Enforcing Hidden Access Policy for Supporting Write Access in Cloud Storage Systems

Somchart Fugkeaw, Hiroyuki Sato

2017

Abstract

Ciphertext Policy Attribute-based Encryption (CP-ABE) is recognized as one of the most effective approaches for data access control solution in cloud computing. This is because it provides efficient key management based on user attributes of multiple users in accessing shared data. However, one of the major drawbacks of CP-ABE is the privacy of policy content. Furthermore, the communication and computation cost at data owner would be very expensive if there are frequent updates of data as those updated data need to be re-encrypted and uploaded back to the cloud. For the policy privacy perspective in CP-ABE based access control, access policy is usually applied to encrypt the plain data and is carried with the ciphertext. In a real-world system, policies may contain sensitive information that must be hidden from untrusted parties or even the users of the system. This paper proposes a flexible and secure policy hiding scheme that is capable to support policy content privacy preserving and secure policy sharing in multi-authority cloud storage systems. To address the policy privacy issue, we introduce randomized hash-based public attribute key validation to cryptographically protect the content of access policy and dynamically enforce hidden policies to collaborative users. In addition, we propose a write access enforcement mechanism based the proxy re-encryption method to enable optimized and secure file re-encryption. Finally, we present the security analysis and compare the access control and policy hiding features of our scheme and related works. The analysis shows that our proposed scheme is secure and efficient in practice and it also provides less complexity of cryptographic formulation for policy hiding compared to the related works.

References

  1. Bethencourt, J., Sahai, A., and Waters B., 2007. Ciphertext-policy Attribute-based Encryption, In IEEE Symposium of Security and privacy, SP'07, IEEE, pages 321.-334.
  2. Chase, M., 2007. Multi-authority attribute based encryption, In Proceedings of the 4th Theory of Cryptography Conference on Theory of Cryptography (TCC'07), Springer, pages 525-534.
  3. Nishide, T., Yoneyama, K., and Ohta, K., 2008. Attributebased encryption with partially hidden encryptorspecified access structures. In Proceedings of Applied Cryptography and Network Security, ACNS'08. LCNS, Vol.5037, pages 111-129. Springer.
  4. Katz, J., Sahai, A., and Waters, B., 2008. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2008. LNCS, Vol 4965. pages 146-162, Springer.
  5. Yu, S., Ren, K., and Lou., W., 2008. Attribute-based content distribution with hidden policy. In Proceedings of 4th Workshop on Secure Network Protocols, NPSEC 2008. IEEE.
  6. Chase, M. and Chow, M. 2009. Improving privacy and security in multi-authority attribute-based encryption, In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS'09, pages 121-130, ACM.
  7. NIST. "A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications". NIST, Special Publication April 2010.
  8. Wang, G., Liu, Q., and Wu, J., 2010. Hierarchical attributebased encryption for fine-grained access control in cloud storage services. In Proceedings of the 17th ACM Conference on Computer and Communications Security,CCS 7810, pages 735-737, ACM.
  9. Zhao, F., Nishide, T., and Sakurai, K., 2011. Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems, In Proceedings of 7th International Conference of Information Security Practice and Experience, ISPEC'11, papges 83-97, Springer.
  10. Lai, J., Deng, R. H., and Li, Y., 2011. Fully Secure Cipertext-Policy Hiding CP-ABE, In Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC'11, pages 24- 39, Springer.
  11. Wan, Z., Liu, J., and Deng, R. H., 2012. HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. In IEEE Transactions on Information Forensics and Security 7(2): pages 743-754, IEEE.
  12. Li, M., Yu, S., Zheng, Y., Ren, K, and Lou, W., 2012. Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption, In IEEE Transactions on Parallel and Distributed Systems. Volume 24, Issue: 1, pages 131- 143, IEEE.
  13. Ruj, S., Stojmenovic, M., and Nayak, A., 2012. Privacy Preserving Access Control with Authentication for Securing Data in Clouds, In Proceedings of 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2012, pages 556- 563, IEEE.
  14. Asghar, M. R., Ion, M., Russello, G., and Crispo, B., 2013. ESPOONERBAC: Enforcing Security Policies in Outsourced Environments, In Elsevier Jounral of Computers & Security (COSE), Volume 35, pages 2- 24. Elsevier Advanced Technology Publications.
  15. Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R., 2014. Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage. IEEE Transastions on Parallel Distributed Systems, Vol. 25(7), pages 1735-1744, IEEE.
  16. Fugkeaw, S. and H. Sato, 2015. An extended CP-ABE based Access control model for data outsourced in the cloud, In Proceedings of IEEE International Workshop on Middleware for Cyber Security, Cloud Computing and Internetworking, MidCCI 2015, IEEE.
  17. Java™ Platform, Standard Edition 7 API Specification, 2016. : Secure random number generator Java library, https://docs.oracle.com/javase/ 7/docs/api/java/security/ SecureRandom.html
Download


Paper Citation


in Harvard Style

Fugkeaw S. and Sato H. (2017). Enforcing Hidden Access Policy for Supporting Write Access in Cloud Storage Systems . In Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-243-1, pages 558-564. DOI: 10.5220/0006349605580564


in Bibtex Style

@conference{closer17,
author={Somchart Fugkeaw and Hiroyuki Sato},
title={Enforcing Hidden Access Policy for Supporting Write Access in Cloud Storage Systems},
booktitle={Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2017},
pages={558-564},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006349605580564},
isbn={978-989-758-243-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Enforcing Hidden Access Policy for Supporting Write Access in Cloud Storage Systems
SN - 978-989-758-243-1
AU - Fugkeaw S.
AU - Sato H.
PY - 2017
SP - 558
EP - 564
DO - 10.5220/0006349605580564