Enforcing Access Controls on Encrypted Cloud Storage with Policy Hiding
Author:
Affiliation:

Fund Project:

National Program on Key Basic Research Project of China (973) (014CB340603); National High-Tech R&D Program of China (863) (2013AA01A214); Strategy Pilot Project of Chinese Academy of Sciences (XDA06010702)

  • Article
  • | |
  • Metrics
  • |
  • Reference [27]
  • |
  • Related [20]
  • |
  • Cited by
  • | |
  • Comments
    Abstract:

    Enforcing access controls on cloud storage by cryptography is an important topic of cloud security. Based on access control policies, selective encryption builds key derivation graphs to distribute symmetric keys among users. Selective encryption can ensure the confidentiality and fine-grained access control of cloud storage data, while simplifying data encryption procedure and reducing the total number of keys. However, the existing selective encryption solutions have to fully or at least partially disclose the access control policies. This policy information unfortunately, is usually related to the authorization relation between users and files, leading to privacy leakage. This work significantly improves the existing policy-hiding schemes (of selective encryption) with much less privacy leakage and much faster key derivation, while supporting fine-grained access control on encrypted cloud storage.

    Reference
    [1] http://aws.amazon.com/cn/s3/
    [2] https://www.icloud.com/
    [3] http://yun.baidu.com/?ref=ppzq
    [4] http://www.windowsazure.cn/?fb=002
    [5] http://www.ksyun.com/
    [6] http://www.iimedia.cn/38351.html
    [7] http://popcrush.com/apple-releases-statement-icloud-celeb-photo-hacks
    [8] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Over-Encryption: Management of access control evolution on outsourced data. In: Wolfgang K, ed. Proc. of the 33rd Int'l Conf. on Very Large Data Bases. Vienna: VLDB Endowment, 2007. 123-134.
    [9] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Encryption policies for regulating access to outsourced data. ACM Trans. on Database Systems, 2010,35(2):12. [doi: 10.1145/1735886.1735891]
    [10] De Capitani di Vimercati S,Foresti S, Jajodia S, Paraboschi S, Pelosi G, Samarati P. Preserving confidentiality of security policies in data outsourcing. In: AtluriV, ed. Proc. of the 7th ACM Workshop on Privacy in the Electronic Society. New York: ACM, 2008. 75-84. [doi: 10.1145/1456403.1456417]
    [11] Agrawal R, Borgida A, Jagadish HV. Efficient management of transitive relationships in large data and knowledge bases. In: Clifford J, ed. Proc. of the 1989 ACM SIGMOD Int'l Conf. on Management of data. New York: ACM, 1989. 253-262. [doi: 10. 1145/66926.66950]
    [12] Yu SC, Wang C, Ren K, Lou WJ. Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Mandyam G, ed. Piscataway: IEEE, 2010. 1-9. [doi: 10.1109/INFCOM.2010.5462174]
    [13] Wang Q, Wang C, Li J, Ren K, Lou WJ. Enabling public verifiability and data dynamics for storages security in cloud computing. In: Proc. of the 14th European Symp. on Research in Computer Security. Berlin, Heidelberg: Springer-Verlag, 2009. 355-370. [doi: 10.1007/978-3-642-04444-1_22]
    [14] De Capitani di Vimercati S, Foresti S, Jajodia S, Livraga G, Paraboschi S, Samarati P. Enforcing dynamic write privileges in data outsourcing. Computers & Security, 2013,47-63. [doi: 10.1016/j.cose.2013.01.008]
    [15] Blundo C, Cimato S, De Capitani di Vimercati S, Santis AD, Foresti S, Paraboschi S, Samarati P. Managing key hierarchies for access control enforcement: Heuristic approaches. Computer & Security, 2010,29:533-547. [doi: 10.1016/j.cose.2009.12.006]
    [16] Jiang WY, Wang Z, Liu LM, Gao N. Towards efficient update of access control policy for cryptographic cloud storage. In: Proc. of the SeucreComm Workshop on Data Protection in Mobile and Pervasive Computing. 2014.
    [17] Sahai A,Waters B. Fuzzy identity-based encryption. In: Cramer R, ed. Advances in Cryptology–EUROCRYPT 2005. Berlin, Heidelberg: Springer-Verlag, 2005. 457-473. [doi: 10.1007/11426639_27]
    [18] Goyal V, Pandey O, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Juels A, ed. Proc. of the 13th ACM Conf. on Computer and Communications Security. New York: ACM, 2006. 89-98. [doi: 10.1145/ 1180405.1180418]
    [19] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Piscataway: IEEE, 2007. 321-334. [doi: 10.1109/SP.2007.11]
    [20] Kapadia A, Tsang PP, Smith SW. Attribute-Based publishing with hidden credentials and hidden policies. In: Proc. of the 14th Annual Network and Distributed System Security Symp. 2007. 179-192.
    [21] Li XH, Gu D, Ren YL, Ding N, Yuan K. Efficient ciphertext-policy attribute based encryption with hidden policy. In: Yang X, ed. Proc. of the 5th Int'l Conf. Berlin, Heidelberg: Springer-Verlag, 2012. 146-159. [doi: 10.1007/978-3-642-34883-9_12]
    [22] Blaze M, Bleumer G, Strauss M. Divertible protocols and atomic proxy cryptography. In: Nyberg K, ed. Advances in Cryptology —EUROCRYPT'98. Berlin, Heidelberg: Springer-Verlag, 1998. 127-144. [doi: 10.1007/BFb0054122]
    [23] Ateniese G, Fu K, Gren M, Hohenberger S. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. on Information and System Security, 2006,9(1):1-30. [doi: 10.1145/1127345.1127346]
    [24] Yu SC, Wang C, Ren K, Lou WJ. Attribute based data sharing with attribute revocation. In: Feng DG, ed. Proc. of the 5th ACM Symp. on Information, Computer and Communications Security. New York: ACM, 2010. 261-270. [doi: 10.1145/1755688. 1755720]
    [25] Tang Y, Lee PPC, Lui JCS, Perlman R. Secure overlay cloud storage with access control and assured deletion. IEEE Trans. on Dependable and Secure Computing, 2012,9(6):903-916. [doi: 10.1109/TDSC.2012.49]
    [26] Liu Q, Wang GJ, Wu J. Time-Based proxy re-encryption scheme for secure data sharing in a cloud environment. Information Sciences, 2012,258(2014):355-370. [doi: 10.1016/j.ins.2012.09.034]
    [27] Weiss MA. Data Structures and Algorithm Analysis in C. Addison-Wesley, 1996.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

雷蕾,蔡权伟,荆继武,林璟锵,王展,陈波.支持策略隐藏的加密云存储访问控制机制.软件学报,2016,27(6):1432-1450

Copy
Share
Article Metrics
  • Abstract:6613
  • PDF: 8213
  • HTML: 2697
  • Cited by: 0
History
  • Received:August 15,2015
  • Revised:October 09,2015
  • Online: January 22,2016
You are the first2032489Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063