An Integrated Privacy Preserving Attribute Based Access Control Framework Supporting Secure Deduplication

Recent advances in information technologies have facilitated applications to generate, collect or process large amounts of sensitive personal data. Emerging cloud storage services provide a better paradigm to support the needs of such applications. Such cloud based solutions introduce additional security and privacy challenges when dealing with outsourced data including that of supporting fine-grained access control over such data stored in the cloud. In this paper, we propose an integrated, privacy-preserving user-centric attribute based access control framework to ensure the security and privacy of users’ data outsourced and stored by a cloud service provider (CSP). The core component of the proposed framework is a novel privacy-preserving, revocable ciphertext policy attribute-based encryption (PR-CP-ABE) scheme. To support advanced access control features like write access on encrypted data and privacy-preserving access policy updates, we propose extended Path-ORAM access protocol that can also prevent privacy disclosure of access patterns. We also propose an integrated secure deduplication approach to improve the storage efficiency of CSPs while protecting data privacy. Finally, we evaluate the proposed framework and compare it with other existing solutions with regards to the security and performance issues.

[1]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Yanli Ren,et al.  Efficient Ciphertext-Policy Attribute Based Encryption with Hidden Policy , 2012, IDCS.

[4]  Jian Weng,et al.  Enabling Ciphertext Deduplication for Secure Cloud Storage and Access Control , 2016, AsiaCCS.

[5]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[6]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[7]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[8]  Martín Abadi,et al.  Message-Locked Encryption for Lock-Dependent Messages , 2013, IACR Cryptol. ePrint Arch..

[9]  Pg Scholar,et al.  Privacy Preserving Delegated Access Control in Public Clouds , 2014 .

[10]  Jin Li,et al.  An Efficient Ciphertext-Policy Attribute-Based Access Control towards Revocation in Cloud Computing , 2013, J. Univers. Comput. Sci..

[11]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[12]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[13]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[14]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Dan Boneh Bilinear Groups of Composite Order , 2007, Pairing.

[17]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[18]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[19]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[20]  Giulio Malavolta,et al.  Privacy and Access Control for Outsourced Personal Records , 2015, 2015 IEEE Symposium on Security and Privacy.

[21]  Fuchun Guo,et al.  BL-MLE: Block-Level Message-Locked Encryption for Secure Large File Deduplication , 2015, IEEE Transactions on Information Forensics and Security.

[22]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[23]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[24]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[25]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[26]  Benny Pinkas,et al.  Secure Deduplication of Encrypted Data without Additional Independent Servers , 2015, CCS.

[27]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[28]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[29]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[30]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[31]  Daniel J. Abadi,et al.  Data Management in the Cloud: Limitations and Opportunities , 2009, IEEE Data Eng. Bull..

[32]  Runhua Xu,et al.  An Integrated Privacy Preserving Attribute Based Access Control Framework , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[33]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[34]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[35]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[36]  Juanjuan Li,et al.  New Ciphertext-Policy Attribute-Based Encryption with Efficient Revocation , 2014, 2014 IEEE International Conference on Computer and Information Technology.

[37]  Kristian Gjøsteen,et al.  Universally Composable Signcryption , 2007, EuroPKI.

[38]  Frederik Armknecht,et al.  Side Channels in Deduplication: Trade-offs between Leakage and Efficiency , 2016, AsiaCCS.

[39]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[40]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[41]  Runhua Xu,et al.  Extending the ciphertext-policy attribute based encryption scheme for supporting flexible access control , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[42]  Junbeom Hur,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2013, IEEE Transactions on Knowledge and Data Engineering.

[43]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[44]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[45]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[46]  Melissa Chase,et al.  FAME: Fast Attribute-based Message Encryption , 2017, CCS.

[47]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[48]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[49]  Meikang Qiu,et al.  Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data , 2017, IEEE Systems Journal.

[50]  Pin Zhou,et al.  Demystifying data deduplication , 2008, Companion '08.

[51]  Dutch T. Meyer,et al.  A study of practical deduplication , 2011, TOS.