Lazy Revocation in Cryptographic File Systems (original) (raw)

A Revocable ID-based Signcryption Scheme

J. Inf. Hiding Multim. Signal Process., 2012

Signcryption scheme can efficiently perform encryption and signing procedures in a single step to obtain message confidentiality and non-reputation properties. As compared to the traditional public key system, identity (ID)-based public key system (IDPKS) can simplify the management of required certificates. However, how to revoke these compromised or misbehaving identities in the IDPKS becomes a critical problem. Recently, Tseng and Tsai proposed a novel construction in the IDPKS with revocation mechanism called revocable ID-based public key system (R-IDPKS). In this paper, we follow their R-IDPKS to propose an important cryptographic primitive ”signcryption”. Security analysis is made to demonstrate that the proposed scheme is provably secure and provides confidentiality and unforgeability.

Key regression: Enabling efficient key distribution for secure distributed storage

2006

Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation schemes cannot generically be used to key other crypto-graphic objects; in fact, keying an encryption scheme with the output of a key rotation scheme can yield a composite system that is insecure.

Securing Shared Data Integrity in Cloud Storage with User Revocation

In the cloud environment users can easily modify and share data as a group. To ensure shared data integrity can be verified publicly, users in the group need to compute signatures on all the blocks in shared data. Different blocks in Shared data are generally signed by different users due to data modifications performed by different users. For security reasons, once a user is revoked from the group, the blocks which were previously signed by this revoked user must be re-signed by an existing user. The straight forward method, which allows an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient due to the large size of shared data in the cloud. In this, a public auditing mechanism is proposed for the integrity of shared data with efficient user revocation in mind. By utilizing the idea of proxy re-signatures, we allow the cloud tore-sign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-sign blocks by themselves. In addition, a public verifier is always able to audit the integrity of shared data without retrieving the entire data from the cloud, even if some part of shared data has been re-signed by the cloud. Moreover, our mechanism is able to support batch auditing by verifying multiple auditing tasks simultaneously.