Attribute-Based Data Transfer with Filtering Scheme in Cloud Computing

Data transfer is a transmission of data over a point-to-point or point-to-multipoint communication channel. To protect the confidentiality of the transferred data, public-key cryptography has been introduced in data transfer schemes (DTSs). Data transfer is a transmission of data over a point-to-point or point-to-multipoint communication channel. To protect the confidentiality of the transferred data, public-key cryptography has been introduced in data transfer schemes (DTSs). Unfortunately, there exist some drawbacks in the current DTSs. First, the sender must know who the real receivers are. This is undesirable in a system where the number of the users is very large, such as cloud computing. In practice, the sender only knows some descriptive attributes of the receivers. Secondly, the receiver cannot be guaranteed to only receive messages from the legal senders. Therefore, it remains an elusive and challenging research problem on how to design a DTS scheme where the sender can send messages to the unknown receivers and the receiver can filter out false messages according to the described attributes. In this paper, we propose an attribute-based data transfer with filtering (ABDTF) scheme to address these problems. In our proposed scheme, the receiver can publish an access structure so that only the users whose attributes satisfy this access structure can send messages to him. Furthermore, the sender can encrypt a message under a set of attributes such that only the users who hold these attributes can obtain the message. In particular, we provide an efficient filtering algorithm for the receiver to resist the denial-of-service attacks. Notably, we propose the formal definition and security models for ABDTF schemes. To the best of our knowledge, it is the first time that a provable ABDTF scheme is proposed. Hence, this work provides a new research approach to ABDTF schemes. must know who are the real receivers. This is undesirable in a system where the number of the users is very large, such as cloud computing. In practice, the sender only knows some descriptive attributes of the receivers. Second, the receiver cannot be guaranteed to only receive messages from the legal senders. Therefore, it remains an elusive and challenging research problem on how to design a DTS scheme where the sender can send messages to the unknown receivers and the receiver can filter out false messages according to the described attributes. In this paper, we propose an attribute-based data transfer with filtering (ABDTF) scheme to address these problems. In our proposed scheme, the receiver can publish an access structure so that only the users whose attributes satisfy this access structure can send messages to him. Furthermore, the sender can encrypt a message under a set of attributes such that only the users who hold these attributes can obtain the message. In particular, we provide an efficient filtering algorithm for the receiver to resist the denial-of-service (DoS) attacks. Notably, we propose the formal definition and security models for ABDTF schemes. To the best of our knowledge, it is the first time that a provable ABDTF scheme is proposed. Hence, this work provides a new research approach to ABDTF schemes.

[1]  Yuguang Fang,et al.  Location-based compromise-tolerant security mechanisms for wireless sensor networks , 2006, IEEE Journal on Selected Areas in Communications.

[2]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[4]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[6]  YanJun,et al.  Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption , 2012 .

[7]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[8]  Yu Hua,et al.  BR-Tree: A Scalable Prototype for Supporting Multiple Queries of Multidimensional Data , 2009, IEEE Transactions on Computers.

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[10]  Warren D. Little An Algorithm for High-Speed Digital Filters , 1974, IEEE Transactions on Computers.

[11]  C. Q. Lee,et al.  The Computer Journal , 1958, Nature.

[12]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Gurpreet Dhillon,et al.  Interpreting Deep Structures of Information Systems Security , 2012, Comput. J..

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[17]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[18]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[19]  C. K. Yuen On Little's Digital Filtering Algorithm , 1977, IEEE Transactions on Computers.

[20]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[21]  Atul Prakash,et al.  Support for the file system security requirements of computational E-mail systems , 1994, CCS '94.

[22]  Javier Herranz,et al.  Constant Size Ciphertexts in Threshold Attribute-Based Encryption , 2010, Public Key Cryptography.

[23]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[24]  Georgios Loukas,et al.  Protection Against Denial of Service Attacks: A Survey , 2010, Comput. J..

[25]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[26]  Robert H. Deng,et al.  Securing data transfer in asynchronous transfer mode networks , 1995, Proceedings of GLOBECOM '95.

[27]  Himanshu Khurana,et al.  SELS: a secure e-mail list service , 2005, SAC '05.

[28]  William A. Arbaugh,et al.  Toward resilient security in wireless sensor networks , 2005, MobiHoc '05.

[29]  Xiaohui Liang,et al.  BECAN: A Bandwidth-Efficient Cooperative Authentication Scheme for Filtering Injected False Data in Wireless Sensor Networks , 2012, IEEE Transactions on Parallel and Distributed Systems.

[30]  Yong Guan,et al.  A Dynamic En-route Filtering Scheme for Data Reporting in Wireless Sensor Networks , 2010, IEEE/ACM Transactions on Networking.

[31]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2011 .

[32]  Marco Casassa Mont,et al.  The HP time vault service: exploiting IBE for timed release of confidential information , 2003, WWW '03.

[33]  Michael Mitzenmacher,et al.  Compressed bloom filters , 2001, PODC '01.

[34]  Hideki Imai,et al.  Dual-Policy Attribute Based Encryption , 2009, ACNS.

[35]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[36]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[37]  Ahmad R. Sharafat,et al.  A Framework for the Analysis of Denial of Service Attacks , 2004, Comput. J..

[38]  Yi Mu,et al.  Attribute-Based Oblivious Access Control , 2012, Comput. J..

[39]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[40]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[41]  Wenjing Lou,et al.  LEDS: Providing Location-Aware End-to-End Data Security in Wireless Sensor Networks , 2008, IEEE Trans. Mob. Comput..

[42]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[43]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[44]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[45]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.