Cloud computing provides a flexible and convenient way for data sharing, which brings various benefits for both the society and individuals. But there exists a natural resistance for users to directly outsource the shared data to the cloud server since the data often contain valuable information. Thus, it is necessary to place cryptographically enhanced access control on the shared data. Identity-based encryption is a promising cryptographically primitive to build a practical data sharing system. However, access control is not static. That is, when some user’s authorization is expired, there should be a mechanism that can remove him/her from the system. Consequently, the revoked user cannot access both the previously and subsequently shared data. To this end, we propose a notion called revocable-storage identity-based encryption (RS-IBE), which can provide the forward/backward security of cipher text by introducing the functionalities of user revocation and cipher text update simultaneously. Furthermore, we present a concrete construction of RS-IBE, and prove its security in the defined security model. The performance comparisons indicate that the proposed RS-IBE scheme has advantages in terms of functionality and efficiency, and thus is feasible for a practical and cost-effective data-sharing system. Finally, we provide implementation results of the proposed scheme to demonstrate its practicability.

Cloud computing, data sharing, revocation, Identity-based encryption, ciphertext update, decryption key exposure

[1] L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “A break in the clouds: towards a cloud definition,” ACM SIGCOMM Computer Communication Review, vol. 39, no. 1, pp. 50–55, 2008.
[2] iCloud. (2014) Apple storage service. [Online]. Available: https://www.icloud.com/
[3] Azure. (2014) Azure storage service. [Online]. Available: http://www.windowsazure.com/
[4] Amazon. (2014) Amazon simple storage service (amazon s3). [Online]. Available: http://aws.amazon.com/s3/
[5] K. Chard, K. Bubendorfer, S. Caton, and O. F. Rana, “Social cloud computing: A vision for socially motivated resource sharing,” Services Computing, IEEE Transactions on, vol. 5, no. 4, pp. 551–563, 2012.
[6] C. Wang, S. S. Chow, Q. Wang, K. Ren, and W. Lou, “Privacypreserving public auditing for secure cloud storage,” Computers, IEEE Transactions on, vol. 62, no. 2, pp. 362–375, 2013.
[7] G. Anthes, “Security in the cloud,” Communications of the ACM, vol. 53, no. 11, pp. 16–18, 2010.
[8] K. Yang and X. Jia, “An efficient and secure dynamic auditing protocol for data storage in cloud computing,” Parallel and Distributed Systems, IEEE Transactions on, vol. 24, no. 9, pp. 1717–1726, 2013.
[9] B. Wang, B. Li, and H. Li, “Public auditing for shared data with efficient user revocation in the cloud,” in INFOCOM, 2013 Proceedings IEEE. IEEE, 2013, pp. 2904–2912.
[10] S. Ruj, M. Stojmenovic, and A. Nayak, “Decentralized access control with anonymous authentication of data stored in clouds,” Parallel and Distributed Systems, IEEE Transactions on, vol. 25, no. 2, pp. 384–394, 2014.
[11] X. Huang, J. Liu, S. Tang, Y. Xiang, K. Liang, L. Xu, and J. Zhou, “Cost-effective authentic and anonymous data sharing with forward security,” Computers, IEEE Transactionson,2014,doi: m10.1109/TC.2014.2315619.
[12] C.-K. Chu, S. S. Chow, W.-G. Tzeng, J. Zhou, and R. H. Deng, “Key-aggregate cryptosystem for scalable data sharing in cloud storage,”
[13] A. Shamir, “Identity-based cryptosystems and signature schemes,” in Advances in cryptology. Springer, 1985, pp. 47–53.
[14] D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” SIAM Journal on Computing, vol. 32, no. 3, pp. 586– 615, 2003.
[15] S. Micali, “Efficient certificate revocation,” Tech. Rep., 1996.
[16] W. Aiello, S. Lodha, and R. Ostrovsky, “Fast digital identity revocation,” in Advances in Cryptology–CRYPTO 1998. Springer, 1998, pp. 137–152.
[17] D. Naor, M. Naor, and J. Lotspiech, “Revocation and tracing schemes for stateless receivers,” in Advances in Cryptology– CRYPTO 2001. Springer, 2001, pp. 41–62.
