Oblivious user management for cloud-based data synchronization

One of the main issues with data sharing in cloud environment is to manage user access and its auto revocation in a controlled and flexible way. The issue becomes more complex when privacy on user access has to be ensured as well to hide additional leakage of information. For automatic revocation over cloud data, access can be bounded within certain anticipated time limit so that the access expires beyond effective time period. This time-oriented approach is more rigid and not a one-size-fits-all solution. In certain circumstances, exact time anticipation is not an easy choice. Instead, the alternate solution could be task oriented to restrict user beyond certain number of permissible attempts to access the data. We have proposed oblivious user management (OUM) in which a user can have access on cloud data for certain number of attempts without imposing any time restriction. For user authorization and her subsequent revocation, owner will perform one time setup activity and that is same for all users. The model also alleviates the burden of managing different access parameters at user end with each request as she will always use the same parameter for all valid attempts. Our approach also conceals the privacy of user attempts throughout the communication. Hiding this information helps to avoid distinguishing importance of particular user that has more authorization over others. Evaluation results have proved that OUM hides $$(N-1)$$(N-1) number of permissible attempts until $$N\mathrm{th}$$Nth request arrives at Cloud Storage. The Performance analysis conducted on Google App Engine revealed that the cost of operations performed in OUM is within the range of 0.097–0.278 $ per 1,000 requests.

[1]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[2]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[3]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[4]  Martin Weller,et al.  Big and little OER , 2010 .

[5]  Jon Crowcroft,et al.  Ticket based service access for the mobile user , 1997, MobiCom '97.

[6]  Wenbo Mao Timed-Release Cryptography , 2001, Selected Areas in Cryptography.

[7]  Sungyoung Lee,et al.  Privacy-aware searching with oblivious term matching for cloud storage , 2012, The Journal of Supercomputing.

[8]  V. Sugavanan,et al.  High Performance Grid Computing and Security through Load Balancing , 2009, 2009 International Conference on Computer Engineering and Technology.

[9]  S. Singhal,et al.  Outsourcing Business to Cloud Computing Services: Opportunities and Challenges , 2009 .

[10]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[11]  Matthew Green,et al.  Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials , 2009, Public Key Cryptography.

[12]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[13]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[14]  Eugene Ciurana,et al.  Google App Engine , 2009 .

[15]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[16]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[17]  Marios D. Dikaiakos,et al.  Cloud Computing: Distributed Internet Computing for IT and Scientific Research , 2009, IEEE Internet Computing.

[18]  Stefan Katzenbeisser,et al.  Distributed Attribute-Based Encryption , 2009, ICISC.

[19]  Pascal Paillier,et al.  Trapdooring Discrete Logarithms on Elliptic Curves over Rings , 2000, ASIACRYPT.

[20]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[21]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[22]  J. Manyika Big data: The next frontier for innovation, competition, and productivity , 2011 .

[23]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[24]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[25]  Gillian Armstrong,et al.  An exploration of small business Website optimization: Enablers, influencers and an assessment approach , 2011 .

[26]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[27]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[28]  Ian T. Foster,et al.  Secure, Efficient Data Transport and Replica Management for High-Performance Data-Intensive Computing , 2001, 2001 Eighteenth IEEE Symposium on Mass Storage Systems and Technologies.

[29]  A. Kaplan,et al.  Users of the world, unite! The challenges and opportunities of Social Media , 2010 .

[30]  LeeSungyoung,et al.  Privacy-aware searching with oblivious term matching for cloud storage , 2013 .

[31]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[32]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[33]  Dhabaleswar K. Panda,et al.  Data intensive computing , 2006, SC.

[34]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[35]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[36]  WuJie,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011 .

[37]  Jan Camenisch,et al.  Oblivious Transfer with Hidden Access Control Policies , 2011, Public Key Cryptography.

[38]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[39]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[40]  Jie Wu,et al.  Time-based proxy re-encryption scheme for secure data sharing in a cloud environment , 2014, Inf. Sci..

[41]  William Hugh Murray,et al.  Modern Cryptography , 1995, Information Security Journal.

[42]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[43]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[44]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[45]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[46]  Neal Leavitt,et al.  Is Cloud Computing Really Ready for Prime Time? , 2009, Computer.