Key-Aggregate Authentication Cryptosystem for Data Sharing in Dynamic Cloud Storage

Sharing encrypted data with different users via public cloud storage is an important research issue. This paper proposes a key-aggregate authentication cryptosystem. The cryptosystem generates a constant-size key that supports flexible delegation of decryption rights for any set of ciphertexts. The key-size is independent of the number of maximum ciphertexts such that the expense of our scheme is stable no matter how frequently users upload files to the cloud server dynamically. In addition, the authentication process in our scheme solves the key-leakage problem of data sharing. Data owner can extract an aggregated key which includes ciphertexts' indices, delegatee's identity and expiration date of the key. The cloud server obtains the identity of download-applicant from the key with public parameter and then controls download right. This paper proves that the authentication key cannot be fudged and the message in this key cannot be denied. In order to achieve efficient and secure data sharing in dynamic cloud storage, the proposed method should be stable in expense, and should be leakage-resilient. Our scheme can satisfy both requirements.

[1]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[2]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[3]  Qiong Zhang,et al.  A centralized key management scheme for hierarchical access control , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[4]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[5]  K. J. Ray Liu,et al.  Scalable hierarchical access control in secure group communications , 2004, IEEE INFOCOM 2004.

[6]  Yuxiang Wang,et al.  Construction of Tree Network with Limited Delivery Latency in Homogeneous Wireless Sensor Networks , 2014, Wirel. Pers. Commun..

[7]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[8]  Gaikwad Prajakta,et al.  Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage , 2015 .

[9]  Md. Zakirul Alam Bhuiyan,et al.  Hardware design and modeling of lightweight block ciphers for secure communications , 2018, Future Gener. Comput. Syst..

[10]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[11]  Chun-I Fan,et al.  Arbitrary-State Attribute-Based Encryption with Dynamic Membership , 2014, IEEE Transactions on Computers.

[12]  Kim-Kwang Raymond Choo,et al.  Fine-grained Database Field Search Using Attribute-Based Encryption for E-Healthcare Clouds , 2016, Journal of Medical Systems.

[13]  Fuchun Guo,et al.  Identity-Based Encryption: How to Decrypt Multiple Ciphertexts Using a Single Decryption Key , 2007, Pairing.

[14]  Debdeep Mukhopadhyay,et al.  Provably Secure Key-Aggregate Cryptosystems with Broadcast Aggregate Keys for Online Data Sharing on the Cloud , 2017, IEEE Transactions on Computers.

[15]  Pan Li,et al.  Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability , 2014, IEEE Journal of Biomedical and Health Informatics.

[16]  Brent Waters,et al.  Practical leakage-resilient identity-based encryption from simple assumptions , 2010, CCS '10.

[17]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[18]  Stafford E. Tavares,et al.  Flexible Access Control with Master Keys , 1989, CRYPTO.

[19]  Sheikh Iqbal Ahamed,et al.  A privacy preserving framework for RFID based healthcare systems , 2017, Future Gener. Comput. Syst..

[20]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[21]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[22]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[23]  John Keeney,et al.  Multilevel pattern mining architecture for automatic network monitoring in heterogeneous wireless communication networks , 2016, China Communications.

[24]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[25]  Donghyun Kim,et al.  A new outsourcing conditional proxy re‐encryption suitable for mobile cloud environment , 2017, Concurr. Comput. Pract. Exp..

[26]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[27]  Jin Li,et al.  Verifiable searchable encryption with aggregate keys for data sharing system , 2018, Future Gener. Comput. Syst..

[28]  Xingming Sun,et al.  Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement , 2016, IEEE Transactions on Parallel and Distributed Systems.

[29]  G. P. Oornima,et al.  Key-Aggregate Searchable Encryption ( KASE ) For Group Data Sharing via Cloud Storage , 2016 .

[30]  Muthu Ramachandran,et al.  Cloud Computing Adoption Framework – a security framework for business clouds , 2015 .

[31]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[32]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[33]  Siu-Ming Yiu,et al.  Identity-Based Encryption Resilient to Continual Auxiliary Leakage , 2012, EUROCRYPT.

[34]  Fuchun Guo,et al.  Multi-Identity Single-Key Decryption without Random Oracles , 2007, Inscrypt.