Abstract
As an extension of cloud computing, fog/edge computing migrates enormous computing and storage resources to the network edge, which forms an edge layer that is close to end devices. However, security concerns hinder the adoption of fog/edge computing. This book chapter researches the problem of secure storage and search services in fog/edge computing. From the aspect of storage security, we first propose a hierarchical-attribute-based encryption (HABE) scheme to efficiently achieve fine-grained access control in clouds, and then we combine HABE and Proxy Re-Encryption (PRE) by incorporating time concept into PRE to achieve user revocation automatically. From the aspect of search privacy, we propose a dynamic attribute-based keyword search (DABKS) scheme to achieve fine-grained search authorization in cloud computing. DABKS delegates the policy updating operations to the cloud, by incorporating proxy re-encryption (PRE) and a secret sharing scheme (SSS) into attribute-based keyword search (ABKS). The research results will play an important role in attribute-based encryption and searchable encryption, which could help create new situations for providing secure services in cloud computing and fog/edge computing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Research and Markets: Cloud storage market - forecasts from 2017 to 2022. https://www.researchandmarkets.com/research/lf8wbx/cloud_storage/
Rimal, B.P., Choi, E., Lumb, I.: A taxonomy and survey of cloud computing systems. In: Proc. of the 5th International Joint Conference on INC, IMS and IDC (NCM 2009), pp. 44–51 (2009)
Zhou, M., Zhang, R., Zeng, D., Qian, W.: Services in the cloud computing era: a survey. In: Proc. of the 4th International Conference on Universal Communication Symposium (IUCS 2010), pp. 40–46 (2010)
Wikipedia: icloud leaks of celebrity photos. https://en.wikipedia.org/wiki/ICloud_leaks_of_celebrity_photos
Khandelwal, S.: Download: 68 million hacked dropbox accounts are just a click away!. https://thehackernews.com/2016/10/dropbox-password-hack.html
McGee, M.K.: Blood test results exposed in cloud repository. https://www.databreachtoday.com/blood-test-results-exposed-in-cloud-repository-a-10382
Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.: Improved cryptanalysis of Rijndael. In: Fast Software Encryption, pp. 213–230. Springer, Berlin (2001)
Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., et al.: Factorization of a 768-bit RSA modulus. In: Advances in Cryptology–CRYPTO 2010, pp. 333–350. Springer, Berlin (2010)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proc. of the 2nd USENIX Conference on File and Storage Technologies (FAST 2003), pp. 29–42 (2003)
Goh, E., Shacham, H., Modadugu, N., Boneh, D.: Sirius: securing remote untrusted storage. In: Proc. of the 10th Network and Distributed Systems Security Symposium (NDSS 2003), pp. 131–145 (2003)
Liu, Q., Wang, G., Wu, J.: Efficient sharing of secure cloud storage services. In: Proc. of the 10th IEEE 10th International Conference on Computer and Information Technology (CIT 2010), pp. 922–929 (2010)
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Proc. of the 8th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2002), pp. 149–155 (2002)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proc. of the 24th International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT 2005), pp. 557–557 (2005)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proc. of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 89–98 (2006)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. of the 27th IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334 (2007)
Müller, S., Katzenbeisser, S., Eckert, C.: Distributed attribute-based encryption. In: Proc. of the 7th International Conference on Information Security and Cryptology (ICISC 2009), pp. 20–36 (2009)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public Key Cryptography–PKC 2011, pp. 53–70. Springer, Berlin (2011)
