Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing

Cloud computing is an emerging data interactive paradigm to realize users' data remotely stored in an online cloud server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to realize that a user's privative data cannot be illegally accessed, but neglect a subtle privacy issue during a user challenging the cloud server to request other users for data sharing. The challenged access request itself may reveal the user's privacy no matter whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access its own data fields; 3) proxy re-encryption is applied to provide data sharing among the multiple users. Meanwhile, universal composability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the proposed protocol is attractive for multi-user collaborative cloud applications.

[1]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[2]  Yang Wang,et al.  On-Demand Security Architecture for Cloud Computing , 2012, Computer.

[3]  Minglu Li,et al.  Towards Secure Multi-Keyword Top-k Retrieval over Encrypted Cloud Data ∗ , 2013 .

[4]  Kai Hwang,et al.  Collusive Piracy Prevention in P2P Content Delivery Networks , 2009, IEEE Transactions on Computers.

[5]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[6]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.

[7]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[8]  Dr Tirumala Rao,et al.  Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud , 2017 .

[9]  Andrés Marín López,et al.  Enhancing privacy and dynamic federation in IdM for consumer cloud computing , 2012, IEEE Transactions on Consumer Electronics.

[10]  Jan Camenisch,et al.  Oblivious Transfer with Hidden Access Control from Attribute-Based Encryption , 2012, SCN.

[11]  Elisa Bertino,et al.  Privacy Preserving Policy-Based Content Sharing in Public Clouds , 2013, IEEE Transactions on Knowledge and Data Engineering.

[12]  M. Anwar Hasan,et al.  Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[13]  Ki-Woong Park,et al.  THEMIS: A Mutually Verifiable Billing System for the Cloud Computing Environment , 2013, IEEE Transactions on Services Computing.

[14]  Sushmita Ruj,et al.  Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds , 2014, IEEE Transactions on Parallel and Distributed Systems.

[15]  Elisa Bertino,et al.  A privacy-preserving approach to policy-based content dissemination , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[16]  Nāgārjuna,et al.  A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding , 2014 .

[17]  Kai Hwang,et al.  Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[18]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2006, IEEE Trans. Dependable Secur. Comput..

[19]  Rubén S. Montero,et al.  Key Challenges in Cloud Computing: Enabling the Future Internet of Services , 2013, IEEE Internet Computing.

[20]  Yang Tang,et al.  Secure Overlay Cloud Storage with Access Control and Assured Deletion , 2012, IEEE Transactions on Dependable and Secure Computing.

[21]  Ja-Ling Wu,et al.  A Novel Privacy Preserving Location-Based Service Protocol With Secret Circular Shift for K-NN Search , 2013, IEEE Transactions on Information Forensics and Security.

[22]  Akbar Ghaffarpour Rahbar,et al.  PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing , 2007, IEEE Transactions on Parallel and Distributed Systems.

[23]  John W. Rittinghouse,et al.  Cloud Computing: Implementation, Management, and Security , 2009 .

[24]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[26]  Nenghai Yu,et al.  A Privacy-Preserving Remote Data Integrity Checking Protocol with Data Dynamics and Public Verifiability , 2011, IEEE Transactions on Knowledge and Data Engineering.

[27]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[28]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[29]  Chuang Lin,et al.  An Efficient Privacy-Preserving Publish-Subscribe Service Scheme for Cloud Computing , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[30]  Cong Wang,et al.  Toward Secure and Dependable Storage Services in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[31]  Arjan Durresi,et al.  Cloud computing: networking and communication challenges , 2012, IEEE Commun. Mag..

[32]  A. Muthukumaravel,et al.  Ensuring Distributed Accountability for Data Sharing in Cloud , 2014 .

[33]  Kai Hwang,et al.  Trusted Cloud Computing with Secure Resources and Data Coloring , 2010, IEEE Internet Computing.

[34]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[35]  Elisa Bertino,et al.  Poster: towards attribute based group key management , 2011, CCS '11.

[36]  Shanshan Song,et al.  Trusted P2P transactions with fuzzy reputation aggregation , 2005, IEEE Internet Computing.

[37]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[38]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[39]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[40]  Gail-Joon Ahn,et al.  Towards temporal access control in cloud computing , 2012, 2012 Proceedings IEEE INFOCOM.

[41]  Yuqing Zhang,et al.  Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud , 2013, IEEE Transactions on Parallel and Distributed Systems.

[42]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[43]  Gail-Joon Ahn,et al.  Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage , 2012, IEEE Transactions on Parallel and Distributed Systems.

[44]  Larry A. Dunning,et al.  Privacy Preserving Data Sharing With Anonymous ID Assignment , 2013, IEEE Transactions on Information Forensics and Security.

[45]  Huaqun Wang,et al.  Proxy Provable Data Possession in Public Clouds , 2013, IEEE Transactions on Services Computing.

[46]  Slawomir Grzonkowski,et al.  Sharing cloud services: user authentication for social enhancement of home networking , 2011, IEEE Transactions on Consumer Electronics.

[47]  K. Sankar,et al.  On-Demand Security Architecture for Cloud Computing , 2014 .

[48]  Minglu Li,et al.  Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data , 2013, IEEE Transactions on Dependable and Secure Computing.