Secure cloud data sharing encrypted system
Abstract : Cloud storage is an application of clouds that liberates organizations from establishing in-house data storage systems. However, cloud storage gives rise to security concerns. In case of group-shared data, the data face both cloud-specific and conventional insider threats. Secure data sharing among a group that counters insider threats of legitimate yet malicious users is an important research issue. In this paper, we propose the Secure Data Sharing in Clouds (SeDaSC) methodology that provides: 1) data confidentiality and integrity; 2) access control; 3) data sharing (forwarding) without using compute-intensive reencryption; 4) insider threat security; and 5) forward and backward access control. The SeDaSC methodology encrypts a file with a single encryption key. Two different key shares for each of the users are generated, with the user only getting one share. The possession of a single share of a key allows the SeDaSC methodology to counter the insider threats. The other key share is stored by a trusted third party, which is called the cryptographic server. The SeDaSC methodology is applicable to conventional and mobile cloud computing environments. We implement a working prototype of the SeDaSC methodology and evaluate its performance based on the time consumed during various operations. We formally verify the working of SeDaSC by using high-level Petri nets, the Satisfiability Modulo Theories Library, and a Z3 solver. The results proved to be encouraging and show that SeDaSC has the potential to be effectively used for secure data sharing in the cloud.
? The existing, departing, and newly joining group members can prove to be an insider threat violating data confidentiality and privacy.
? The existing and legitimate group members might show illegitimate behavior to manipulate the data.
? However, the computational complexities of bilinear pairing still exist in the system.
? If the group already exists, the encryption request will not contain L; rather, the group ID of the existing group will be sent.
? The CS, after receiving the encryption request for the file, generates the ACL from the list and creates a group of the users.
? The secure data sharing over the cloud among the group of users is ensured without the elliptic curve or bilinear Diffie– Hellman problem (BDH) cryptographic reencryption.
? Multiple security issues can arise due to different users in a group.
? Therefore, in group-shared data, the inside members might generate the issue of backward access control (a new user accessing past data) and forward access control (a departing user accessing future data).
? Nevertheless, simultaneously dealing with both the issues related to the key is an important issue that needs to be addressed effectively.
• In this paper, we propose a methodology named Secure Data Sharing in Clouds (SeDaSC) that deals with the aforementioned security requirements of shared group data within the cloud.
• The proposed methodology ensures the confidentiality of the data on the cloud by using symmetric encryption.
• The proposed SeDaSC methodology secures the data against issues of forward and backward access control that arise due to insider threats.
• The public–private keys generated in the proposed scheme are not based on the certificates.
• In the proposed scheme, the cloud generates the public–private key pairs for all of the users and transmits the public keys to all of the participating users.
? The performance of the SeDaSC methodology was evaluated based on the time consumption during the key generation, file upload, and file download operations.
? Cryptography is used as a typical tool to provide confidentiality and privacy services to the data.
? Moreover, SeDaSC can be used with the mobile cloud computing paradigm in addition to conventional cloud computing due to the fact that compute-intensive operations are performed by the CS.
? The user’s identity is used to generate the public–private key pair.
? The public keys of the group users can be also used to transmit the user portion of the key.
|