Efficient attribute-based encryption with attribute revocation for assured data deletion
Cloud storage allows customers to store their data on remote cloud servers. With the advantage of reducing the burden of data management and storage, an increasing number of users prefer to store their data on the cloud. While secure data deletion is a crucial, it is a challenging issue in cloud storage. Logically deleted data may be easily exposed to un-authorized users in the cloud storage scenario thanks to its salient features such as multi-tenancy, virtualization and elasticity. Moreover, cloud servers might not delete customers' data as instructed for hidden business interest. Hence, assured deletion is highly sought after. It helps preserve cloud users' data privacy and is a necessary component of data retention regulations in cloud storage. In this paper, we first investigate the goals of assured data deletion and formalize its security model.Then, we propose a key-policy attribute-based encryption scheme for assured deletion (AD-KP-ABE) of cloud data. Our construction makes use of the attribute revocation cryptographic primitive and Merkle Hash Tree to achieve fine-grained access control and verifiable data deletion. The proposed AD-KP-ABE enjoys desirable properties such as no secret key update, partial ciphertext update and assured data deletion. The detailed security proof and implementation results demonstrate the security and practicality of our proposal.