Security and privacy protection in cloud computing: Discussions and challenges

Abstract With the development of cloud computing, privacy security issues have become increasingly prominent, which is of concern to industry and academia. We review the research progress on privacy security issues from the perspective of several privacy security protection technologies in cloud computing. First, we introduce some privacy security risks of cloud computing and propose a comprehensive privacy security protection framework. Second, we show and discuss the research progress of several technologies, such as access control; ciphertext policy attribute-based encryption (CP-ABE); key policy attribute-based encryption (KP-ABE); the fine-grain, multi-authority, revocation mechanism; the trace mechanism; proxy re-encryption (PRE); hierarchical encryption; searchable encryption (SE); and multi-tenant, trust, and a combination of multiple technologies, and then compare and analyze the characteristics and application scope of typical schemes. Last, we discuss current challenges and highlight possible future research directions.

[1]  Willy Susilo,et al.  Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search , 2012, Theor. Comput. Sci..

[2]  Jiguo Li,et al.  Hierarchical attribute based encryption with continuous leakage-resilience , 2019, Inf. Sci..

[3]  Dong Hoon Lee,et al.  Anonymous HIBE with short ciphertexts: full security in prime order groups , 2013, Designs, Codes and Cryptography.

[4]  Xingming Sun,et al.  Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement , 2016, IEEE Transactions on Parallel and Distributed Systems.

[5]  Young-June Choi,et al.  Mandatory Access Control for Android Application Security , 2016 .

[6]  Yi Mu,et al.  Multi-User Verifiable Searchable Symmetric Encryption for Cloud Storage , 2020, IEEE Transactions on Dependable and Secure Computing.

[7]  Guang Gong,et al.  Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers , 2012, 2012 IEEE International Conference on Communications (ICC).

[8]  Qin Liu,et al.  A Novel Verifiable and Dynamic Fuzzy Keyword Search Scheme over Encrypted Data in Cloud Computing , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[9]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[10]  Qing Li,et al.  A Privacy-Preserving Framework for Trust-Oriented Point-of-Interest Recommendation , 2018, IEEE Access.

[11]  Hanifa Boucheneb,et al.  ITADP: An inter-tenant attack detection and prevention framework for multi-tenant SaaS , 2019, J. Inf. Secur. Appl..

[12]  Vijay Varadharajan,et al.  Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage , 2015, IEEE Transactions on Information Forensics and Security.

[13]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.

[14]  Karen Colorafi,et al.  It’s Time for Innovation in the Health Insurance Portability and Accountability Act (HIPAA) , 2016, JMIR medical informatics.

[15]  Ling Liu,et al.  Searchable Encryption for Healthcare Clouds: A Survey , 2018, IEEE Transactions on Services Computing.

[16]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[17]  Jorge Guajardo,et al.  Dynamic Searchable Symmetric Encryption with Minimal Leakage and Efficient Updates on Commodity Hardware , 2015, SAC.

[18]  Pan Jun Sun,et al.  Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and Solutions , 2019, IEEE Access.

[19]  Léo Ducas,et al.  Anonymity from Asymmetry: New Constructions for Anonymous HIBE , 2010, CT-RSA.

[20]  Dan Liu,et al.  A Survey on Secure Data Analytics in Edge Computing , 2019, IEEE Internet of Things Journal.

[21]  Xiaohui Liang,et al.  Proxy re-encryption with keyword search , 2010, Inf. Sci..

[22]  Elisa Bertino,et al.  Privacy-Preserving Enforcement of Spatially Aware RBAC , 2012, IEEE Transactions on Dependable and Secure Computing.

[23]  Haralambos Mouratidis,et al.  Assurance of Security and Privacy Requirements for Cloud Deployment Models , 2018, IEEE Transactions on Cloud Computing.

[24]  Athanasios V. Vasilakos,et al.  Security and privacy challenges in mobile cloud computing: Survey and way ahead , 2017, J. Netw. Comput. Appl..

[25]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[26]  Wenjing Lou,et al.  Searchable Symmetric Encryption with Forward Search Privacy , 2019, IEEE Transactions on Dependable and Secure Computing.

[27]  Ruixuan Li,et al.  Secure, Efficient and Fine-Grained Data Access Control Mechanism for P2P Storage Cloud , 2014, IEEE Transactions on Cloud Computing.

[28]  Zhu Han,et al.  Trust-Based Collaborative Privacy Management in Online Social Networks , 2019, IEEE Transactions on Information Forensics and Security.

[29]  Yixian Yang,et al.  Secure Data Access Control With Ciphertext Update and Computation Outsourcing in Fog Computing for Internet of Things , 2017, IEEE Access.

[30]  Ken Sakamura,et al.  A Discretionary Delegation Framework for Access Control Systems , 2016, OTM Conferences.

