Secure independent-update concise-expression access control for video on demand in cloud

Video on demand (VoD) is a popular application on the Internet. In the past few years, more and more VoD services are shifted to cloud. Although this transformation introduces many benefits, it arouses new challenges of data security due to the outsourcing storage on untrusted cloud servers. For satisfying the requirements of fine-grained access control in cloud, Attribute-Based Encryption (ABE) algorithms are applied to this field. However, due to the large number of videos and users in cloud, there exist frequent subscribing/unsubscribing behaviors and numerous categories, which induce the challenges for higher flexibility and efficiency. Most of existing schemes do not discuss these challenges sufficiently. In this paper, we propose an ABE-based Secure Independent-update Concise- expression Access Control (SICAC) scheme in Cloud, to provide flexible and efficient authentication and authorization for VoD services. In the aspect of access policy update, to guarantee that users cannot affect each other, we design an independent-update key policy ABE (KP-ABE) algorithm which allows users to update their keys separately, while most of existing schemes require that all members of a group should be updated simultaneously. In the aspect of attribute description, to reduce the storage cost, we propose a concise-expression access structure which can describe various logic relationships flexibly and efficiently. The security is proved in standard model and the experiment is implemented with Pairing-Based Cryptography(PBC) library. Both the theoretical analysis and the experimental results show that our scheme is efficient and effective for VoD services in cloud.

[1]  Haiying Shen,et al.  An Efficient and Trustworthy Resource Sharing Platform for Collaborative Cloud Computing , 2014, IEEE Transactions on Parallel and Distributed Systems.

[2]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[3]  T. Sudha,et al.  Oruta: Privacy- Preserving Public Auditing for Shared Data in the Cloud , 2018 .

[4]  Shrinath,et al.  Information Flow Control for Secure Cloud Computing , 2016 .

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[7]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[8]  Baochun Li,et al.  Oruta: Privacy-Preserving Public Auditingfor Shared Data in the Cloud , 2014, IEEE Trans. Cloud Comput..

[9]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[11]  Xiao-Feng Wang,et al.  Attribute-Based Encryption Schemes: Attribute-Based Encryption Schemes , 2011 .

[12]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  Thomas D. C. Little,et al.  Prospects for Interactive Video-on-Demand , 1994, IEEE MultiMedia.

[15]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[16]  Bo Li,et al.  CloudMedia: When Cloud on Demand Meets Video on Demand , 2011, 2011 31st International Conference on Distributed Computing Systems.

[17]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[18]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[19]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[20]  Yiwei Thomas Hou,et al.  Protecting your right: Attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[21]  Xiaolei Dong,et al.  Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud , 2015, ESORICS.

[22]  K. Kuppusamy,et al.  An expressive and provably secure Ciphertext-Policy Attribute-Based Encryption , 2014, Inf. Sci..

[23]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[24]  Jing Chen,et al.  Dominating Set and Network Coding-Based Routing in Wireless Mesh Networks , 2015, IEEE Transactions on Parallel and Distributed Systems.

[25]  Vinit Malpure The Pairing-Based Cryptography Mechanism to Provide Confidentiality and Authentication for Broker-Less Content-Based Publish / Subscribe System , 2015 .

[26]  Jianwei Liu,et al.  Practical Direct Chosen Ciphertext Secure Key-Policy Attribute-Based Encryption with Public Ciphertext Test , 2014, ESORICS.

[27]  Yonggang Wen,et al.  Toward Optimal Deployment of Cloud-Assisted Video Distribution Services , 2013, IEEE Transactions on Circuits and Systems for Video Technology.

[28]  Josep Domingo-Ferrer,et al.  Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts , 2014, Inf. Sci..

[29]  Brent Waters,et al.  Attribute-Based Encryption with Fast Decryption , 2013, Public Key Cryptography.

[30]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[31]  Baochun Li,et al.  A theory of cloud bandwidth pricing for video-on-demand providers , 2012, 2012 Proceedings IEEE INFOCOM.

[32]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013 .

[33]  Piyush Jha,et al.  DeyPoS: Deduplicatable Dynamic Proof of Storage for Multi-User Environments , 2017 .

[34]  Chun-I Fan,et al.  Arbitrary-State Attribute-Based Encryption with Dynamic Membership , 2014, IEEE Transactions on Computers.

[35]  Min Chen,et al.  Message-locked proof of ownership and retrievability with remote repairing in cloud , 2016, Secur. Commun. Networks.

[36]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[37]  Wenbin,et al.  Ciphertext-Policy Attribute-Based Encryption with Short Keys , 2014 .

[38]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[39]  Franco Robledo,et al.  A new caching policy for cloud assisted Peer-to-Peer video-on-demand services , 2012, 2012 IEEE 12th International Conference on Peer-to-Peer Computing (P2P).

[40]  G Shiva Krishna,et al.  Control Cloud Data Access Privilege and Anonymity with Fully Anonymous Attribute-Based Encryption , 2017 .

[41]  Issa M. Khalil,et al.  Cloud Computing Security: A Survey , 2014, Comput..

[42]  Giulio Malavolta,et al.  Privacy and Access Control for Outsourced Personal Records , 2015, 2015 IEEE Symposium on Security and Privacy.

[43]  Xiaolei Dong,et al.  Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability , 2014, ESORICS.

[44]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[45]  Baochun Li,et al.  Quality-assured cloud bandwidth auto-scaling for video-on-demand applications , 2012, 2012 Proceedings IEEE INFOCOM.

[46]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[47]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.