Achieving Simple, Secure and Efficient Hierarchical Access Control in Cloud Computing

Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

[1]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[2]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[3]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[4]  Yu-Fang Chung,et al.  Hierarchical access control based on Chinese Remainder Theorem and symmetric algorithm , 2002, Comput. Secur..

[5]  Victor R. L. Shen,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002, Comput. Secur..

[6]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[7]  Sheng Zhong,et al.  A comment on the Chen-Chung scheme for hierarchical access control , 2003, Comput. Secur..

[8]  Chin-Chen Chang,et al.  A new key assignment scheme for enforcing complicated access control policies in hierarchy , 2003, Future Gener. Comput. Syst..

[9]  Chien-Lung Hsu,et al.  Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy , 2003, Comput. Secur..

[10]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[11]  Alfredo De Santis,et al.  Cryptographic key assignment schemes for any access control policy , 2004, Inf. Process. Lett..

[12]  Yu-Fang Chung,et al.  A novel key management scheme for dynamic access control in a user hierarchy , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[13]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[14]  Provably-secure time-bound hierarchical key assignment schemes , 2006, CCS '06.

[15]  Chung-Ming Wang,et al.  An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem , 2006, J. Syst. Softw..

[16]  Alfredo De Santis,et al.  Efficient Provably-Secure Hierarchical Key Assignment Schemes , 2007, MFCS.

[17]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT '07.

[18]  Elisa Bertino,et al.  A dynamic key management solution to access hierarchy , 2007, Int. J. Netw. Manag..

[19]  Elisa Bertino,et al.  An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting , 2008, IEEE Transactions on Dependable and Secure Computing.

[20]  Deep Medhi,et al.  A secure group key management scheme for hierarchical mobile ad hoc networks , 2008, Ad Hoc Networks.

[21]  Yu-Fang Chung,et al.  Access control in user hierarchy based on elliptic curve cryptosystem , 2008, Inf. Sci..

[22]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[23]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[24]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[25]  Alfredo De Santis,et al.  Efficient provably-secure hierarchical key assignment schemes , 2007, Theor. Comput. Sci..

[26]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[27]  Xiaohua Jia,et al.  Data storage auditing service in cloud computing: challenges, methods and opportunities , 2011, World Wide Web.

[28]  Chien-Lung Hsu,et al.  Secure key management scheme for dynamic hierarchical access control based on ECC , 2011, J. Syst. Softw..

[29]  Baojiang Cui,et al.  A Secure Hierarchical Key Management Scheme in Wireless Sensor Network , 2012, Int. J. Distributed Sens. Networks.

[30]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[31]  Ashok Kumar Das,et al.  Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem , 2012, Inf. Sci..

[32]  Yacine Challal,et al.  An efficient key management scheme for content access control for linear hierarchies , 2012, Comput. Networks.

[33]  Hui-Zhen Gu,et al.  uCloud: a user-centric key management scheme for cloud data protection , 2013, IET Inf. Secur..

[34]  Kenneth G. Paterson,et al.  Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes , 2013, CT-RSA.

[35]  Wen-Guey Tzeng,et al.  CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing , 2013, ACNS.

[36]  I-En Liao,et al.  An Efficient Attribute-Based Encryption and Access Control Scheme for Cloud Storage Environment , 2013, GPC.

[37]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[38]  Hung-Min Sun,et al.  An Efficient Solution for Hierarchical Access Control Problem in Cloud Environment , 2014 .