[31]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[32]  Elisa Bertino,et al.  Privacy Preserving Policy-Based Content Sharing in Public Clouds , 2013, IEEE Transactions on Knowledge and Data Engineering.

[33]  Dong Hoon Lee,et al.  Trapdoor security in a searchable public-key encryption scheme with a designated tester , 2010, J. Syst. Softw..

[34]  Rui Zhang,et al.  Fine-grained access control system based on fully outsourced attribute-based encryption , 2017, J. Syst. Softw..

[35]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[36]  Hui Ma,et al.  Server-Aided Fine-Grained Access Control Mechanism with Robust Revocation in Cloud Computing , 2019, IEEE Transactions on Services Computing.

[37]  Xu An Wang,et al.  Further observation on proxy re-encryption with keyword search , 2012, J. Syst. Softw..

[38]  Xiaolei Dong,et al.  White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively , 2018, IEEE Transactions on Dependable and Secure Computing.

[39]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[40]  Jia Yu,et al.  Enabling Efficient Verifiable Fuzzy Keyword Search Over Encrypted Data in Cloud Computing , 2018, IEEE Access.

[41]  Mihir Bellare,et al.  Subtleties in the Definition of IND-CCA: When and How Should Challenge Decryption Be Disallowed? , 2013, Journal of Cryptology.

[42]  Qiang Tang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[43]  Joseph K. Liu,et al.  Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data , 2015, ESORICS.

[44]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[45]  Yu-Chi Chen,et al.  SPEKS: Secure Server-Designation Public Key Encryption with Keyword Search against Keyword Guessing Attacks , 2015, Comput. J..

[46]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[47]  Bharat K. Bhargava,et al.  SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems , 2016, Comput. Secur..

[48]  Hubert Ritzdorf,et al.  Reconciling Security and Functional Requirements in Multi-tenant Clouds , 2017, SCC@AsiaCCS.

[49]  Zhen Liu,et al.  Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay , 2013, CCS.

[50]  Cong Wang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[51]  Guillaume Doyen,et al.  Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments , 2018, IEEE Transactions on Network and Service Management.

[52]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[53]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[54]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013 .

[55]  Gail-Joon Ahn,et al.  Role-Based Cryptosystem: A New Cryptographic RBAC System Based on Role-Key Hierarchy , 2013, IEEE Transactions on Information Forensics and Security.

[56]  Nora Cuppens-Boulahia,et al.  A privacy-aware access control model for distributed network monitoring , 2013, Comput. Electr. Eng..

[57]  Dijiang Huang,et al.  Attribute-based Access Control for ICN Naming Scheme , 2018, IEEE Trans. Dependable Secur. Comput..

[58]  Kaoru Kurosawa,et al.  How to Update Documents Verifiably in Searchable Symmetric Encryption , 2013, CANS.

[59]  Deqing Zou,et al.  Virtualization of the Encryption Card for Trust Access in Cloud Computing , 2017, IEEE Access.

[60]  Xiaolei Dong,et al.  Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability , 2014, ESORICS.

[61]  Yiwei Thomas Hou,et al.  Protecting Your Right: Verifiable Attribute-Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud , 2016, IEEE Transactions on Parallel and Distributed Systems.

[62]  Qiong Huang,et al.  An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks , 2017, Inf. Sci..

[63]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[64]  Xin Wang,et al.  From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services , 2015, IEEE Transactions on Services Computing.

[65]  Yaling Zhang,et al.  A Secure Cloud Storage Framework With Access Control Based on Blockchain , 2019, IEEE Access.

[66]  Maode Ma,et al.  Conjunctive Keyword Search With Designated Tester and Timing Enabled Proxy Re-Encryption Function for E-Health Clouds , 2016, IEEE Transactions on Information Forensics and Security.

[67]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[68]  Sanjam Garg,et al.  TWORAM: Efficient Oblivious RAM in Two Rounds with Applications to Searchable Encryption , 2016, CRYPTO.

[69]  Zahid Mahmood,et al.  Reputation-Aware Trust and Privacy-Preservation for Mobile Cloud Computing , 2018, IEEE Access.

[70]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[71]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[72]  Hui Cui,et al.  Server-Aided Revocable Attribute-Based Encryption Resilient to Decryption Key Exposure , 2017, CANS.

[73]  Yi Mu,et al.  Secure Fine-Grained Access Control and Data Sharing for Dynamic Groups in the Cloud , 2018, IEEE Transactions on Information Forensics and Security.

[74]  Willy Susilo,et al.  Public key encryption with keyword search secure against keyword guessing attacks without random oracle , 2013, Inf. Sci..

[75]  Carles Padró,et al.  Multi-linear Secret-Sharing Schemes , 2014, TCC.

