Abstract
Security and privacy concerns hinder the adoption of cloud storage and computing in sensitive environments. We present a user-centric privacy-preserving cryptographic access control protocol called K2C (Key To Cloud) that enables end-users to securely store, share, and manage their sensitive data in an untrusted cloud storage anonymously. K2C is scalable and supports the lazy revocation. It can be easily implemented on top of existing cloud services and APIs – we demonstrate its prototype based on Amazon S3 API.
K2C is realized through our new cryptographic key-updating scheme, referred to as AB − HKU. The main advantage of the AB − HKU scheme is that it supports efficient delegation and revocation of privileges for hierarchies without requiring complex cryptographic data structures. We analyze the security and performance of our access control protocol, and provide an open source implementation. Two cryptographic libraries, Hierarchical Identity-Based Encryption and Key-Policy Attribute-Based Encryption, developed in this project are useful beyond the specific cloud security problem studied.
This work has been supported in part by DHS CCICADA and NSF grants CNS-0831186, CNS-0953638, CNS-0831268, CNS-0915394, CNS-0931992, and CNS-0952128.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
104th United States Congress. Health Insurance Portability and Accountability Act of 1996 (HIPPA), http://aspe.hhs.gov/admnsimp/pl104191.html
Amazon S3, http://aws.amazon.com/s3/
Amazon SimpleDB, http://aws.amazon.com/simpledb/
BIHE, http://bihe.org/
Google App Engine, http://appengine.google.com
HIBE Crypto Library, https://sourceforge.net/projects/hibe
K2C Framework, https://sourceforge.net/projects/key2cloud/
KP-ABE Crypto Library, https://sourceforge.net/projects/kpabe .
Open Source Implementation of CP-ABE, http://acsc.cs.utexas.edu/cpabe/
SQL Data Services/Azure Services Platform, http://www.microsoft.com/azure/data.mspx
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: NDSS, pp. 29–43 (2005)
Backes, M., Cachin, C., Oprea, A.: Secure Key-Updating for Lazy Revocation. In: Research Report RZ 3627, IBM Research, pp. 327–346. Springer, Heidelberg (2005)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. ACM (1993)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE Computer Society, Washington, DC (2007)
Blanton, M.: Key Management in Hierarchical Access Control Systems, 2007. PhD Thesis, Purdue University (August 2007)
Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and Efficient Key Management for Access Hierarchies. In: Proceedings of the ACM Conference on Computer and Communications Security (2005)
Blaze, M., Bleumer, G., Strauss, M.: Divertible Protocols and Atomic Proxy Cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)
Chang, F., Dean, J., Ghemawat, S., Hsieh, W.C., Wallach, D.A., Burrows, M., Chandra, T., Fikes, A., Gruber, R.E.: Bigtable: A distributed storage system for structured data. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, vol. 7, pp. 205–218 (2006)
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85–90. ACM, New York (2009)
Fu, K.: Group sharing and random access in cryptographic storage file systems. Technical report, Masters thesis, MIT (1999)
Fu, K., Kamara, S., Kohno, T.: Key regression: Enabling efficient key distribution for secure distributed storage. In: NDSS (2006)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006)
Grolimund, D., Meisser, L., Schmid, S., Wattenhofer, R.: Cryptree: A folder tree structure for cryptographic file systems. In: Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems, pp. 189–198. IEEE Computer Society, Washington, DC (2006)
Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: Sirius: Securing remote untrusted storage. In: NDSS, pp. 131–145 (2003)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage (2003)
Riedel, E., Kallahalla, M., Swaminathan, R.: A framework for evaluating storage system security. In: Proceedings of the 1st USENIX Conference on File and Storage Technologies, FAST 2002. USENIX Association, Berkeley (2002)
Stanton, P., Yurcik, W., Brumbaugh, L.: Protecting multimedia data in storage: A survey of techniques emphasizing encryption. In: IS and T/SPIE International Symposium Electronic Imaging/Storage and Retrieval Methods and Applications for Multimedia, pp. 18–29 (2005)
Takabi, H., Joshi, J.B.D., Ahn, G.-J.: Security and Privacy Challenges in Cloud Computing Environments. IEEE Security and Privacy 8, 24–31 (2010)
Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 355–370. Springer, Heidelberg (2009)
Xiong, H., Zhang, X., Zhu, W., Yao, D.: CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services. In: Rajarajan, M., et al. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 483–492. Springer, Heidelberg (2012)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th Conference on Information Communications, INFOCOM 2010, pp. 534–542. IEEE Computer Society Press, Piscataway (2010)
Zarandioon, S., Yao, D., Ganapathy, V.: K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access. Technical report, Rutgers University. DCS-tr-688
Zarandioon, S.: Zaranux, http://zaranux.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zarandioon, S., Yao, D.(., Ganapathy, V. (2012). K2C: Cryptographic Cloud Storage with Lazy Revocation and Anonymous Access. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)