Role based access control using identity and broadcast based encryption for securing cloud data
Tóm tắt
Since integrity of data on cloud cannot be assured, several clients and users hesitate to upload their crucial data to the cloud, which eventually hinders cloud storage development. One of the biggest challenges with respect to cloud security is to ensure data confidentiality and one of the solutions to this issue can be by restricting unauthorized access to user data stored on cloud. In due course of time much research has been proposed using cryptographic techniques along with access control model(s) to deal with security issues pertaining to untrusted cloud environments. This work illustrates Role-Based access control policies over user data and permits the owner of the data to store it in an encrypted pattern to the cloud, thereby, allowing only permissible roles to access the data. Hence, the proposed work is an amalgamation of Role-Based Encryption (RBE) scheme using Identity and Broadcast based Encryption scheme to ensure data integrity in public clouds. In this paper we discuss the usage of several algorithmic modules that demonstrates how roles are governed by the membership rights, user revocation, encryption and decryption processes. Finally, the proposed model is compared with its peers on the basis of encryption and decryption time.
Tài liệu tham khảo
Liu, Z., Chen Yang, J., et al.: New order preserving encryption model for outsourced databases in cloud environments. J. Netw. Comput. Appl. 59, 198–207 (2016)
Xu, J., Wei, L., Zhang, Y., et al.: Dynamic fully homomorphic encryption-based Merkle tree for lightweight streaming authenticated data structures. J. Netw. Comput. Appl. 107, 113–124 (2018)
Liu, Z., Huang, Y., et al.: DivORAM: towards a practical oblivious RAM with variable block size. Inf. Sci. 447, 1–11 (2018)
Liu, Z., Li, B., Huang, Y., et al.: NewMCOS: towards a practical multi-cloud oblivious storage scheme. IEEE Trans. Knowl. Data Eng. (2019). https://doi.org/10.1109/TKDE.2019.2891581
Yue, X., Chen, B., Wang, X., et al.: An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures. IEEE Access 6, 62584–62600 (2018)
Meyers, C.: https://lacework.com/top-cloud-breaches/ (2019)
Sakai, R., Furukawa, J.: Identity-based broadcast encryption. IACR Cryptol. ePrint Arch. 2007, 217 (2007)
Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 200–215. Springer, Berlin (2007)
Zhu, Y., Hu, H.X., Ahn, G.J., Wang, H.X., Wang, S.B.: Provably secure role-based encryption with revocation mechanism. J. Comput. Sci. Technol. 26(4), 697–710 (2011)
Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role-based access control for secure data storage in the cloud. Comput. J. 54(10), 1675–1687 (2011)
Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. (TOCS) 1(3), 239–248 (1983)
Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(3), 1–43 (2009)
Hassen, H.R., Bouabdallah, A., Bettahar, H., Challal, Y.: Key management for content access control in a hierarchy. Comput. Netw. 51(11), 3197–3219 (2007)
Di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 123–134 (2007)
Blundo, C., Cimato, S., di Vimercati, S.D.C., De Santis, A., Foresti, S., Paraboschi, S., Samarati, P.: Efficient key management for enforcing access control in outsourced scenarios. In: IFIP International Information Security Conference, pp. 364–375. Springer, Berlin (2009)
Samarati, P., Di Vimercati, S.D.C.: Data protection in outsourcing scenarios: issues and directions. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 1–14 (2010)
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 548–566. Springer, Berlin (2002)
Boneh, D., Boyen, X., Goh, E.J.: Hierarchical identity based encryption with constant size ciphertext. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 440–456. Springer, Berlin (2005)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Springer, Berlin (2005)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, pp. 1–9. IEEE (2010)
Zhu, Y., Ma, D., Hu, C.J., Huang, D.: How to use attribute-based encryption to implement role-based access control in the cloud. In: Proceedings of the 2013 International Workshop on Security in Cloud Computing, pp. 33–40 (2013)
Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: securing remote untrusted storage. In: NDSS, vol. 3, pp. 131–145 (2003).
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 1–30 (2006)
Xu, J., Yu, Y., Meng, Q., Wu, Q., Zhou, F.: Role-based access control model for cloud storage using identity-based cryptosystem. Mob. Netw. Appl. (2020). https://doi.org/10.1007/s11036-019-01484-4