Advertisement

International Journal of Information Security

, Volume 17, Issue 4, pp 441–461 | Cite as

A pairing-based cryptographic approach for data security in the cloud

  • Miguel Morales-Sandoval
  • Jose Luis Gonzalez-Compean
  • Arturo Diaz-Perez
  • Victor J. Sosa-Sosa
Regular Contribution
  • 586 Downloads

Abstract

This paper presents AES4SeC, a security scheme fully constructed over cryptographic pairings. The main building blocks of AES4SeC are attribute-based encryption (ABE) and short signatures (SSign), with generalized constructions for the Type 3 pairing. AES4SeC was developed as an end-to-end storage service for hybrid cloud models and integrated to a file-sharing application for scenarios where data owners upload content to the cloud and selectively decide who is able to access that content. An experimental evaluation of AES4SeC was conducted by testing different security levels, recommended key sizes, and cryptographic engine constructions. This led to a wide experimental evaluation in terms of the running times of the primitive operations (encrypt, decrypt, sign, verify) and the space complexity of the ciphertexts, private and public keys, and the signatures. The implementation results revealed the feasibility and flexibility of AES4SeC in real scenarios, whereas a fine-tuning evaluation revealed that the best results in terms of performance and memory requirements are obtained using Type 3 pairings over type F elliptic curves. This is a relevant result because most of the ABE and SSign schemes in the literature are provided for the Type 1 pairing (symmetric) over type A curves, which exhibited poorer results.

