User Revocation-Enabled Access Control Model Using Identity-Based Signature in the Cloud Computing Environment

Abstract

Nowadays, a lot of data is stored in the cloud for sharing purposes across various domains. The increasing number of security issues with cloud data raises confidentiality concerns about keeping these stored or shared data. Advanced encryption and decryption techniques in cloud computing environments can be considered useful to achieve this aspect. However, an unresolved yet critical challenge in cloud data-sharing systems is the revocation of malicious users. One of the common methods for revocation involves periodically updating users' private keys. This approach increases the workload of the Key Generation Center (KGC) as the number of users increases. In this work, an efficient Revocable Identity-Based Signature (RIBS) scheme is proposed, wherein the revocation functionality is delegated to an External Revocation Server (ERS). This proposed scheme allows only the non-revoked users to access the system resources, thus, providing restricted access control. Here, the ERS generates a secret time key for signature generation based on a revoked user list. In the proposed method, a user uses its private key and secret time key to sign a message. Furthermore, to maintain data confidentiality, symmetric encryption and Elliptic Curve Cryptography (ECC) based asymmetric encryption techniques are used before outsourcing data to the cloud server. The results illustrate that the proposed scheme outperforms some of the existing schemes by providing reduced computation costs.