right to be forgotten for data erasure. In this paper, we provide a cryptographic solution of achieving these two requirements in the setting of outsourced storage. Specifically, we introduce a personal data management framework built upon a novel cryptographic primitive dubbed as forward-secure attribute-based puncturable encryption (FS-DABPE). This primitive simultaneously features of system-wide forward secrecy and practical key management as well as fine-grained access control of the encrypted personal data. Consequently, by locally puncturing, updating and erasing system-wide secret keys, it securely realizes fine-grained personal data sharing and data erasure without interactions. Furthermore, to instantiate the proposed framework, we present a concrete FS-DABPE construction, and prove its security under a well-studied complexity assumption. In addition, we provide a prototype implementation of the concrete construction, and present extensive experimental results that illustrate its feasibility and practicability.Keywords
Funding Information
- National Natural Science Foundation of China (62172434, 61960206014, 62072357)
- Key Research and Development Projects of Shaanxi Province (2020ZDLGY08-03)
- China Postdoctoral Science Foundation (2020M673348, 2021T140531)
This publication has 35 references indexed in Scilit:
- Efficient algorithms for secure outsourcing of bilinear pairingsTheoretical Computer Science, 2015
- Secure Deduplication with Efficient and Reliable Convergent Key ManagementIEEE Transactions on Parallel and Distributed Systems, 2013
- New Algorithms for Secure Outsourcing of Modular ExponentiationsIEEE Transactions on Parallel and Distributed Systems, 2013
- Charm: a framework for rapidly prototyping cryptosystemsJournal of Cryptographic Engineering, 2013
- On cryptographic protocols employing asymmetric pairings — The role of Ψ revisitedDiscrete Applied Mathematics, 2011
- Decentralizing Attribute-Based EncryptionLecture Notes in Computer Science, 2011
- Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure RealizationLecture Notes in Computer Science, 2011
- A Hybrid PKI-IBC Based Ephemerizer SystemIFIP International Federation for Information Processing, 2007
- Fuzzy Identity-Based EncryptionLecture Notes in Computer Science, 2005
- A Forward-Secure Public-Key Encryption SchemeLecture Notes in Computer Science, 2003