Keywords

Cloud storage Attribute-based encryption Short signatures Pairings 

References

  1. 1.
    Alpar, G.: Attribute-based identity management. PhD thesis (2015)Google Scholar
  2. 2.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management-part 1: general(Revision 4). NIST Spec. Publ. 800–57, 1–156 (2015)Google Scholar
  3. 3.
    Barreto, PSLM., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: 12th International Conference on Selected Areas in Cryptography, Springer-Verlag, SAC’05, pp. 319–331 (2006)Google Scholar
  4. 4.
    Bartoletti, D., Nelson, LE., Cser, A., Rymer, JR., Kindness, A., Martorelli, W.: Predictions 2016: The cloud accelerates. In: Forrester Research Technical Report, Forrester Inc, (2015) https://www.forrester.com/report/Predictions+2016+The+Cloud+Accelerates/-/E-RES125317
  5. 5.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society, SP ’07, pp. 321–334 (2007)Google Scholar
  6. 6.
    Bobba, R., Khurana, H., Prabhakaran, M.: Attribute-sets: a practically motivated enhancement to attribute-based encryption. In: 14th European Symposium on Research in Computer Security, pp. 587–604. Saint-Malo, France (2009)Google Scholar
  7. 7.
    Boneh, D.: Pairing-based cryptography: past, present, and future. In: Advances in Cryptology ASIACRYPT 2012, Springer Berlin Heidelberg, vol. 7658, pp. 1–1 (2012)Google Scholar
  8. 8.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, pp. 56–73 (2004)Google Scholar
  9. 9.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian J (ed) Advances in Cryptology CRYPTO 2001, Springer Berlin Heidelberg, vol. 2139, pp. 213–229 (2001)Google Scholar
  10. 10.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Advances in Cryptology, Springer-Verlag, London, UK, ASIACRYPT ’01, pp. 514–532 (2001)Google Scholar
  11. 11.
    Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014)CrossRefGoogle Scholar
  12. 12.
    Braun, J., Volk, F., Buchmann, J., Mhlhuser, M.: Trust views for the web PKI. Public key infrastructures, services and applications, pp. 134–151. Springer, Berlin Heidelberg (2014)CrossRefGoogle Scholar
  13. 13.
    Chen, C., Chen, J., Lim, HW., Zhang, Z., Feng, D.: Combined public-key schemes: the case of ABE and ABS. In: 6th International Conference on Provable Security, Springer-Verlag, Chengdu, China, ProvSec’12, pp. 53–69 (2012)Google Scholar
  14. 14.
    De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 IEEE Symposium on Computers and Communications (ISCC), pp. 850–855 (2011)Google Scholar
  15. 15.
    Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Escofier, J.P.: Galois Theory, Graduate Texts in Mathematics, vol. 204. Springer, New York (2001)Google Scholar
  17. 17.
    European Network of Excellence in Cryptology II.: ECRYPT II yearly report on algorithms and keysizes. ECRYPT-II project (2012)Google Scholar
  18. 18.
    European Union Agency for Network and Information Security Algorithms, key size and parameters report (2014)Google Scholar
  19. 19.
    Gonzalez, J., Carretero Perez, J., Sosa-Sosa, V.J., Sanchez, L.M., Bergua, B.: SkyCDS: a resilient content delivery service based on diversified cloud storage. Simul. Model. Pract. Theory 54, 64–85 (2015)CrossRefGoogle Scholar
  20. 20.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM Conference on Computer and Communications Security, ACM, CCS ’06, pp. 89–98 (2006)Google Scholar
  21. 21.
    Guadie Worku, S., Xu, C., Zhao, J., He, X.: Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput. Electr. Eng. 40(5), 1703–1713 (2014)CrossRefGoogle Scholar
  22. 22.
    Guillevic, A.: KimBarbulescu variant of the number field sieve to compute discrete logarithms in finite fields. (2016) https://ellipticnews.wordpress.com/2016/05/02/kim-barbulescu-variant-of-the-number-field-sieve-to-compute-discrete-logarithms-in-finite-fields/
  23. 23.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag, New York Inc, Secaucus (2003)zbMATHGoogle Scholar
  24. 24.
    Hohenberger, S., Waters, B.: Online/offline attribute-based encryption.In: 17th International Conference on Practice and Theory in Public-Key Cryptography, pp. 293–310. Springer, Berlin Heidelberg, Buenos Aires, Argentina (2014)Google Scholar
  25. 25.
    Hong, H., Sun, Z.: An efficient and secure attribute based signcryption scheme with lsss access structure. Springer Plus 5(644), (2016). doi: 10.1186/s40064-016-2286-2
  26. 26.
    Hur, J., Kang, K.: Secure data retrieval for decentralized disruption-tolerant military networks. IEEE/ACM Trans. Netw. 22(1), 16–26 (2014)CrossRefGoogle Scholar
  27. 27.
