Scalable and secure access control policy update for outsourced big data

Abstract Ciphertext Policy Attribute-based Encryption (CP-ABE) is proven to be one of the most effective approaches to data access control in data outsourcing environment such as cloud computing since it provides efficient key management based on user attributes of multiple users in accessing shared data. However, dealing with policy update limits the efficiency of the CP-ABE. In CP-ABE scheme, the access policy is used as a core element for data encryption. Hence, if the policy is updated, the data owner needs to re-encrypt files and send them back to the cloud. This incurs overheads including computation, communication, and maintenance cost at the data owner side. The computation and communication cost are very expensive if the outsourcing environment is devoted to “big data”. In this paper, we extend the capability of our access control scheme: C-CP-ARBE to be capable of supporting secure and flexible policy updates in the big data outsourcing environment. We develop a secure policy updating algorithm and propose a very lightweight proxy re-encryption (VL-PRE) technique to enable the policy updating to be done in the cloud in an efficient and computationally cost effective manner. Finally, we demonstrate the efficiency and performance of our proposed scheme through the implementation.

[1]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[2]  Hiroyuki Sato,et al.  Embedding lightweight proxy re-encryption for efficient attribute revocation in cloud computing , 2016, Int. J. High Perform. Comput. Netw..

[3]  Vijay Varadharajan,et al.  Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage , 2013, IEEE Transactions on Information Forensics and Security.

[4]  Xiaohua Jia,et al.  Enabling efficient access control with dynamic policy updating for big data in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[5]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[6]  D. Richard Kuhn,et al.  An Access Control scheme for Big Data processing , 2014, 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[7]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[8]  Hiroyuki Sato,et al.  Privacy-preserving access control model for big data cloud , 2015, 2015 International Computer Science and Engineering Conference (ICSEC).

[9]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[12]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[13]  Robert H. Deng,et al.  Adaptable Ciphertext-Policy Attribute-Based Encryption , 2013, Pairing.

[14]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[15]  Yutaka Kawai,et al.  Outsourcing the Re-encryption Key Generation: Flexible Ciphertext-Policy Attribute-Based Proxy Re-encryption , 2015, ISPEC.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[18]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[19]  Hiroyuki Sato,et al.  An Extended CP-ABE Based Access Control Model for Data Outsourced in the Cloud , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[20]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.