LABAC: A Location-Aware Attribute-Based Access Control Scheme for Cloud Storage

Data access control is a challenging issue in cloud storage. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a potential cryptographic technique to address the above issue, which is able to enforce data access control based on users' permanent characteristics. However, in some scenarios, access policies are associated with users' temporary conditions (such as access time and location) as well as their permanent ones. CP-ABE cannot deal with such situations commendably. In this paper, we focus on the scenario where users' access privilege is determined by their attributes, together with their locations. To cope with this data access control requirement, we propose a location-aware attribute-based access control mechanism (LABAC) for cloud. In LABAC, we uniquely integrate CP-ABE with location trapdoors to make up access policies. In this way, data owners can flexibly combine both users' attributes and locations to implement a fine-grained control of their data. A competitive advantage of LABAC is that it requires no any additional revocation mechanisms to revoke location-aware access privilege when user location changes. Security and performance analysis are presented which show the security and efficiency of LABAC for practical implementations.

[1]  Dijiang Huang,et al.  Enabling secure location-based services in mobile cloud computing , 2013, MCC '13.

[2]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.

[3]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[4]  Sourya Joyee De,et al.  Decentralized Access Control on Data in the Cloud with Fast Encryption and Outsourced Decryption , 2014, GLOBECOM 2014.

[5]  Ya Wang,et al.  Cloud Storage as the Infrastructure of Cloud Computing , 2010, 2010 International Conference on Intelligent Computing and Cognitive Informatics.

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[8]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[9]  Claudio Soriente,et al.  Enforcing Location and Time-Based Access Control on Cloud-Stored Data , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[10]  Ramadan Abdunabi,et al.  Specification, Validation, and Enforcement of a Generalized Spatio-Temporal Role-Based Access Control Model , 2013, IEEE Systems Journal.

[11]  Xiaodong Lin,et al.  Fine-grained data sharing in cloud computing for mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[12]  Haojin Zhu,et al.  All your location are belong to us: breaking mobile social networks for automated user location tracking , 2013, MobiHoc '14.

[13]  Xiaodong Lin,et al.  FINE: A fine-grained privacy-preserving location-based service framework for mobile devices , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[14]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[15]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.