Achieving Scalable and Optimized Attribute Revocation in Cloud Computing

Revocation is one of the major problems for access control systems. Especially, the revocation cost for the data outsourced in the third party environment such as cloud storage systems. The revocation in the cloud-based access control typically deals with the cryptographic operations that introduce costly overheads for key re-generation, file reencryption, and key re-distribution. Also, the communication for retrieving files for re-encryption and loading them back to the cloud is another nontrivial cost for data owners. In this paper, we propose a Very Lightweight Proxy Re-Encryption (VL-PRE) scheme to efficiently support attributebased revocation and policy update in the collaborative data sharing in cloud computing environment. To this end, we propose three-phase VLPRE protocol including re-encryption key generation, re-encryption key update, and re-encryption key renewal for supporting the optimized attribute revocation and policy update. Finally, we conduct the experiments to evaluate the performance of our VL-PRE and show that it exhibits less computation cost with higher scalability in comparison with existing PRE schemes. key words: revocation, data access control, policy update, proxy reencryption