Achieving Efficient and Verifiable Assured Deletion for Outsourced Data Based on Access Right Revocation

Abstract

With the growing use of cloud storage facilities, outsourced data security becomes a major concern. However, assured deletion for outsourced data, as an important issue for users, but received less attention in academia and industry. Most of traditional deletion solutions require specific data organization forms or storage media, and are not applicable for outsourced data. Moreover, existing access control schemes for cloud which used ciphertext-policy attribute-based encryption (CPABE), focused on fine-grained access control, and completely ignored data deletion. In this paper, we aim to design an effective data deletion scheme that can be applied to any CPABE built on linear secret sharing-scheme. However, the challenge is how to maintain the traits of traditional CPABE while implementing a universal deletion method. To address this challenge, we propose a policy graph to describe relationships among users, policies, attributes, and files and introduce a new deletion concept for CPABE: when all users are unauthorized for a file, we say that the file is deleted. Then, we extend an efficient and verifiable deletion scheme on a CPABE. Specifically, we give an effective method to select key attributes and update the relevant parts of ciphertext so that all users become unauthorized. Furthermore, we verify the cipher update performed by third-party server through merkle trees. We also demonstrate its universality and prove the security under q-BDHE assumption. Finally, the performance evaluation and simulation results reveal that our solution achieves better performance compared with other schemes.