Authors:
Víctor J. Sosa-Sosa
;
Miguel Morales-Sandoval
;
Oscar Telles-Hurtado
and
José Luis González-Compeán
Affiliation:
Center of Research and Advanced Studies of the National Polytechnic Institute (CINVESTAV), Mexico
Keyword(s):
Attribute-based Encryption, Cloud Storage, Security, Access Control, Confidentiality, Authentication.
Abstract:
Cloud storage services provide users with an effective and inexpensive mechanism to store and manage big
data with anytime and anywhere availability. However, data owners face the risk of losing control over their
data, which could be accessed by third non-authorized parties including the provider itself. Although conventional
encryption could avoid data snooping, an access control problem arises and the data owner must
implement the security mechanisms to store, manage and distribute the decryption keys. This paper presents a
qualitative and quantitative evaluation of two Java implementations of security schemes called DET-ABE and
AES4SeC. Both are based on the digital envelope technique and attribute based encryption, a non-conventional
cryptography that ensures confidentiality and access control security services. The experimental evaluation
was performed in a private cloud infrastructure where experiments for both implementations ran using the
same platform, settings, un
derlying libraries, thus providing a more fair comparison. The quantitative evaluation
revealed DET-ABE and AES4SeC have similar performance when applying low security levels (128-bit
keys), whereas DET-ABE surpasses AES4SeC performance when medium (192-bit keys) and high (256-bit
keys) security levels are required. Qualitative evaluation shows that AES4SeC also ensures authentication and
integrity services, which are not supported by DET-ABE.
(More)