Oblivious access control policies for cloud based data sharing systems

Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

[1]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[2]  Avishai Wool,et al.  CRUST: Cryptographic Remote Untrusted Storage without Public Keys , 2007, IEEE Security in Storage Workshop.

[3]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[4]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[5]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[6]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[7]  Pascal Paillier,et al.  Trapdooring Discrete Logarithms on Elliptic Curves over Rings , 2000, ASIACRYPT.

[8]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[9]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[10]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[11]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[12]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[13]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[14]  E. Kushilevitz Foundations of Cryptography Foundations of Cryptography , 2014 .

[15]  John Zic,et al.  TrustStore: Making Amazon S3 Trustworthy with Services Composition , 2010, 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing.

[16]  Lakshmi Sobhana Kalli,et al.  Market-Oriented Cloud Computing : Vision , Hype , and Reality for Delivering IT Services as Computing , 2013 .

[17]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[18]  Rajkumar Buyya,et al.  Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[19]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[20]  Charalampos Papamanthou,et al.  CS2: A Searchable Cryptographic Cloud Storage System , 2011 .

[21]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[22]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[23]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[24]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[25]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[27]  Ling Liu,et al.  Sharoes: A Data Sharing Platform for Outsourced Enterprise Storage Environments , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[28]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2006, IEEE Trans. Dependable Secur. Comput..

[29]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[30]  Matthew Green,et al.  Access controls for oblivious and anonymous systems , 2011, TSEC.

[31]  Yuguang Fang,et al.  A Privacy-Preserving Scheme for Online Social Networks with Efficient Revocation , 2010, 2010 Proceedings IEEE INFOCOM.

[32]  K. Gopinath,et al.  G_{its}^2 VSR: An Information Theoretical Secure Verifiable Secret Redistribution Protocol for Long-term Archival Storage , 2007 .

[33]  Yang Tang,et al.  FADE: Secure Overlay Cloud Storage with File Assured Deletion , 2010, SecureComm.

[34]  Tim Polk,et al.  Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates , 1999 .