An Attribute-Based Controlled Collaborative Access Control Scheme for Public Cloud Storage

In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners’ trusted domain. To prevent untrustworthy service providers from accessing data owners’ sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.

[1]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[2]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[3]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[4]  Xiaodong Lin,et al.  Fine-grained data sharing in cloud computing for mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[5]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[6]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[7]  Lein Harn,et al.  Weighted Secret Sharing Based on the Chinese Remainder Theorem , 2014, Int. J. Netw. Secur..

[8]  Hao Yue,et al.  RAAC: Robust and Auditable Access Control With Multiple Attribute Authorities for Public Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[9]  Li Xu,et al.  GO-ABE: Group-Oriented Attribute-Based Encryption , 2014, NSS.

[10]  Sotiris Ioannidis,et al.  SAMPAC: Socially-Aware collaborative Multi-Party Access Control , 2017, CODASPY.

[11]  R. Kalaiselvi,et al.  SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN CLOUD COMPUTING , 2016 .

[12]  Brent Waters,et al.  Online/Offline Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..

[13]  Nenghai Yu,et al.  TAFC: Time and Attribute Factors Combined Access Control for Time-Sensitive Data in Public Cloud , 2020, IEEE Transactions on Services Computing.

[14]  Tamir Tassa Hierarchical Threshold Secret Sharing , 2004, TCC.

[15]  Barbara Carminati,et al.  Privacy-Aware Collaborative Access Control in Web-Based Social Networks , 2008, DBSec.

[16]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[17]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[18]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[19]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[20]  Jian Weng,et al.  Privacy-Preserving Indexing and Query Processing for Secure Dynamic Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[21]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[22]  Nenghai Yu,et al.  CABE: A New Comparable Attribute-Based Encryption Construction with 0-Encoding and 1-Encoding , 2017, IEEE Transactions on Computers.

[23]  M V Patil,et al.  HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING , 2006 .

[24]  Gregorio Martínez Pérez,et al.  SecRBAC: Secure data in the Clouds , 2017, IEEE Transactions on Services Computing.

[25]  Jiguo Yu,et al.  A Secure and Verifiable Access Control Scheme for Big Data Storage in Clouds , 2018, IEEE Transactions on Big Data.

[26]  Sheng-Cheng Yeh,et al.  An efficient and secure approach for a cloud collaborative editing , 2013, J. Netw. Comput. Appl..

[27]  Robert H. Deng,et al.  Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks , 2013, IEEE Transactions on Multimedia.

[28]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[29]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[30]  Peilin Hong,et al.  A Dynamic Secure Group Sharing Framework in Public Cloud Computing , 2014, IEEE Transactions on Cloud Computing.

[31]  Wei Li,et al.  TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage , 2016, IEEE Transactions on Parallel and Distributed Systems.

[32]  Kaiping Xue,et al.  Combining Data Owner-Side and Cloud-Side Access Control for Encrypted Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[33]  Rakesh Bobba,et al.  Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption , 2009, ESORICS.

[34]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.