Data Access Control in Cloud Computing Flexible and Receiver Extendable
Abstract : Broadcast encryption provides a promising technique of data access control for specified users in cloud computing. A data uploader can generate a ciphertext for a set of chosen users such that only the intended users are able to learn the data content. However, with the rapidly increasing of collaboration between users, it is desired to extend the receiver set to grant the decryption right for more users. The existing broadcast encryption systems cannot be capable for this scenario. In this paper, we first take this problem into consideration and give a solution. We take the merits of identity-based cryptosystem and propose a notion of EIBBE: a flexible data access control with receiver extendable for cloud computing based on broadcast encryption. It allows the authorized receiver to extend the receiver set S stated in the ciphertext by adding a new receiver set S' without re-encryption. Both the users in S and S' can obtain the data successfully. The maximum number of extended receivers is determined by the data uploader. We then give a concrete construction of EIBBE and provide a rigorous security analysis of our proposed scheme. Finally, we demonstrate the scheme's efficiency and feasibility.
? A systematic literature review synthesizes existing work in a manner that is fair and seen to be fair. Systematic review must be undertaken in accordance with a predefined search strategy.
? Systematic reviews are mainly undertaken to summarize the existing evidence, identifying the gaps in current research and providing a framework for new research activities.
? The main reason for undertaking SLR is to summarize the existing information about security threats and to bridge a gap, to get the true reflection of the security techniques used in the current world in Cloud Computing.
? This involves to efficiently organize "Free" computer storage resources existing within enterprises to provide low-cost high-quality storage services.
? To overcome these problems, we present Crypt-DAC, a cryptographically enforced dynamic access control system on untrusted cloud.
? To overcome this problem, we enable the administrator to define a tolerable bound for the file.
? As policy/file data is fully managed by the cloud provider, how to resist such collusion attack without the honest-but-curious assumption is still an open problem.
? The problem, however, is that the cost of homomorphic symmetric encryption is comparable with public key encryption schemes, incurring prohibitive computation overhead during file reading/writing.
• Regarding this area of study, most of the research papers followed a normal traditional literature survey method.
• Few papers gave an innovative idea and proposed a security model. However, there are very few works, which considered the opinions of various security experts in Cloud Computing.
• This study proposes that, reader gets the true reflection of the security practices followed by various Cloud Computing companies in the current era.
• There is a scope to propose the guidelines to overcome the future challenges like physical security, espionage, transparency, data ownership, hypervisor viruses and malicious insiders in Cloud security.
? We compare the performance of the four systems in access revocation and file reading/writing.
? To evaluate the performance of the four systems in a realistic access control scenario, we derive several critical access control parameters through a simulation of data access control.
? Considering the performance advantage of Crypt-DAC in revocation, we believe that this extra cost is acceptable.
? The cryptographic algorithms, however, incur additional performance overhead in data communication, encryption and decryption.
? The theoretical analysis and the performance evaluation show that Crypt-DAC achieves orders of magnitude higher efficiency in access revocations while ensuring the same security properties under the honestbut-curious threat model compared with previous schemes.
|