Discretionary decryption control for cloud computing services

Yi Chang Hsu, Jing Jang Hwang*

*Corresponding author for this work

Research output: Contribution to journalJournal Article peer-review

1 Scopus citations

Abstract

Decryption control is an essential task for cloud computing services where data stored in the cloud are encrypted for strong privacy protection. This paper presents a method for decryption control The method is discretionary in the sense that authorizations for decrypting a record in cipher can be granted or revoked at the discretion of its owner. For a decryption authorization, the decryption key for the decryption computation is split into two parts, where die first part is called a right-to-decrypt code and is like a password chosen by the authorized person while the second part is called a partial substitute key and is stored in the cloud. Deleting a partial substitute key from the cloud storage revokes the corresponding audiorization. The method provides flexibility in authorization management; furthermore, it strengthens privacy protection by replacing a single decryption key with two split parts. A recovery computation is performed to reclaim the decryption key, followed by validation against a hash value of the decryption key.

Original languageEnglish
Pages (from-to)5537-5551
Number of pages15
JournalInformation (Japan)
Volume16
Issue number8 A
StatePublished - 08 2013

Keywords

  • Authorization management
  • Cryptographic-key splitting
  • Decryption authorization
  • Discretionary access control
  • Galois finite field
  • Personal health record

Fingerprint

Dive into the research topics of 'Discretionary decryption control for cloud computing services'. Together they form a unique fingerprint.

Cite this