Cloud storage services allow data owners to outsource their potentially sensitive data (e.g., private genome data) to remote cloud servers in a ciphertext form. To enable data owners to further share the data encrypted in ciphertexts, many proxy re-encryption (PRE) schemes are proposed. However, most schemes only support single-recipient or coarse-grained re-encryption, which may limit the flexibility for data sharing. To address this issue, we propose a Policy-based Broadcast Access Authorization (PBAA) scheme by introducing the well-established identity-based broadcast encryption (IBBE) and key-policy attribute-based encryption into PRE. In our PBAA scheme, a data owner can apply IBBE to encrypt his data to a group of recipients. More importantly, the data owner can generate a delegation key with an access policy, and send this key to the cloud such that it can convert any initial ciphertext satisfying the access policy into a new ciphertext for a new group of recipients. With these features, cloud users can share their remote data in a secure and flexible way. Security analysis and performance evaluation show that the PBAA scheme is secure and efficient, respectively.

Policy-based Broadcast Access Authorization for Flexible Data Sharing in Clouds

Castiglione A.
2022-01-01

Abstract

Cloud storage services allow data owners to outsource their potentially sensitive data (e.g., private genome data) to remote cloud servers in a ciphertext form. To enable data owners to further share the data encrypted in ciphertexts, many proxy re-encryption (PRE) schemes are proposed. However, most schemes only support single-recipient or coarse-grained re-encryption, which may limit the flexibility for data sharing. To address this issue, we propose a Policy-based Broadcast Access Authorization (PBAA) scheme by introducing the well-established identity-based broadcast encryption (IBBE) and key-policy attribute-based encryption into PRE. In our PBAA scheme, a data owner can apply IBBE to encrypt his data to a group of recipients. More importantly, the data owner can generate a delegation key with an access policy, and send this key to the cloud such that it can convert any initial ciphertext satisfying the access policy into a new ciphertext for a new group of recipients. With these features, cloud users can share their remote data in a secure and flexible way. Security analysis and performance evaluation show that the PBAA scheme is secure and efficient, respectively.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4810938
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact