Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data

Most existing proposals for access control over outsourced data mainly aim at guaranteeing that the data are only accessible to authorized requestors who have the access credentials. This paper proposes TRLAC, an a posteriori approach for tracing and revoking leaked credentials, to complement existing a priori solutions. The tracing procedure of TRLAC can trace, in a black-box manner, at least one traitor who illegally distributed a credential, without any help from the cloud service provider. Once the dishonest users have been found, a revocation mechanism can be called to deprive them of access rights. We formally prove the security of TRLAC, and empirically shows that the introduction of the tracing feature incurs little costs to outsourcing.

[1]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[2]  Minghua Chen,et al.  CALMS: Cloud-assisted live media streaming for globalized demands with time/region diversities , 2012, 2012 Proceedings IEEE INFOCOM.

[3]  Zhen Liu,et al.  Expressive Black-box Traceable Ciphertext-Policy Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[4]  Ming Li,et al.  Toward Privacy-Assured Cloud Data Services with Flexible Search Functionalities , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[5]  Cong Wang,et al.  Privacy-Preserving Query over Encrypted Graph-Structured Data in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems.

[6]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[7]  Robert H. Deng,et al.  Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[8]  Pan Li,et al.  Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability , 2014, IEEE Journal of Biomedical and Health Informatics.

[9]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[10]  Reihaneh Safavi-Naini,et al.  Efficient and Provably Secure Trapdoor-Free Group Signature Schemes from Bilinear Pairings , 2004, ASIACRYPT.

[11]  Hideki Imai,et al.  An improvement of discrete Tardos fingerprinting codes , 2009, Des. Codes Cryptogr..

[12]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[13]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[14]  Fuchun Guo,et al.  Identity-Based Traitor Tracing with Short Private Key and Short Ciphertext , 2012, ESORICS.

[15]  Siu-Ming Yiu,et al.  SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment , 2012, ACNS.

[16]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[17]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[18]  Siu-Ming Yiu,et al.  Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity , 2003, ICISC.

[19]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[20]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[21]  Tolga Acar,et al.  Accumulators and U-Prove Revocation , 2013, Financial Cryptography.

[22]  Robert H. Deng,et al.  Dynamic Secure Cloud Storage with Provenance , 2012, Cryptography and Security.

[23]  Wei Wang,et al.  Public-Key Encryption with Fuzzy Keyword Search: A Provably Secure Scheme under Keyword Guessing Attack , 2013, IEEE Transactions on Computers.

[24]  Elisa Bertino,et al.  PARALLEL AND DISTRIBUTED SYSTEMS , 2010 .

[25]  Bu-Sung Lee,et al.  How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[26]  Yantian Hou,et al.  Maple: scalable multi-dimensional range search over encrypted cloud data with tree-based index , 2014, AsiaCCS.

[27]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[28]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[29]  Feng Wang,et al.  On the impact of virtualization on Dropbox-like cloud file storage/synchronization services , 2012, 2012 IEEE 20th International Workshop on Quality of Service.

[30]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[31]  Yuguang Fang,et al.  CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring , 2013, IEEE Transactions on Information Forensics and Security.

[32]  Minglu Li,et al.  Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data , 2013, IEEE Transactions on Dependable and Secure Computing.

[33]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[34]  Robert H. Deng,et al.  Conditional Proxy Broadcast Re-Encryption , 2009, ACISP.

[35]  Kanika Lakhani,et al.  Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing , 2010, 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010).

[36]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[37]  Ming Li,et al.  Storing Shared Data on the Cloud via Security-Mediator , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[38]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[39]  Angelos D. Keromytis,et al.  CloudFence: Data Flow Tracking as a Cloud Service , 2013, RAID.

[40]  Zhen Liu,et al.  Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay , 2013, CCS.

[41]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[42]  Yunlei Zhao,et al.  All-but-One Dual Projective Hashing and Its Applications , 2014, ACNS.

[43]  Brent Waters,et al.  Building efficient fully collusion-resilient traitor tracing and revocation schemes , 2010, CCS '10.

[44]  Zoe L. Jiang,et al.  Privacy-Preserving Public Auditing for Secure Cloud Storage , 2013, IEEE Transactions on Computers.

[45]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[46]  Josep Domingo-Ferrer,et al.  Simultaneous authentication and secrecy in identity-based data upload to cloud , 2013, Cluster Computing.

[47]  Shucheng Yu,et al.  Privacy Preserving Back-Propagation Neural Network Learning Made Practical with Cloud Computing , 2014, IEEE Transactions on Parallel and Distributed Systems.

[48]  Josep Domingo-Ferrer,et al.  Efficient Remote Data Possession Checking in Critical Information Infrastructures , 2008, IEEE Transactions on Knowledge and Data Engineering.

[49]  Moni Naor,et al.  Traitor tracing with constant size ciphertext , 2008, CCS.

[50]  Josep Domingo-Ferrer,et al.  Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts , 2014, Inf. Sci..

[51]  Bu-Sung Lee,et al.  Tracking of Data Leaving the Cloud , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.