Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2011: Security and Privacy in Communication Networks pp 59–76Cite as

K2C: Cryptographic Cloud Storage with Lazy Revocation and Anonymous Access

  • Conference paper

Abstract

Security and privacy concerns hinder the adoption of cloud storage and computing in sensitive environments. We present a user-centric privacy-preserving cryptographic access control protocol called K2C (Key To Cloud) that enables end-users to securely store, share, and manage their sensitive data in an untrusted cloud storage anonymously. K2C is scalable and supports the lazy revocation. It can be easily implemented on top of existing cloud services and APIs – we demonstrate its prototype based on Amazon S3 API.

K2C is realized through our new cryptographic key-updating scheme, referred to as AB − HKU. The main advantage of the AB − HKU scheme is that it supports efficient delegation and revocation of privileges for hierarchies without requiring complex cryptographic data structures. We analyze the security and performance of our access control protocol, and provide an open source implementation. Two cryptographic libraries, Hierarchical Identity-Based Encryption and Key-Policy Attribute-Based Encryption, developed in this project are useful beyond the specific cloud security problem studied.

This work has been supported in part by DHS CCICADA and NSF grants CNS-0831186, CNS-0953638, CNS-0831268, CNS-0915394, CNS-0931992, and CNS-0952128.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 104th United States Congress. Health Insurance Portability and Accountability Act of 1996 (HIPPA), http://aspe.hhs.gov/admnsimp/pl104191.html

  2. Amazon S3, http://aws.amazon.com/s3/

  3. Amazon SimpleDB, http://aws.amazon.com/simpledb/

  4. BIHE, http://bihe.org/

  5. Google App Engine, http://appengine.google.com

  6. HIBE Crypto Library, https://sourceforge.net/projects/hibe

  7. K2C Framework, https://sourceforge.net/projects/key2cloud/

  8. KP-ABE Crypto Library, https://sourceforge.net/projects/kpabe .

  9. Open Source Implementation of CP-ABE, http://acsc.cs.utexas.edu/cpabe/

  10. SQL Data Services/Azure Services Platform, http://www.microsoft.com/azure/data.mspx

  11. Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: NDSS, pp. 29–43 (2005)

    Google Scholar 

  12. Backes, M., Cachin, C., Oprea, A.: Secure Key-Updating for Lazy Revocation. In: Research Report RZ 3627, IBM Research, pp. 327–346. Springer, Heidelberg (2005)

    Google Scholar 

  13. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. ACM (1993)

    Google Scholar 

  14. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  15. Blanton, M.: Key Management in Hierarchical Access Control Systems, 2007. PhD Thesis, Purdue University (August 2007)

    Google Scholar 

  16. Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and Efficient Key Management for Access Hierarchies. In: Proceedings of the ACM Conference on Computer and Communications Security (2005)

    Google Scholar 

  17. Blaze, M., Bleumer, G., Strauss, M.: Divertible Protocols and Atomic Proxy Cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  18. Chang, F., Dean, J., Ghemawat, S., Hsieh, W.C., Wallach, D.A., Burrows, M., Chandra, T., Fikes, A., Gruber, R.E.: Bigtable: A distributed storage system for structured data. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, vol. 7, pp. 205–218 (2006)

    Google Scholar 

  19. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85–90. ACM, New York (2009)

    Chapter  Google Scholar 

  20. Fu, K.: Group sharing and random access in cryptographic storage file systems. Technical report, Masters thesis, MIT (1999)

    Google Scholar 

  21. Fu, K., Kamara, S., Kohno, T.: Key regression: Enabling efficient key distribution for secure distributed storage. In: NDSS (2006)

    Google Scholar 

  22. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006)

    Google Scholar 

  23. Grolimund, D., Meisser, L., Schmid, S., Wattenhofer, R.: Cryptree: A folder tree structure for cryptographic file systems. In: Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems, pp. 189–198. IEEE Computer Society, Washington, DC (2006)

    Google Scholar 

  24. Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: Sirius: Securing remote untrusted storage. In: NDSS, pp. 131–145 (2003)

    Google Scholar 

  25. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage (2003)

    Google Scholar 

  26. Riedel, E., Kallahalla, M., Swaminathan, R.: A framework for evaluating storage system security. In: Proceedings of the 1st USENIX Conference on File and Storage Technologies, FAST 2002. USENIX Association, Berkeley (2002)

    Google Scholar 

  27. Stanton, P., Yurcik, W., Brumbaugh, L.: Protecting multimedia data in storage: A survey of techniques emphasizing encryption. In: IS and T/SPIE International Symposium Electronic Imaging/Storage and Retrieval Methods and Applications for Multimedia, pp. 18–29 (2005)

    Google Scholar 

  28. Takabi, H., Joshi, J.B.D., Ahn, G.-J.: Security and Privacy Challenges in Cloud Computing Environments. IEEE Security and Privacy 8, 24–31 (2010)

    Article  Google Scholar 

  29. Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 355–370. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  30. Xiong, H., Zhang, X., Zhu, W., Yao, D.: CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services. In: Rajarajan, M., et al. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 483–492. Springer, Heidelberg (2012)

    Google Scholar 

  31. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th Conference on Information Communications, INFOCOM 2010, pp. 534–542. IEEE Computer Society Press, Piscataway (2010)

    Google Scholar 

  32. Zarandioon, S., Yao, D., Ganapathy, V.: K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access. Technical report, Rutgers University. DCS-tr-688

    Google Scholar 

  33. Zarandioon, S.: Zaranux, http://zaranux.com/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Rutgers University, Piscataway, NJ, 08854, USA

    Saman Zarandioon & Vinod Ganapathy

  2. Department of Computer Science, Virginia Tech, Blacksburg, VA, 24060, USA

    Danfeng (Daphne) Yao

Authors
  1. Saman Zarandioon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Danfeng (Daphne) Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vinod Ganapathy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. City University London, 10 Northampton Square, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

  2. Royal Holloway University of London, TW20 0EX, Egham Hill, UK

    Fred Piper

  3. College of William and Mary, P.O. Box 8795, 23187, Williamsburg, VA, USA

    Haining Wang

  4. Pennsylvania State University, 338J IST Buillding, 16802, University Park, PA, USA

    George Kesidis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Zarandioon, S., Yao, D.(., Ganapathy, V. (2012). K2C: Cryptographic Cloud Storage with Lazy Revocation and Anonymous Access. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31909-9_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31908-2

  • Online ISBN: 978-3-642-31909-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation