An Integrated Privacy Preserving Attribute Based Access Control Framework

Recent advances in IT have enabled many applications that generate/collect huge amounts of personal data. While these advances have made many personalized applications such as personalized user-centric healthcare possible there are significant system maintenance cost related to data management, and security and privacy issues that need to be first addressed. Although cloud computing presents a new paradigm that helps maintaining users aggregated information distributed in different Internet enabled applications in one place, it also introduces new challenges in security and privacy. In this paper, we propose an integrated user-centric (or an organization-centric) privacy preserving attribute based access control approach to protect the security and privacy of a user's(or the organization's) data stored by a cloud service provider. The proposed approach includes a novel privacypreserving revocable ciphertext policy attribute-based encryption (PR-CP-ABE) scheme. We also propose an extended Path-ORAM protocol that addresses the access pattern privacy as users access the protected data on cloud. We present security and privacy analysis and compare the performance parameters with other existing approaches.

[1]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[2]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[3]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[4]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[5]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[6]  Xiaodong Lin,et al.  Ciphertext Policy Attribute Based Encryption with Efficient Revocation , 2009 .

[7]  Daniel J. Abadi,et al.  Data Management in the Cloud: Limitations and Opportunities , 2009, IEEE Data Eng. Bull..

[8]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[9]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[10]  Giulio Malavolta,et al.  Privacy and Access Control for Outsourced Personal Records , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[12]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[13]  J. Venkata Subramanian,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2012 .

[14]  Yanli Ren,et al.  Efficient Ciphertext-Policy Attribute Based Encryption with Hidden Policy , 2012, IDCS.

[15]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[16]  Runhua Xu,et al.  Extending the ciphertext-policy attribute based encryption scheme for supporting flexible access control , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[17]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[18]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[19]  Junbeom Hur,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2013, IEEE Transactions on Knowledge and Data Engineering.

[20]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[21]  Juanjuan Li,et al.  New Ciphertext-Policy Attribute-Based Encryption with Efficient Revocation , 2014, 2014 IEEE International Conference on Computer and Information Technology.

[22]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[23]  Jin Li,et al.  New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation , 2013, ICT-EurAsia.

[24]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[25]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[26]  Elisa Bertino,et al.  Privacy Preserving Delegated Access Control in Public Clouds , 2014, IEEE Transactions on Knowledge and Data Engineering.

[27]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).