One enhanced secure access scheme for outsourced data

Abstract The popularity of apps makes smartphones rapidly become the most widespread form of communication. Due to the impact of resource constraints on mobile phones, users prefer to outsource data from the local device to the cloud. Access control of outsourced data drives the research for protecting sensitive data from all the possibly malicious software access or cloud service provider misbehavior. The unexpected attacks from the local device or the cloud trying to breach the data access policy imposed by data owners have resulted in inadequate access control solutions. Therefore, this paper proposes one access control scheme for Android devices to avoid authentication bypass attacks from both sides. Attribute-Based encryption is used to design one app-level fine-grained data access for data confidentiality on the local side. Further, Trusted Execution Environment is employed as a trusted computing environment that provides essential security services to protect encrypted data from unwanted access by cloud service providers or unauthorized apps from the local side. Finally, a prototype system is implemented, and the performance is evaluated on the various operations used in the scheme. The experimental results show that the enhanced secure access model is flexible, efficient, and secure for outsourcing data to the cloud.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[3]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[4]  Xiaolei Dong,et al.  White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively , 2018, IEEE Transactions on Dependable and Secure Computing.

[5]  Xiaodong Lin,et al.  One secure data integrity verification scheme for cloud storage , 2019, Future Gener. Comput. Syst..

[6]  Bo Lang,et al.  Achieving Flexible and Self-Contained Data Protection in Cloud Computing , 2017, IEEE Access.

[7]  Fu-Kuo Tseng,et al.  A Privacy-Preserving Encoding for Efficient Comparison Queries and Access Control from Predicate Encryption , 2014, ICS.

[8]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[9]  Javier Herranz,et al.  Constant Size Ciphertexts in Threshold Attribute-Based Encryption , 2010, Public Key Cryptography.

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[12]  N. Asokan,et al.  Open-TEE -- An Open Virtual Trusted Execution Environment , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[13]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2009, Int. J. Appl. Cryptogr..

[14]  Gang Tan,et al.  Fine-grained access control based on Trusted Execution Environment , 2020, Future Gener. Comput. Syst..

[15]  Hao Yue,et al.  RAAC: Robust and Auditable Access Control With Multiple Attribute Authorities for Public Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[16]  Mingwu Zhang,et al.  On the Soundness and Security of Privacy-Preserving SVM for Outsourcing Data Classification , 2018, IEEE Transactions on Dependable and Secure Computing.

[17]  Fugeng Zeng,et al.  Attribute-based encryption with hidden threshold access structure , 2017 .

[18]  Devesh C. Jinwala,et al.  A Secure Communication Model for Expressive Access Control Using CP-ABE , 2017, Int. J. Netw. Secur..

[19]  Jian Shen,et al.  Key-policy attribute-based encryption against continual auxiliary input leakage , 2019, Inf. Sci..

[20]  Devesh C. Jinwala,et al.  A Novel Approach for Searchable CP-ABE with Hidden Ciphertext-Policy , 2014, ICISS.

[21]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[22]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[23]  Zhibin Zhou,et al.  On efficient ciphertext-policy attribute based encryption and broadcast encryption: extended abstract , 2010, CCS '10.

[24]  Jian Shen,et al.  User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage , 2018, IEEE Systems Journal.

[25]  D. Sharmila,et al.  Fortified and Revocable Access Control for Multi- Authority Cloud Storage using CPABE , 2018 .