The Journal of Supercomputing

, Volume 71, Issue 4, pp 1378–1400 | Cite as

Oblivious user management for cloud-based data synchronization

  • Mahmood Ahmad
  • Zeeshan Pervez
  • Taechoong Cheong
  • Sungyoung Lee


One of the main issues with data sharing in cloud environment is to manage user access and its auto revocation in a controlled and flexible way. The issue becomes more complex when privacy on user access has to be ensured as well to hide additional leakage of information. For automatic revocation over cloud data, access can be bounded within certain anticipated time limit so that the access expires beyond effective time period. This time-oriented approach is more rigid and not a one-size-fits-all solution. In certain circumstances, exact time anticipation is not an easy choice. Instead, the alternate solution could be task oriented to restrict user beyond certain number of permissible attempts to access the data. We have proposed oblivious user management (OUM) in which a user can have access on cloud data for certain number of attempts without imposing any time restriction. For user authorization and her subsequent revocation, owner will perform one time setup activity and that is same for all users. The model also alleviates the burden of managing different access parameters at user end with each request as she will always use the same parameter for all valid attempts. Our approach also conceals the privacy of user attempts throughout the communication. Hiding this information helps to avoid distinguishing importance of particular user that has more authorization over others. Evaluation results have proved that OUM hides \((N-1)\) number of permissible attempts until \(N\mathrm{th}\) request arrives at Cloud Storage. The Performance analysis conducted on Google App Engine revealed that the cost of operations performed in OUM is within the range of 0.097–0.278 $ per 1,000 requests.


Cloud storage Private matching Oblivious access Privacy 



This research was supported by a grant from the Kyung Hee University in 2013[KHU-20130439].


