As cloud servers provide on-demand and on-line storage services, it is possible for mobile users to work any-time and any-where by using hand-held smart devices. Mobile users upload working documents into cloud servers and other users can cooperatively read and edit them. Cloud servers are usually assumed untrustworthy, thus uploaded files have to be encrypted for confidentiality. It thus arises a security problem for key management, e.g., key distributing, updating and revoking. In mobile cloud computing context, key management must be lightweight in terms of power consumption and flexible, because devices have energy constraints, as well as users and files dynamically changes. In this paper, we propose a lightweight and flexible scheme, called LIFE, for key management in mobile cloud computing without relying on any trusted third party. LIFE provides a uniform key management framework for both pairwise keys and group keys by making use of Chinese remainder theorem. LIFE can implicitly update or revoke group keys, which extra protects the privacy of group membership. In addition, LIFE can also guarantee forward and backward secrecy. The security and performance of LIFE are analysed extensively, which justifies its applicability.
Read full abstract