As the security of cloud storage cannot be effectively guaranteed, many users are reluctant to upload their key data to the cloud for storage, which seriously hinders the development of cloud storage. Since ensuring the confidentiality of user data and avoiding unauthorized access is the key to solving the security problems of cloud storage, there has been much cryptographic research proposing the use of the combination of cryptography technologies and access control model to guarantee the data security on untrusted cloud providers. However, the vast majority of existing access control schemes for ciphertext in cloud storage do not support the dynamic update of access control policies, and the computational overhead is also very large. This is contrary to the needs of most practical applications, which leverage dynamic data and need low computation cost. To solve this problem, combined with identity-based cryptosystem (IBC) and role-based access control (RBAC) model, we propose an RBAC (In this paper we use RBAC1 model which is richer access control model)) scheme for ciphertext in cloud storage. We also give the formal definitions of our scheme, a detailed description of four tuple used to represent access control strategy, the hybrid encryption strategy and write-time re-encryption strategy, which are designed for improving the system efficiency. The detailed construction processes of our scheme which. Include system initialization, add and delete users, add and delete permissions, add and delete roles, add and delete role inheritance, assign and remove user, assign and remove permission, read and write file algorithm are also given. Finally, we analyze the scheme and prove that it is correct,
access control preserving (AC- preserving) and secure.
This is a preview of subscription content, log in to check access.
Buy single article
Instant unlimited access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
Liu Z, Chen X, Yang J et al (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207
Xu J, Wei L, Zhang Y et al (2018) Dynamic fully Homomorphic encryption-based Merkle tree for lightweight streaming authenticated data structures. J Netw Comput Appl 107:113–124
Liu Z, Huang Y et al (2018) DivORAM: towards a practical oblivious RAM with variable block size. Inf Sci 447:1–11
Liu Z, Li B, Huang Y et al (2019) NewMCOS: towards a practical multi-cloud oblivious storage scheme. IEEE Trans Knowl Data Eng. https://doi.org/10.1109/TKDE.2019.2891581
Yue X, Chen B, Wang X et al (2018) An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures. IEEE Access 6:62584–62600
Wang C, Chow S, Wang Q et al (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375
Jung Y, Chung M (2010) Adaptive security management model in the cloud computing environment. In: The 12th international conference on advanced communication technology (ICACT), Phoenix Park, South Korea, pp 1664–1669
Freudenthal E, Pesin T, Port L et al (2002) dRBAC: distributed role-based access control for dynamic coalition environments. In: The 22nd international conference on distributed computing systems (ICDCD), Vienna, Austria, pp 411–420
Choi C, Choi J, Kim P (2014) Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722
Chen D, Huang X, Ren X (2009) Access control of cloud service based on UCON. In: IEEE international conference on cloud computing (CloudCom), Beijing, China, pp 559–564
Krautsevich L, Lazouski A, Martinelli F et al (2010) Risk-aware usage decision making in highly dynamic systems. In: 5th international conference on internet monitoring and protection (ICIMP), Barcelona, Spain, pp 29–34
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: International conference on theory and applications of cryptographic techniques (EUROCRYPT), Aarhus, Denmark, pp 457–473
Goyal V, Pandey O, Sahai A et al (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 89–98
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Acm conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 195–203
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP), Berkeley, CA, USA, pp 321–334
Sun G, Yu D, Yun L (2011) CP-ABE based data access control for cloud storage. J Commun 32(7):146–152
Goyal V, Jain A, Pandey O et al (2008) Bounded Ciphertext policy attribute based encryption. In: The 35th international colloquium on automata, languages and programming, Reykjavik, Iceland, pp 579–591
Jung T, Li X, Wan Z et al (2013) Privacy preserving cloud data access with multi-authorities. In: 2013 IEEE INFOCOM, Turin, Italy, pp 2625–2633
Ruj S, Stojmenovic M, Nayak A (2012) Privacy preserving access control with authentication for securing data in clouds. In: 12th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGRID), Ottawa, ON, Canada, pp 556–563
Yu S, Wang C, Ren K et al (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE INFOCOM, San Diego, CA, USA, pp 1–9
Hur J, Dong K (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221
Chen D, Shao J, Fan X et al (2014) MAH-ABE based privacy access control in cloud computing. Acta Electron Sin 42(4):821–827
Garrison W, Shull A, Myers S et al (2016) On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: 2016 IEEE symposium on security and privacy (SP), San Jose, CA, USA, pp 819–838
Hinrichs T, Martinoia D, Garrison W et al (2013) Application-sensitive access control evaluation using parameterized expressiveness. In: IEEE 26th computer security foundations symposium, New Orleans, LA, USA, pp 145–160
Ene A, Horne W, Milosavljevic N et al (2008) Fast exact and heuristic methods for role minimization problems. In: The 13th ACM symposium on access control models and technologies (SACMAT), Estes Park, CO, USA, pp 1–10
This work is supported, in part, by the National Natural Science Foundation of China under grant No. 61872069, in part, by the Fundamental Research Funds for the Central Universities (N171704005), in part, by the Shenyang Science and Technology Plan Projects (18-013-0-01).
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Xu, J., Yu, Y., Meng, Q. et al. Role-Based Access Control Model for Cloud Storage Using Identity-Based Cryptosystem. Mobile Netw Appl (2020). https://doi.org/10.1007/s11036-019-01484-4
- Access control
- Cloud storage
- Identity-based cryptosystem