[18] C. Gentry, “Certificate-based encryption and the certificate revocation problem,” in Advances in Cryptology–EUROCRYPT 2003. Springer, 2003, pp. 272–293.
[19] V. Goyal, “Certificate revocation using fine grained certificate space partitioning,” in Financial Cryptography and Data Security. Springer, 2007, pp. 247–259.
[20] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient revocation,” in Proceedings of the 15th ACM conference on Computer and communications security. ACM, 2008, pp. 417–426.
[21] B. Libert and D. Vergnaud, “Adaptive-id secure revocable identitybased encryption,” in Topics in Cryptology–CT-RSA 2009. Springer, 2009, pp. 1–15.
[22] ——, “Towards black-box accountable authority ibe with short ciphertexts and private keys,” in Public Key Cryptography–PKC 2009. Springer, 2009, pp. 235–255.
[23] J. Chen, H. W. Lim, S. Ling, H. Wang, and K. Nguyen, “Revocable identity-based encryption from lattices,” in Information Security and Privacy. Springer, 2012, pp. 390–403.
[24] J. H. Seo and K. Emura, “Revocable identity-based encryption revisited: Security model and construction,” in Public-Key Cryptography– PKC 2013. Springer, 2013, pp. 216–234.
[25] “Efficient delegation of key generation and revocation functionalities in identity-based encryption,” in Topics in Cryptology CT- RSA 2013. Springer, 2013, pp. 343–358.
[26] K. Liang, J. K. Liu, D. S. Wong, and W. Susilo, “An efficient cloudbased revocable identity-based proxy re-encryption scheme for public clouds data sharing,” in Computer Security-ESORICS 2014. Springer, 2014, pp. 257–272.
[27] D.-H. Phan, D. Pointcheval, S. F. Shahandashti, and M. Strefler, “Adaptive cca broadcast encryption with constant-size secret keys and ciphertexts,” International journal of information security, vol. 12, no. 4, pp. 251–265, 2013.
[28] R. Anderson, “Two remarks on public-key cryptology (invitedlecture),” 1997.
[29] M. Bellare and S. K. Miner, “A forward-secure digital signature scheme,” in Advances in Cryptology–CRYPTO 1999. Springer, 1999, pp. 431–448.
[30] M. Abdalla and L. Reyzin, “A new forward-secure digital signature scheme,” in Advances in Cryptology–ASIACRYPT 2000. Springer, 2000, pp. 116–129.
[31] A. Kozlov and L.Reyzin, “Forward-secure signatures with fast key update,” in Security in communication Networks. Springer, 2003, pp. 241–256.
[32] X. Boyen, H.Shacham, E. Shen, and B. Waters, “Forward-secure signatures with untrusted update,” in Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006, pp. 191–200.
[33] J. Yu, R. Hao, F. Kong, X. Cheng, J. Fan, and Y. Chen, “Forwardsecure identity-based signature: security notions and construction,” Information Sciences, vol. 181, no. 3, pp. 648–660, 2011.
[34] R. Canetti, S. Halevi, and J. Katz, “A forward-secure public-key encryption scheme,” in Advances in Cryptology–Eurocrypt 2003. Springer, 2003, pp. 255–271.
[35] D. Yao, N. Fazio, Y. Dodis, and A. Lysyanskaya, “Id-based encryption for complex hierarchies with applications to forward security and broadcast encryption,” in Proceedings of the 11th ACM conference on Computer and communications security. ACM, 2004, pp. 354–363.
[36] J. M. G. Nieto, M. Manulis, and D. Sun, “Forward-secure hierarchical predicate encryption,” in Pairing-Based Cryptography–Pairing 2012. Sprnger, 2013, pp. 83–101.
[37] A. Sahai, H. Seyalioglu, and B. Waters, “Dynamiccredentials a ciphertext delegation for attribute-based encryption,” in Advances in Cryptology–CRYPTO 2012. Springer, 2012, pp. 199–217.
[38] B. Waters, “Efficient identity-based encryption without random oracles,” in Advances in Cryptology–EUROC Springer, 2005, pp. 114–127.
[39] B. Lynn. (2014) Pbc library: The pairing-based cryptography library.