Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption

Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie-Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.

[1]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[2]  S. Katzenbeisser,et al.  ON MULTI-AUTHORITY CIPHERTEXT-POLICY ATTRIBUTE-BASED ENCRYPTION , 2009 .

[3]  Cong Wang,et al.  Secure and practical outsourcing of linear programming in cloud computing , 2011, 2011 Proceedings IEEE INFOCOM.

[4]  Wenjing Lou,et al.  Attribute-based content distribution with hidden policy , 2008, 2008 4th Workshop on Secure Network Protocols.

[5]  Wen-Guey Tzeng Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters , 2004, IEEE Trans. Computers.

[6]  Cong Wang,et al.  Secure Ranked Keyword Search over Encrypted Cloud Data , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[7]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[8]  Taeho Jung,et al.  Search me if you can: Privacy-preserving location query service , 2012, 2013 Proceedings IEEE INFOCOM.

[9]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[10]  Xiangyang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2017, IEEE Transactions on Information Forensics and Security.

[11]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[12]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[13]  Yunhao Liu,et al.  Verifiable private multi-party computation: Ranging and ranking , 2013, 2013 Proceedings IEEE INFOCOM.

[14]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[15]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[16]  Shaojie Tang,et al.  Privacy-preserving data aggregation without secure channel: Multivariate polynomial evaluation , 2013, 2013 Proceedings IEEE INFOCOM.

[17]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[18]  CaoZhenfu,et al.  Secure threshold multi authority attribute based encryption without a central authority , 2008, Inf. Sci..

[19]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2015, IEEE Trans. Inf. Forensics Secur..

[20]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[21]  Muttukrishnan Rajarajan,et al.  Low Complexity Multi-authority Attribute Based Encryption Scheme for Mobile Cloud Computing , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[22]  Brent Waters,et al.  Attribute-Based Encryption with Fast Decryption , 2013, Public Key Cryptography.

[23]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[24]  Yunhao Liu,et al.  Rumor Riding: Anonymizing Unstructured Peer-to-Peer Systems , 2006, IEEE Transactions on Parallel and Distributed Systems.

[25]  Jin Li,et al.  Anonymous attribute-based encryption supporting efficient decryption test , 2013, ASIA CCS '13.

[26]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[27]  Rainer Steinwandt,et al.  Multi-authority attribute-based encryption with honest-but-curious central authority , 2012, Int. J. Comput. Math..

[28]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[29]  Wei Ren,et al.  Efficient user revocation for privacy-aware PKI , 2008, QShine '08.

[30]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[31]  Ming Gu,et al.  Hierarchical Attribute-Set Based Encryption for Scalable, Flexible and Fine-Grained Access Control in Cloud Computing , 2011, ISPEC.

[32]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[33]  Sean W. Smith,et al.  Attribute-Based Publishing with Hidden Credentials and Hidden Policies , 2007, NDSS.

[34]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[35]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[36]  Xiang-Yang Li,et al.  Collusion-Tolerable Privacy-Preserving Sum and Product Calculation without Secure Channel , 2015, IEEE Transactions on Dependable and Secure Computing.

[37]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[38]  Junbeom Hur,et al.  Attribute-Based Secure Data Sharing with Hidden Policies in Smart Grid , 2013, IEEE Transactions on Parallel and Distributed Systems.

[39]  Yunhao Liu,et al.  Message in a Sealed Bottle: Privacy Preserving Friending in Social Networks , 2012, 2013 IEEE 33rd International Conference on Distributed Computing Systems.