Lightweight key management on sensitive data in the cloud

As cloud servers may not be trusted, sensitive data have to be transmitted and stored in an encrypted form. Major challenges for users are from the management (storage, update, protection, backup, and recoverability) of keys that can help users to decrypt authorized data available on the servers. In this paper, we propose a versatile approach for extremely lightweight key management, which is one of the most basic security tasks in cloud systems. In the multiple data owners scenario, each user only needs to manage a single key by our approach. With the help of the single key and a set of public information stored on the server, users can decrypt all authorized data from different data owners. Specifically, our paper proposes a novel access control model, proves the correctness and security, and analyzes the complexity of the model. Experimental results show that our approach significantly outperforms the single-layer derivation encryption and double-layer derivation encryption on the lightweight performance. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Yonggang Wen,et al.  Towards end-to-end secure content storage and delivery with public cloud , 2012, CODASPY '12.

[2]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[3]  Yang Tang,et al.  Secure Overlay Cloud Storage with Access Control and Assured Deletion , 2012, IEEE Transactions on Dependable and Secure Computing.

[4]  Gail-Joon Ahn,et al.  Comparison-based encryption for fine-grained access control in clouds , 2012, CODASPY '12.

[5]  James Cheney,et al.  Consistency and repair for XML write-access control policies , 2012, The VLDB Journal.

[6]  Alysson Neves Bessani,et al.  DepSky: dependable and secure storage in a cloud-of-clouds , 2011, EuroSys '11.

[7]  Mudhakar Srivatsa,et al.  Search-as-a-service: Outsourced search over outsourced storage , 2009, TWEB.

[8]  Kevin R. B. Butler,et al.  Towards secure provenance-based access control in cloud environments , 2013, CODASPY.

[9]  Sushil Jajodia,et al.  Selective Data Encryption in Outsourced Dynamic Environments , 2007, Electron. Notes Theor. Comput. Sci..

[10]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[11]  Xinwen Zhang,et al.  CL-PRE: a certificateless proxy re-encryption scheme for secure data sharing with public cloud , 2012, ASIACCS '12.

[12]  Walid G. Aref,et al.  Supporting views in data stream management systems , 2010, TODS.

[13]  Anh-Tuan Hoang,et al.  Intra-masking dual-rail memory on LUT implementation for tamper-resistant AES on FPGA , 2012, FPGA '12.

[14]  Sushil Jajodia,et al.  A data outsourcing architecture combining cryptography and access control , 2007, CSAW '07.

[15]  Selim G. Akl,et al.  Enhancing identity trust in cryptographic key management systems for dynamic environments , 2011, Secur. Commun. Networks.

[16]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[17]  Ling Liu,et al.  Sharoes: A Data Sharing Platform for Outsourced Enterprise Storage Environments , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[18]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..