  1. 1.
    Mell P, Grance T (2011) The nist definition of cloud computing (draft). NIST Spec Publ 800(145):7Google Scholar
  2. 2.
    Motahari-Nezhad HR, Stephenson B, Singhal S (2009) Outsourcing business to cloud computing services: Opportunities and challenges. In: IEEE Internet Computing, Palo Alto, 10Google Scholar
  3. 3.
    Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Gener Comput Syst 25(6):599–616CrossRefGoogle Scholar
  4. 4.
    Armbrust M, Fox A, Griffith R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I et al (2010) A view of cloud computing. Commun ACM 53(4):50–58CrossRefGoogle Scholar
  5. 5.
    Giles J (2012) Big data: lessons from the leaders. economist intelligence unit limitedGoogle Scholar
  6. 6.
    Leavitt N (2009) Is cloud computing really ready for prime time? Computer 42(1):15–20Google Scholar
  7. 7.
    Dikaiakos MD, Katsaros D, Mehra P, Pallis G, Vakali A (2009) Cloud computing: Distributed internet computing for it and scientific research. IEEE Internet Comput 13(5):10–13CrossRefGoogle Scholar
  8. 8.
    Catteddu D (2010) Cloud Computing: benefits, risks and recommendations for information security. SpringerGoogle Scholar
  9. 9.
    Gammage B, Plummer D, Valdes R, McGee K, Potter K, Tan S, Dave A, Richard H, Jay H, Brian P et al (2011) Gartners top predictions for it organizations and usersand beyond: Its growing transparency. Document ID G00208367:2010Google Scholar
  10. 10.
    Weller M (2010) Big and little oer. In: 2010 Proceedings. Barcelona.
  11. 11.
    Jacques B, Corb L, Manyika J, Nottebohm O, Chui M (2011) Borja de Muller Barbat, and Remi Said. Search, The impact of internet technologiesGoogle Scholar
  12. 12.
  13. 13.
    (2013) dunnhumby. Dunnhumby:customer science company.
  14. 14.
    Kaplan AM, Haenlein M (2010) Users of the world, unite! the challenges and opportunities of social media. Bus Horiz 53(1):59–68CrossRefGoogle Scholar
  15. 15.
    University of California (2013) Uci machine learning repository.
  16. 16.
    The world bank (2013) The world bank data catalog.
  17. 17.
    Mao W (2001) Modern cryptography. In: Selected Areas in Cryptography VIII (SAC’01. CiteseerGoogle Scholar
  18. 18.
    Ateniese G, Kevin F (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans Inf Syst Secur (TISSEC) 9(1):1–30CrossRefMATHGoogle Scholar
  19. 19.
    Simmons G, Armstrong GA, Durkin MG (2011) An exploration of small business website optimization: enablers, influencers and an assessment approach. Int Small Bus J 29(5):534–561CrossRefGoogle Scholar
  20. 20.
    Bayardo RJ, Agrawal R (2005) Data privacy through optimal k-anonymization. In: Proceedings 21st International Conference on Data Engineering, 2005. ICDE 2005, pp 217–228Google Scholar
  21. 21.
    Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. In: ACM Proceedings of the 2009 ACM workshop on Cloud computing security, pp 85–90Google Scholar
  22. 22.
    Kamara S, Lauter K (2010) Cryptographic cloud storage. In: Financial Cryptography and Data Security. Springer, pp 136–149Google Scholar
  23. 23.
    Coull S, Green M, Hohenberger S (2009) Controlling access to an oblivious database using stateful anonymous credentials. In: Public Key Cryptography-PKC 2009. Springer, pp 501–520Google Scholar
  24. 24.
    Camenisch J, Dubovitskaya M, Neven G, Zaverucha GM (2011) Oblivious transfer with hidden access control policies. In: Public Key Cryptography-PKC 2011. Springer, pp 192–209Google Scholar
  25. 25.
    Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55(10):1259–1270CrossRefGoogle Scholar
  26. 26.
    Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public Key Cryptography-PKC 2011. Springer, pp 53–70Google Scholar
  27. 27.
    Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security, ACM, pp 89–98Google Scholar
  28. 28.
    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Advances in Cryptology-EUROCRYPT 2005. Springer, pp 457–473Google Scholar
  29. 29.
    Blaze M, Bleumer G, Strauss M (1998) Divertible protocols and atomic proxy cryptography. In: Advances in Cryptology EUROCRYPT’98. Springer, pp 127–144Google Scholar
  30. 30.
    Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE, INFOCOM, 2010 Proceedings IEEE, pp 1–9Google Scholar
  31. 31.
    Liu Q, Wang G, Wu J (2014) Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. In: Information Sciences, 2014, vol 258. Elsevier, pp 355–370Google Scholar
  32. 32.
    Bethencourt J,Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, IEEE, 2007. SP’07, pp 321–334Google Scholar
  33. 33.
    Müller S, Katzenbeisser S, Eckert C (2009) Distributed attribute-based encryption. In: Information Security and Cryptology-ICISC 2008. Springer, pp 20–36Google Scholar
  34. 34.
    Wang G, Liu Q, Wu J (2010) Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM conference on Computer and communications security, ACM, pp 735–737Google Scholar
  35. 35.
    Wang G, Liu Q, Guo M (2011) Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur 30(5):320–331CrossRefGoogle Scholar
  36. 36.
    Patel B, Crowcroft J (1997) Ticket based service access for the mobile user. In: Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking, ACM, pp 223–233Google Scholar
  37. 37.
    Freedman MJ, Nissim K, Pinkas B (2004) Efficient private matching and set intersection. In: Advances in Cryptology-EUROCRYPT 2004. Springer, pp 1–19Google Scholar
  38. 38.
    Paillier P (2000) Trapdooring discrete logarithms on elliptic curves over rings. In: Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’00. Springer-Verlag, London, pp 573–584Google Scholar
  39. 39.
    Paillier P (1999) Public key cryptosystems based on composite degree residuosity classes. In: Proceedings of the 17th international conference on Theory and application of cryptographic techniques, EUROCRYPT’99. Springer-Verlag, Berlin, pp 223–238Google Scholar
  40. 40.
    Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th conference on Information communications, INFOCOM’10. IEEE Press, Piscataway, pp 534–542Google Scholar
  41. 41.
    James M, Chui M, Brown B, Bughin J, Dobbs R, Roxburgh C, Byers AH (2011)The next frontier for innovation, competition, and productivity, Big dataGoogle Scholar
  42. 42.
    Google (2013) Google app engine.
  43. 43.
    The Android open source project (2013) Netbeans android plugin.
  44. 44.
    Pervez Z, Ahmad A, Masood A, Lee S (2013) Privacy-aware searching with oblivious term matching for cloud storage. Supercomputing 63(2):538–560CrossRefGoogle Scholar
  45. 45.
    Allcock B, Bester J, Bresnahan J, Chervenak AL, Kesselman C, Meder S, Nefedova V, Quesnel D, Tuecke S, Foster I (2001) Secure, efficient data transport and replica management for high-performance data-intensive computing. In: Eighteenth IEEE Symposium on Mass Storage Systems and Technologies, 2001, IEEE, MSS’01, pp 13–13Google Scholar
  46. 46.
    Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: Advances in Cryptology-EUROCRYPT 2010. Springer, pp 62–91Google Scholar
  47. 47.
    Chase M (2007) Multi-authority attribute based encryption. In: Theory of Cryptography. Springer, pp 515–534Google Scholar
  48. 48.
    Li J, Huang Q, Chen X, Chow SS, Wong DS, Xie D (2011) Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ACM, pp 386–390Google Scholar
  49. 49.
    Goh E-J, Shacham H, Modadugu N, Boneh D (2003) Sirius: Securing remote untrusted storage. NDSS 3:131–145Google Scholar
  50. 50.
    Venkatesh VP, Sugavanan V (2009) High performance grid computing and security through load balancing. In: IEEE, International Conference on Computer Engineering and Technology, 2009. ICCET’09, vol 1, pp 68–72Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Mahmood Ahmad
    • 1
  • Zeeshan Pervez
    • 2
  • Taechoong Cheong
    • 1
  • Sungyoung Lee
    • 1
  1. 1.Ubiquitous Computing Lab, Department of Computer EngineeringKyung Hee University, Global CampusYongin-siSouth Korea
  2. 2.School of ComputingUniversity of the West of ScotlandPaisleyUK

Personalised recommendations