A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage

Nowadays cloud servers have become the primary choice to store and share data with multiple users across the globe. The major challenge in sharing data using cloud servers is to protect data against untrusted cloud service provider and illegitimate users. Attribute-Based Encryption (ABE) has emerged as a useful cryptographic technique to securely share data with legitimate recipients in fine-grained manner. Several solutions employing ABE have been proposed to securely share data using cloud servers. However, most of the solutions are data owner-centric and focus on providing data owner complete control on his outsourced data. The existing solutions in cloud computing fail to provide shared access privileges among users and to enable cloud users to delegate their access privileges in a flexible manner. In order to simultaneously achieve the notion of fine-grained access control, scalability and to provide cloud users shared access privileges and flexibility on delegation of their access privileges, we propose a scalable attribute-based access control scheme for cloud storage. The scheme extends the ciphertext policy attribute-based encryption to achieve flexible delegation of access privileges and shared access privileges along with scalability and fine-grained access control. The scheme achieves scalability by employing hierarchical structure of users. Furthermore, we formally prove the security of our proposed scheme based on security of the ciphertext-policy attribute-based encryption. We also implement the algorithm to show its scalability and efficiency.

[1]  Kouichi Sakurai,et al.  A Traceable Signcryption Scheme for Secure Sharing of Data in Cloud Storage , 2016, 2016 IEEE International Conference on Computer and Information Technology (CIT).

[2]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2016, IEEE Transactions on Information Forensics and Security.

[3]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[4]  Hyunsoo Yoon,et al.  Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage , 2013, Comput. Electr. Eng..

[5]  Martin Gilje Jaatun,et al.  Beyond lightning: A survey on security challenges in cloud computing , 2013, Comput. Electr. Eng..

[6]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[8]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[9]  Rakesh Bobba,et al.  Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption , 2009, ESORICS.

[10]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[11]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[12]  Bertrand C. Liang Managing and leading for science professionals : (What I wish I'd known when moving up the management ladder) , 2014 .

[13]  Jie Wu,et al.  Achieving fine‐grained access control for secure data sharing on cloud servers , 2011, Concurr. Comput. Pract. Exp..

[14]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[15]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[16]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[17]  Chris Reed,et al.  A logic of delegation , 2010, Artif. Intell..

[18]  Chris Reed,et al.  Group delegation and responsibility , 2002, AAMAS '02.

[19]  Kouichi Sakurai,et al.  An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing , 2016, 2016 11th Asia Joint Conference on Information Security (AsiaJCIS).

[20]  Hong Wen,et al.  A Modified Hierarchical Attribute-Based Encryption Access Control Method for Mobile Cloud Computing , 2019, IEEE Transactions on Cloud Computing.

[21]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[22]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[23]  Sanjit Chatterjee,et al.  Identity-based encryption , 2014 .

[24]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[25]  Stephen Cahoon,et al.  The Role and Value of Collaboration in the Logistics Industry: An Empirical Study in Australia , 2016 .

[26]  Lin Ma,et al.  An integrated platform of collaborative project management and silicon intellectual property management for IC design industry , 2009, Inf. Sci..

[27]  Yang Xiang,et al.  Attribute-Based Access Control with Constant-Size Ciphertext in Cloud Computing , 2017, IEEE Transactions on Cloud Computing.

[28]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[29]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[30]  Kouichi Sakurai,et al.  A scalable attribute-set-based access control with both sharing and full-fledged delegation of access privileges in cloud computing , 2017, Comput. Electr. Eng..

[31]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.