World Wide Web

, Volume 20, Issue 3, pp 467–490 | Cite as

An efficient key management scheme for user access control in outsourced databases

  • Seungtae Hong
  • Hyeong-Il Kim
  • Jae-Woo ChangEmail author


Recently, researches on key management scheme for user access control in outsourced databases have been actively done. Because outsourced databases require dealing with a lot of users and data resources, an efficient key management scheme for reducing the number of authentication keys is required. However, the existing schemes have a critical problem that the cost of key management is rapidly increasing as the number of keys becomes larger. To solve the problem, we propose an efficient key management scheme for user access control in outsourced databases. For this, we propose an Resource Set Tree(RST)-based key generation algorithm to reduce key generation cost by merging duplicated data resources. In addition, we propose a hierarchical Chinese Remainder Theorem(CRT)-based key assignment algorithm which can verify a user permission to gain accesses to outsourced databases. Our algorithm can reduce key update cost because the redistribution of authentication keys is not required. We also provide the analytic cost models of our algorithms and verify the correctness of the theoretical analysis by comparing them with experiment results. Finally, we show from the performance analysis that the proposed scheme outperforms the existing schemes in terms of both key generation cost and update cost.


Key management scheme User access control Outsourced database Cloud computing 



This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. R0113-15-0005, Development of an Unified Data Engineering Technology for Large-scale Transaction Processing and Real-time Complex Analytics). This work was also supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2014065816).


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 563–574 (2004)Google Scholar
  2. 2.
    Beaver, J., et al.: Improving the hybrid data dissemination model of web documents. World Wide Web. 11(3), 313–337 (2008)CrossRefGoogle Scholar
  3. 3.
    Blundoa, C., et al.: Managing key hierarchies for access control enforcement: heuristic schemees. Comput. Secur. 29(5), 533–547 (2010)CrossRefGoogle Scholar
  4. 4.
    Brodkin, J.: Gartner: seven cloud-computing security risks. Network World (2008)Google Scholar
  5. 5.
    Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (2009)Google Scholar
  6. 6.
    Damiani, E., Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. In: Proceedings of VODCA (2006)Google Scholar
  7. 7.
    Hacigümüş, H., et al.: Executing SQL over encrypted data in the database-service-provider model. Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, ACM (2002)Google Scholar
  8. 8.
    Hong,S.T., et al.: A hierarchical CRT-based user access control scheme using resource set tree on the cloud system. International Conference on Big Data and Smart Computing. 87–94 (2015). doi: 10.1109/35021BIGCOMP.2015.7072816
  9. 9.
    Khoshgozaran, A., Shahabi, C.: Private buddy search: enabling private spatial queries in social networks. In: Proceedings of the IEEE International Conference on Computational Science and Engineering, pp. 166–173 (2009)Google Scholar
  10. 10.
    Kim, J.S., et al.: PARADISE: Big data analytics using the DBMS tightly integrated with the distributed file system. World Wide Web. 19(3), 299–322 (2016)Google Scholar
  11. 11.
    Kim, H.I., et al.: Hilbert-curve based cryptographic transformation scheme for protecting data privacy on outsourced private spatial data. International Conference on Big Data and Smart Computing. (2014b). doi: 10.1109/BIGCOMP.2014.6741411 Google Scholar
  12. 12.
    Kong, Y., Seberry, J., Getta, J.R., Yu, P.: A cryptographic solution for general access control. Information Security (2005)Google Scholar
  13. 13.
    Lee, W., Leung, C.K.-S., Lee, J.J.-H.: Mobile web navigation in digital ecosystems using rooted directed trees. IEEE Trans. Ind. Electron. 58(6), 2154–2162 (2011)Google Scholar
  14. 14.
    Lee, W., et al.: Server authentication for blocking unapproved WOW access. International Conference on Big Data and Smart Computing. (2014). doi: 10.1109/BIGCOMP.2014.6741427 Google Scholar
  15. 15.
    Lim, J.H., et al.: System proposal and CRS model design applying personal information protection for BIG DATA analysis. International Conference on Big Data and Smart Computing. (2014). doi: 10.1109/BIGCOMP.2014.6741442 Google Scholar
  16. 16.
    Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proceedings of the 29th VLDB Conference (2003)Google Scholar
  17. 17.
    Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: NDSS (2011)Google Scholar
  18. 18.
    Odelu, V., Das, A.K., Goswami, A.: A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform. Sci. 269, 270–285 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Terefe, M.B., Oh, S.: Web service proxy architecture using WS-eventing for reducing SOAP traffic. Journal of Information Technology and Architecture, 10(2), 159–167 (2013)Google Scholar
  20. 20.
    Tourani, P., Hadavi, M.A., Jalili, R.: Access Control Enforcement on Outsourced Data Ensuring Privacy of Access Control Policies. In: 2011 International Conference on High Performance Computing and Simulation (HPCS) (2011)Google Scholar
  21. 21.
    Vimercati, S.D.C., et al.: Private data indexes for selective access to outsourced data. Proceedings of the 10th annual ACM workshop on Privacy in the electronic society. ACM (2011)Google Scholar
  22. 22.
    Wang, W., Li, Z., Owens, R., Bhargava, B.: Secure and efficient access to outsourced data. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (2009)Google Scholar
  23. 23.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Networking. 28(4), 16–30 (2000)CrossRefGoogle Scholar
  24. 24.
    Yang, K., Jia, X.: Data storage auditing service in cloud computing: challenges, methods and opportunities. World Wide Web. 15(4), 409–428 (2012)CrossRefGoogle Scholar
  25. 25.
    Yie, M., Assent, I., Jensen, C., Kalnis, P.: Outsourced similarity search on metric data assets. IEEE Trans. Knowl. Data Eng. 24(2), 338–352 (2012)CrossRefGoogle Scholar
  26. 26.
    Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P. Enabling search services on outsourced private spatial data. VLDB J. 19(3), 363–384 (2010)CrossRefGoogle Scholar
  27. 27.
    Yoon, C.W., et al.: Dynamic Collaborative Cloud Service Platform: Opportunities and Challenges. ETRI J. 32(4), 634–637 (2010)CrossRefGoogle Scholar
  28. 28.
    Yoon, S.H., et al.: Behavior signature for big data traffic identification. International Conference on Big Data and Smart Computing. (2014). doi: 10.1109/BIGCOMP.2014.6741448 Google Scholar
  29. 29.
    Yu, S., et al.: Achieving secure, scalable and fine-grained data access control in cloud computing. In: IEEE INFOCOM (2010)Google Scholar
  30. 30.
    Zhang, Q., et al.: A key management scheme for hierarchical access control in group communication. Int. J. Netw. Secur. 7(3), 323–334 (2008)Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.Electronics and Telecommunications Research Institute (ETRI)DaejeonRepublic of Korea
  2. 2.Chonbuk National UniversityJeonjuRepublic of Korea

Personalised recommendations