Framework for Securing Data in Cloud Storage Services

Mai Dahshan, Sherif Elkassas

Abstract

Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, notebooks, etc.). Although these cloud storage services offer attractive features, many customers are not adopting them, since data stored in these services is under the control of service providers and this makes it more susceptible to security risks. Therefore, in this paper, we addressed the problem of ensuring data confidentiality against cloud and against accesses beyond authorized rights by designing a secure cloud storage system framework that simultaneously achieves data confidentiality and fine-grained access control on encrypted data. This framework is built on a trusted third party (TTP) service that can be employed either locally on users' machine or premises, or remotely on top of cloud storage services for ensuring data confidentiality. Furthermore, this service combines multi-authority ciphertext policy attribute-based encryption (MA-CP-ABE) and attribute-based Signature (ABS) for achieving many-read-many-write fine-grained data access control on storage services. Last but not least, we validate the effectiveness of our design by carrying out a security analysis.

References

  1. Bethencourt J., Sahai A., and Waters B., 2007. Ciphertext-policy attribute based encryption. In 28th IEEE Symposium on Security and Privacy.
  2. Borgmann M., Hahn T., Herfert M., Kunz T., Richter M., Viebeg U., and Vowe S., 2012. On the Security of Cloud Storage Services. Fraunhofer Institute for Secure Information Technology SIT. Available from: http://www.sit.fraunhofer.de/en/cloudstudy.html html [Accessed 6 March 2014].
  3. Cao D., Zhao B., Wang X., Su J., and Ji G., 2011. Multiauthority Attribute-Based Signature. In INCoS 7811, Third International Conference on Intelligent Networking and Collaborative Systems.
  4. Chacos B., How to encrypt your cloud storage for free. PCWorld. Available from: http://www.pcworld.com/article/2010296/how-toencrypt-your-cloud-storage-for-free.html [Accessed 6 February 2014].
  5. Chase M., 2007. Multi-authority attribute-based encryption. In TCC' 07, The Fourth Theory of Cryptography Conference.
  6. Chase M. and Chow S.M., 2009. Improving privacy and security in multi-authority attribute-based encryption. In CCS 7809, 16th ACM conference on Computer and communications security.
  7. CircleID Reporter, 2009. Survey: Cloud computing 'no hype', but fear of security and control slowing adoption. Available from: http://www.circleid.com/posts/20090226_cloud_comp uting_hype_security [Accessed 7 January 2014].
  8. Dahshan M. and Elkassass S. 2014. Data Security in Cloud Storage Services. In CLOUD COMPUTING'14, The Fifth International Conference on Cloud Computing, GRIDs, and Virtualization.
  9. Deniability P., Gasti P., Ateniese G., and Blanton M., 2010. Deniable cloud storage: sharing files via publickey deniability. In WPES 7810, 9th annual ACM workshop on Privacy in the electronic society.
  10. Di Vimercati S. D. C., Foresti S., Jajodia S., Paraboschi S., and Samarati P., 2007. A data outsourcing architecture combining cryptography and access control. In CSAW 7807, ACM workshop on Computer security architecture.
  11. Goh E., Shacham H., Modadugu N., and Boneh D., 2003. SiRiUS: Securing remote untrusted storage. In NDSS'03 , Tenth Network and Distributed System Security Symposium.
  12. Hu W., Yang T., and Matthews J. N, 2010. The good, the bad and the ugly of consumer cloud storage. In ACM SIGOPS'10, Operating Systems Review.
  13. Jung T., Li X., Wan Z., and Wan M., 2013. Privacy preserving cloud data access with multi- authorities. InINFOCOM'13, 33rd IEEE International Conference on Computer Communications.
  14. Lewko A. and Waters B., 2011. Decentralizing attributebased encryption. In Proceedings of EUROCRYPT'11, 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques.
  15. Liu Z., Cao Z., Huang Q., Wong D. S., and Yuen T. H.,2011. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In ESORICS'11, The European Symposium on Research in Computer Security.
  16. Muller S., Katzenbeisser S., and Eckert C.,2009. On multiauthority ciphertext-policy attribute-based encryption. In Bulletin of the Korean Mathematical Society.
  17. Newton, D. 2011. Dropbox authentication: insecure by design. Available from: http://dereknewton.com/2011/04/dropboxauthentication-static-host-ids/[Accessed 17 February 2014].
  18. Patel H. R., Patel D., Chaudhari J., Patel S., and Prajapati K., 2012. Tradeoffs between performance and security of cryptographic primitives used in storage as a service for cloud computing. In CUBE 7812, 2012 International Information Technology Conference.
  19. Sahai A., and Waters B.,2005. Fuzzy Identity-based Encryption. In EUROCRYPT'05, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques.
  20. ShinJ., KimY., ParkW., and ParkC., 2012. DFCloud: A TPM-based secure data access control method of cloud storage in mobile devicesIn CloudCom'12, IEEE 4th International Conference on Cloud Computing Technology and Science.
  21. Sosinsky, B., 2010. Cloud Computing Bible. John Wiley & Sons. First Edition.
  22. Tang Y., Lee P. P. C., Lui J. C. S., and Perlman R., 2012. Secure Overlay Cloud Storage with Access Control and Assured Deletion. In Proc. of TDSC'12, 2012 IEEE Transactions on Dependable and Secure Computing.
  23. Waters B., 2011. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In PKC'11, 4th International Conference on Practice and Theory in Public Key Cryptography.
  24. Yang, K., Jia, X., Ren, K., and Zhang B., 2013. DACMACS: Effective data access control for multiauthority cloud storage systems. In INFOCOM'13 , 33rd IEEE International Conference on Computer Communications.
  25. Yang K., and Jia X., 2013. Expressive, Efficient and Revocable Data Access Control for Multi- Authority Cloud Storage. In TPDS'13, IEEE Transactions on Parallel and Distributed Systems.
  26. Zhiquan L., Hong C., Zhang M., and Feng D., 2012. A secure and efficient revocation scheme for finegrained access control in cloud storage. In CloudCom'12, IEEE 4th International Conference on Cloud Computing Technology and Science.
Download


Paper Citation


in Harvard Style

Dahshan M. and Elkassas S. (2014). Framework for Securing Data in Cloud Storage Services . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 267-274. DOI: 10.5220/0005043802670274


in Bibtex Style

@conference{secrypt14,
author={Mai Dahshan and Sherif Elkassas},
title={Framework for Securing Data in Cloud Storage Services},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={267-274},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005043802670274},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Framework for Securing Data in Cloud Storage Services
SN - 978-989-758-045-1
AU - Dahshan M.
AU - Elkassas S.
PY - 2014
SP - 267
EP - 274
DO - 10.5220/0005043802670274