Data Access Control in Cloud Computing Flexible and Receiver Extendable
Abstract : Broadcast encryption provides a promising technique of data access control for specified users in cloud computing. A data uploader can generate a ciphertext for a set of chosen users such that only the intended users are able to learn the data content. However, with the rapidly increasing of collaboration between users, it is desired to extend the receiver set to grant the decryption right for more users. The existing broadcast encryption systems cannot be capable for this scenario. In this paper, we first take this problem into consideration and give a solution. We take the merits of identity-based cryptosystem and propose a notion of EIBBE: a flexible data access control with receiver extendable for cloud computing based on broadcast encryption. It allows the authorized receiver to extend the receiver set S stated in the ciphertext by adding a new receiver set S' without re-encryption. Both the users in S and S' can obtain the data successfully. The maximum number of extended receivers is determined by the data uploader. We then give a concrete construction of EIBBE and provide a rigorous security analysis of our proposed scheme. Finally, we demonstrate the scheme's efficiency and feasibility.
? With the considerable advancements in cloud computing, users and organizations are finding it increasingly appealing to store and share data through cloud services.
? This requires the file owner to download the file, re-encrypt the file, and upload it back for the cloud to update the previous encrypted file, incurring prohibitive communication overhead at the file owner side.
? Such a design enables the cloud to directly re-encrypt file without decryption.
? However, this scheme incurs expensive file read/write overhead as the encryption/decryption operation involves comparable overhead with the public key encryption schemes.
? The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved.
? The standard KP-ABE is provably secure under the attribute-based Selective-Set model given the Decisional Bilinear Diffie-Hellman (DBDH) problem is hard.
? In some practical application systems, data confidentiality is not only a security/privacy issue, but also of juristic concerns.
? One critical issue with this branch of approaches is how to achieve the desired security goals without introducing a high complexity on key management and data encryption.
? In this paper, we address this open issue and propose a secure and scalable fine-grained data access control scheme for cloud computing.
• In response to these security issues, numerous works have been proposed to support access control on untrusted cloud services by leveraging cryptographic primitives.
• To simplify the presentation, we term the two revocation schemes proposed in as immediate re-encryption (IMre) and deferred re-encryption (DEre), respectively.
• We also term the revocation scheme proposed in as homomorphic reencryption (HOre).
• The simulation framework proposed in describes a range of realistic access control scenarios and allows us to investigate various access control actions and cryptographic operations incurred by these actions.
? To enforce these access policies, the data owners on one hand would like to take advantage of the abundant resources that the cloud provides for efficiency and economy; on the other hand, they may want to keep the data contents confidential against cloud servers.
? All these design goals should be achieved efficiently in the sense that the system is scalable.
? Using KP-ABE, we are able to immediately enjoy fine-grained data access control and efficient operations such as file creation/deletion and new user grant.
? The complexity of algorithm AM inimalSet is actually mainly contributed by the CNF conversion operation which can be efficiently realized by existing algorithms.
|