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Advances in Cryptology–EUROCRYPT 2010, pp. 62–91. Springer, Berlin (2010)
Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Yu, Y., Yang, A.: A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 28, 95–108 (2015)
Jung, T., Li, X.Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10, 190–199 (2015)
Han, J., Susilo, W., Mu, Y., Zhou, J.: Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10, 665–678 (2015)
Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 121–130. ACM, New York (2009)
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Advances in Cryptology–EUROCRYPT 2011, pp. 568–588. Springer, Berlin (2011)
Wang, G., Liu, Q., Wu, J.: Achieving fine-grained access control for secure data sharing on cloud servers. Concurrency Comput. Pract. Exp. 23(12), 1443–1464 (2011)
Wang, G., Liu, Q., Wu, J., Guo, M.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput. Secur. 30(5), 320–331 (2011)
Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 735–737 (2010)
Zhu, Y., Hu, H., Ahn, G., et al.: Comparison-based encryption for fine-grained access control in clouds. In: Proceedings of ACM CODASPY, pp. 105–116 (2012)
Liu, X., Liu, Q., Peng, T., Wu, J.: Dynamic access policy in cloud-based personal health record (PHR) systems. Inf. Sci. 8(7), 1332–1346 (2015)
Wu, Y., Wei, Z., Deng, H., et al.: Attribute-based access to scalable media in cloud-assisted content sharing. IEEE Trans. Multimed. 15(4), 778–788 (2013)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)
Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Advances in Cryptology–EUROCRYPT 2008, pp. 146–162. Springer, Berlin (2008)
Okamoto, T., Takashima, K.: Hierarchical predicate encryption for inner-products. In: Advances in Cryptology–ASIACRYPT 2009, pp. 214–231. Springer, Berlin (2009)
Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. J. Comput. Secur. 18(5), 799–837 (2010)
Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Proc. of the 17th International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT 1998), pp. 127–144 (1998)
Green, M., Ateniese, G.: Identity-based proxy re-encryption. In: Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS), pp. 288–306 (2007)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proc. of the 29th IEEE International Conference on Computer Communications (INFOCOM 2010), pp. 534–542 (2010)
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 261–270 (2010)
Shi, Y., Zheng, Q., et al.: Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Inf. Sci. 295, 221–231 (2015)
Liu, Q., Wang, G., Wu, J.: Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf. Sci. 258, 355–370 (2014)
Yang, Y., Zhu, H., et al.: Cloud based data sharing with fine-grained proxy re-encryption. Pervasive Mob. Comput. (2015). http://dx.doi.org/10.1016/j.pmcj.2015.06.017
Yang, K., Jia, X., Ren, K., et al.: Enabling efficient access control with dynamic policy updating for big data in the cloud. In: Proceedings of IEEE INFOCOM, pp. 2013–2021 (2014)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proc. of the 2000 IEEE Symposium on Security and Privacy (SP 2000), pp. 44–55 (2000)
Goh, E.-J.: Secure indexes. Cryptology ePrint Archive, Report 2003/216, Tech. Rep. (2003)
Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Applied Cryptography and Network Security, pp. 442–455. Springer, Berlin (2005)
Kurosawa, K., Ohtaki, Y.: UC-secure searchable symmetric encryption. In: Financial Cryptography and Data Security, pp. 285–298. Springer, Berlin (2012)
Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Financial Cryptography and Data Security, pp. 258–274. Springer, Berlin (2013)
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Advances in Cryptology-Eurocrypt 2004, pp. 506–522. Springer, Berlin (2004)
Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Applied Cryptography and Network Security, pp. 31–45. Springer, Berlin (2004)
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Proceedings of CRYPTO 2001, LNCS, 2139, 213–229 (2001).
Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Theory of Cryptography, pp. 535–554. Springer, Berlin (2007)
Shi, E., Bethencourt, J., Chan, T.-H., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: Proc. of the 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 350–364 (2007)
Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: Proc. of the 23rd ACM Symposium on Operating Systems Principles (SOSP 2011), pp. 85–100 (2011)
Wang, C., Cao, N., Li, J., Ren, K., Lou, W.: Secure ranked keyword search over encrypted cloud data. In: Proc. of the 30th IEEE International Conference on Distributed Computing Systems (ICDCS 2010), pp. 253–262 (2010)
Boldyreva, A., Chenette, N., Lee, Y., Oneill, A.: Order-preserving symmetric encryption. In: Advances in Cryptology-EUROCRYPT 2009, pp. 224–241. Springer, Berlin (2009)
Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014)
Wong, W.K., Cheung, D.W.-l., Kao, B., Mamoulis, N.: Secure KNN computation on encrypted databases. In: Proc. of the 2009 ACM SIGMOD International Conference on Management of Data (SIGMOD 2009), pp. 139–152 (2009)
Li, J., Wang, Q., Wang, C., Cao, N., Ren, K., Lou, W.: Fuzzy keyword search over encrypted data in cloud computing. In: Proc. of the 29th IEEE International Conference on Computer Communications (INFOCOM 2010), pp. 1–5 (2010)
Wang, B., Yu, S., Lou, W., Hou, Y.T.: Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud. In: Proc. of IEEE INFOCOM (2014)
Guo, D., Wu, J., Chen, H., Luo, X., et al.: Theory and network applications of dynamic bloom filters. In: Proc. of INFOCOM (2006)
Indyk, P., Motwani, R.: Approximate nearest neighbors: towards removing the curse of dimensionality. In: Proc. of ACM STOC (1998)
Fu, Z., Xia, L., Sun, X., Liu, A.X., Xie, G.: Semantic-aware searching over encrypted data for cloud computing. IEEE Trans. Inf. Forensics Secur. 13(9), 2359–2371 (2018)
Wang, D., Jia, X., Wang, C., Yang, K., Fu, S., Xu, M.: Generalized pattern matching string search on encrypted data in cloud systems. In: Proc. of INFOCOM, pp. 2101–2109 (2015)
Ding, X., Liu, P., Jin, H.: Privacy-preserving multi-keyword top-k similarity search over encrypted data. IEEE Trans. Dependable Secure Comput. 16(2), 344–357 (2019)
Boldyreva, A., Chenette, N.: Efficient fuzzy search on encrypted data. In: Proc. of FSE, pp. 613–633 (2014)
Moataz, T., Ray, I., Ray, I., Shikfa, A., Cuppens, F., Cuppens, N.: Substring search over encrypted data. J. Comput. Secur. 26(1), 1–30 (2018)
Hahn, F., Loza, N., Kerschbaum, F.: Practical and secure substring search. In: Proc. of SIGMOD, pp. 163–176 (2018)
Bao, F., Deng, R.H., Ding, X., Yang, Y.: Private query on encrypted data in multi-user settings. In: Information Security Practice and Experience. Springer, Berlin (2008)
Li, M., Yu, S., Cao, N., Lou, W.: Authorized private keyword search over encrypted personal health records in cloud computing. In: Proc. of IEEE ICDCS (2011)
Zheng, Q., Xu, S., Ateniese, G.: VABKS: verifiable attribute-based keyword search over outsourced encrypted data. In: Proc of IEEE INFOCOM (2014)
Hu, B., Liuy, Q., Liu, X., Peng, T., Wu, J.: DABKS: dynamic attribute-based keyword search in cloud computing. In: Proc of IEEE ICC (2017)
Peng, T., Liu, Q., Hu, B., Liu, J., Zhu, J.: Dynamic keyword search with hierarchical attributes in cloud computing. IEEE Access 6, 68948–68960 (2018)
Naveed, M.: The fallacy of composition of oblivious ram and searchable encryption. IACR Cryptol. ePrint Arch. 2015, 668 (2015)
Canetti, R., Raghuraman, S., Richelson, S., Vaikuntanathan, V.: Chosen-ciphertext secure fully homomorphic encryption. In: Proc. of IACR International Workshop on Public Key Cryptography, pp. 213–240 (2017)
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proc. of the 13th ACM Conference on Computer and Communications Security (CCS 2006) (2006)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Proceedings of International Cryptology Conference (CRYPTO), pp. 10–18 (1984)
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proc. of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), pp. 261–270 (2010)
Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Public Key Cryptography–PKC 2008, pp. 360–379. Springer, Berlin (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Liu, Q. (2021). Secure Search and Storage Services in Cloud and Fog/Edge Computing. In: Chang, W., Wu, J. (eds) Fog/Edge Computing For Security, Privacy, and Applications. Advances in Information Security, vol 83. Springer, Cham. https://doi.org/10.1007/978-3-030-57328-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-57328-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57327-0
Online ISBN: 978-3-030-57328-7
eBook Packages: Computer ScienceComputer Science (R0)