[76]  Edgar R. Weippl,et al.  Network-Based Secret Communication in Clouds: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[77]  Rui Zhang,et al.  Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack , 2016, Science China Information Sciences.

[78]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[79]  Morteza Amini,et al.  Purpose-Based Privacy Preserving Access Control for Secure Service Provision and Composition , 2019, IEEE Transactions on Services Computing.

[80]  Zhifeng Xiao,et al.  Security and Privacy in Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[81]  RajaniKanth Aluvalu,et al.  A Survey on Access Control Models in Cloud Computing , 2015 .

[82]  Baocang Wang,et al.  Improved Proxy Re-Encryption With Delegatable Verifiability , 2020, IEEE Systems Journal.

[83]  Weixin Xie,et al.  Attribute-Based Data Sharing Scheme Revisited in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[84]  Qian Xu,et al.  Secure Multi-Authority Data Access Control Scheme in Cloud Storage System Based on Attribute-Based Signcryption , 2018, IEEE Access.

[85]  Xuemin Shen,et al.  Securing Fog Computing for Internet of Things Applications: Challenges and Solutions , 2018, IEEE Communications Surveys & Tutorials.

[86]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[87]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[88]  Guomin Yang,et al.  Efficient Fine-Grained Data Sharing Mechanism for Electronic Medical Record Systems with Mobile Devices , 2020, IEEE Transactions on Dependable and Secure Computing.

[89]  Mohammed Samaka,et al.  Security Services Using Blockchains: A State of the Art Survey , 2018, IEEE Communications Surveys & Tutorials.

[90]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[91]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[92]  Jiguo Li,et al.  Extended File Hierarchy Access Control Scheme with Attribute-Based Encryption in Cloud Computing , 2019, IEEE Transactions on Emerging Topics in Computing.

[93]  Joonsang Baek,et al.  New constructions of fuzzy identity-based encryption , 2007, ASIACCS '07.

[94]  Li Ping Hao,et al.  Research on the Cloud Computing Storage Privacy Preserving Based on MB-Tree Dynamic Access Model , 2014 .

[95]  Hua Wang,et al.  Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing , 2019, IEEE Access.

[96]  Robert H. Deng,et al.  Server-Aided Revocable Attribute-Based Encryption , 2016, ESORICS.

[97]  Zuhua Shao,et al.  Improvement of identity-based proxy multi-signature scheme , 2009, J. Syst. Softw..

[98]  Sourya Joyee De,et al.  Efficient Decentralized Attribute Based Access Control for Mobile Clouds , 2020, IEEE Transactions on Cloud Computing.

[99]  Sushmita Ruj,et al.  Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds , 2014, IEEE Transactions on Parallel and Distributed Systems.

[100]  Chengyu Hu,et al.  Public-Key Encryption With Keyword Search via Obfuscation , 2019, IEEE Access.

[101]  Josep Domingo-Ferrer,et al.  Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts , 2014, Inf. Sci..

[102]  Ravi S. Sandhu,et al.  Mandatory Content Access Control for Privacy Protection in Information Centric Networks , 2017, IEEE Transactions on Dependable and Secure Computing.

[103]  Pan Jun Sun,et al.  Research on the Tradeoff Between Privacy and Trust in Cloud Computing , 2019, IEEE Access.

[104]  Altair Olivo Santin,et al.  A $(\rm UCON_{ABC})$ Resilient Authorization Evaluation for Cloud Computing , 2014, IEEE Transactions on Parallel and Distributed Systems.

[105]  Chen Li,et al.  A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT , 2019, IEEE Access.

[106]  Raphael C.-W. Phan,et al.  Proxy Re-encryption with Keyword Search: New Definitions and Algorithms , 2010, FGIT-SecTech/DRBC.

[107]  Xiaodong Lin,et al.  Fine-grained data sharing in cloud computing for mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[108]  Hideki Imai,et al.  Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes , 2009, IMACC.

[109]  Jianqiang Li,et al.  A hybrid solution for privacy preserving medical data sharing in the cloud environment , 2015, Future Gener. Comput. Syst..

[110]  Woo-Hwan Kim,et al.  Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates , 2017, CCS.

[111]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[112]  Josep Domingo-Ferrer,et al.  Provably secure threshold public-key encryption with adaptive security and short ciphertexts , 2012, Inf. Sci..

[113]  Satyajayant Misra,et al.  Security, Privacy, and Access Control in Information-Centric Networking: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[114]  Brent Waters,et al.  Attribute-Based Encryption with Fast Decryption , 2013, Public Key Cryptography.

[115]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[116]  Xiaodong Lin,et al.  Proxy Re-encryption with Delegatable Verifiability , 2016, ACISP.

[117]  Naoto Yanai,et al.  RBAC-SC: Role-Based Access Control Using Smart Contract , 2018, IEEE Access.