    Hur, J., Koo, D., Hwang, S.O., Kang, K.: Removing escrow from ciphertext policy attribute-based encryption. Comput. Math. Appl. 65(9), 1310–1317 (2013)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Jackson, K.: OpenStack Cloud Computing Cookbook. Packt Publishing, Birmingham (2012)Google Scholar
  29. 29.
    Khader, D.: Introduction to attribute based searchable encryption. In: De Decker, B., Zquete, A. (eds.) Communications and Multimedia Security, vol. 8735, pp. 131–135. Springer, Berlin Heidelberg (2014)Google Scholar
  30. 30.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Advances in cryptology—CRYPTO 2016: 36th Annual International Cryptology Conference, Proceedings, Part I, Springer Berlin Heidelberg, Santa Barbara, CA, USA, August 14-18, pp. 543–571 (2016)Google Scholar
  31. 31.
    Koo, D., Hur, J., Yoon, H.: Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)CrossRefGoogle Scholar
  32. 32.
    Lewko, A., Waters, B. Decentralizing attribute-based encryption. In: Advances in Cryptology EUROCRYPT 2011, Springer Berlin Heidelberg, vol. 6632, pp. 568–588 (2011)Google Scholar
  33. 33.
    Li, S., Gao, J.: Big Data Concepts, Theories, and Applications, Springer International Publishing, chap Security and Privacy for Big Data, pp 281–313 (2016)Google Scholar
  34. 34.
    Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52(C), 67–76 (2015)CrossRefGoogle Scholar
  35. 35.
    Liu, Z., Wong, D.S.: Practical attribute-based encryption: traitor tracing, revocation and large universe. The Computer Journal (2015). doi: 10.1093/comjnl/bxv101, online, doi: 10.1093/comjnl/bxv101, http://comjnl.oxfordjournals.org/content/early/2015/11/23/comjnl.bxv101.full.pdf+html
  36. 36.
    Liu, Z., Cao, Z., Wong, DS.: Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptology ePrint Archive, Report 2010/374, (2010) http://eprint.iacr.org/
  37. 37.
    Lynn, B.: On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University, Department of Computere Science, (2007)Google Scholar
  38. 38.
    Moody, D., Peralta, R., Perlner, R., Regenscheid, A., Roginsky, A., Chen, L.: Report on pairing-based cryptography. J. Res. Natl. Inst. Stand. Technol. 120, 11–27 (2015). doi: 10.6028/jres.120.002 CrossRefGoogle Scholar
  39. 39.
    Morales-Sandoval, M., Diaz-Perez, A.: DET-ABE: A Java API for data confidentiality and fine-grained access control from attribute based encryption. In: 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice— WISTP 2015, pp. 104–119 (2015)Google Scholar
  40. 40.
    Pang, L., Yan, X., Zhao, H., Hu, Y., Li, H.: A novel multi-receiver signcryption scheme with complete anonymity. PLoS ONE 11(11), (2016). doi: 10.1371/journal.pone.0166173
  41. 41.
    Pasupuleti, S.K., Ramalingam, S., Buyya, R.: An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing. J. Netw. Comput. Appl. 64, 12–22 (2016). doi: 10.1016/j.jnca.2015.11.023 CrossRefGoogle Scholar
  42. 42.
    Rannenberg, K., Camenisch, J., Sabouri, A.: Attribute-Based Credentials for Trust. Springer International Publishing, Berlin (2015)CrossRefGoogle Scholar
  43. 43.
    Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Financial Cryptography and Data Security, Springer, Berlin Heidelberg 8975, pp. 315–332 (2015)Google Scholar
  44. 44.
    Scott, M.: On the efficient implementation of pairing-based protocols. In: Proceedings of the 13th IMA International Conference, Springer, Oxford, UK, IMACC 2011, pp. 296–308 (2011)Google Scholar
  45. 45.
    Song, W., Wang, B., Wang, Q., Peng, Z., Lou, W., Cui, Y.: A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications. J. Parallel Distrib. Comput. 99, 14–27 (2017). doi: 10.1016/j.jpdc.2016.05.017 CrossRefGoogle Scholar
  46. 46.
    Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)CrossRefGoogle Scholar
  47. 47.
    Wan, Z., Liu, J., Deng, R.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)CrossRefGoogle Scholar
  48. 48.
    Wang, J., Kissel, Z.: Introduction to Network Security: Theory and Practice. Wiley, Hoboken (2015)CrossRefGoogle Scholar
  49. 49.
    Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public Key Cryptography PKC 2011, Springer Berlin Heidelberg, vol. 6571, pp. 53–70 (2011)Google Scholar
  50. 50.
    Younis, Y.A., Kifayat, K., Merabti, M.: An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014)Google Scholar
  51. 51.
    Zhang, J., Zhang, Z.: Secure and efficient data-sharing in clouds. Concurr. Comput. Pract. Exper. 27(8), 2125–2143 (2015)CrossRefGoogle Scholar
  52. 52.
    Zickau, S., Thatmann, D., Butyrtschik, A., Denisow, I., Kupper, A.: Applied attribute-based encryption schemes. In: 19th International ICIN Conference—Innovations in Clouds, pp. 88–95. Internet and Networks, Paris (2016)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.Cinvestav Unidad TamaulipasCd VictoriaMexico

Personalised recommendations