Policy-based Broadcast Access Authorization for Flexible Data Sharing in Clouds
Abstract
Cloud storage services allow data owners to outsource their potentially sensitive data (e.g., private genome data) to remote cloud servers in a ciphertext form. To enable data owners to further share the data encrypted in ciphertexts, many proxy re-encryption (PRE) schemes are proposed. However, most schemes only support single-recipient or coarse-grained re-encryption, which may limit the flexibility for data sharing. To address this issue, we propose a Policy-based Broadcast Access Authorization (PBAA) scheme by introducing the well-established identity-based broadcast encryption (IBBE) and key-policy attribute-based encryption into PRE. In our PBAA scheme, a data owner can apply IBBE to encrypt his data to a group of recipients. More importantly, the data owner can generate a delegation key with an access policy, and send this key to the cloud such that it can convert any initial ciphertext satisfying the access policy into a new ciphertext for a new group of recipients. With these features, cloud users can share their remote data in a secure and flexible way. Security analysis and performance evaluation show that the PBAA scheme is secure and efficient, respectively.
Existing System
? These algorithms become sublinear in the number of existing Usrs as they are executed with a logarithmic number of secrets to cover all existing Usrs. ? Such schemes assure forward and backward security by only changing the public information and without affecting secret shares given to existing users. ? The ability to derive the secret encryption/decryption keys using public values is a key point to achieve transparency in subscription handling. Most of the existing GKM schemes fail to achieve this objective. ? The rekey process is not transparent, thus shifting the burden of acquiring new keys on existing users when others leave or join.
Disadvantages
? This raises a serious problem when the encrypted data needs to be shared to more people beyond those initially designated by the data owner. ? To address this problem, we introduce and formalize an identity-based encryption transformation (IBET) model by seamlessly integrating two well-established encryption mechanisms, namely identity-based encryption (IBE) and identity-based broadcast encryption (IBBE). ? This paper attempts to solve such problem technically so that the authorities can transform the ciphertexts from one 2 encryption system to another, without handing over their decryption keys. ? This scheme requires the interaction between data owners and a key generator authority for each transformation, which may result an efficiency problem.
Proposed System
• The proposed key management scheme works efficiently even when there are thousands of Usrs. • The OCBE protocols, proposed by Li and Li, provide the capability of delivering information to qualified users in an oblivious way. • Based on our preliminary work , we propose a provably secure BGKM scheme, called ACVBGKM, and formalize the notion of BGKM. • Having identified these problems, our preliminary work , proposes an approach to make rekey transparent to users by not distributing actual keys during the registration phase. • We propose an efficient approach for finegrained encryption-based access control for documents stored in an untrusted cloud file storage.
Advantages
? The performance of the asymmetric encryption is thus independent of the data size. ? We conducted a series of experiments to evaluate the performance of the IBET scheme. ? In particular, we implemented the efficient BB04 IBE scheme to compare its performance with ours in terms of file creation and file access. ? Many efforts have been made to improve efficiency and security of PRE and most of them focus on unidirectional PRE. ? Moreover, it enables users to first choose efficient identitybased encryption mechanisms to protect data, and then transform the encrypted data (if they like) so that users from a different (IBBE) encryption system can access.
