Abstract
In order to solve the data security problem in cloud storage system, an access control scheme which supports for a finer attribute expression for cloud storage data based on CP-ASBE (Ciphertext-Policy Attribute-Sets Based Encryption) is proposed in this paper, which can solve the problem of attribute confusion based on attribute encryption algorithm. A multi-authorization center is used to address single-point security issues. The digest of plaintext is used to encrypt the plaintext, and then the CP-ASBE encryption key is used to improve the efficiency and save the storage space of the cloud storage. In terms of attribute revocation, access control lists are used to handle coarse-grained privilege revocation. For fine-grained attribute revocation, proxy re-encryption is used and the complex calculations are delegated to the computationally powerful DataNode node. The confidentiality, integrity, non-repudiation, availability and security of the scheme are analyzed and proved. The results show that the cloud storage data access control scheme based on CP-ASBE can effectively improve the security of user data in HDFS (Hadoop Distributed File System) cloud storage system.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Wang, Y.Z., Ji, X.L., Cheng, X.Q.: Network big data: present and future. Chin. J. Comput. 36(6), 1125–1138 (2013)
Liu, Z.H., Zhang, Q.: Research overview of big data technology. J. Zhejiang Univ. (Eng. Sci.) 48(6), 957–972 (2014)
Li, X.L., Gong, H.G.: A survey on big data systems. Sci. Sinica Informationis 45(1), 1–44 (2015)
Xia, J.B., Wei, Z.K., Fu, K.: Review of research and application on Hadoop in cloud computing. Comput. Sci. 43(11), 6–11 (2016)
Li, H., Zhang, M., Feng, D.-G., Hui, Z.: Research on access control of big data. Chin. J. Comput. 1, 72–91 (2017)
Ijaz, I., Aslam, A., Bukhari, B., et al.: Securing cloud infrastructure through PKI. In: International Conference on Computing, Communication and Networking Technologies, pp. 1–6. IEEE (2014)
Ma, Y.: Study of security mechanism based on Hadoop. Inf. Secur. Commun. Priv. 6, 95–98 (2012)
Yin, X.C., Liu, Z.G., Lee, H.J.: An efficient and secured data storage scheme in cloud computing using ECC-based PKI. In: International Conference on Advanced Communication Technology, pp. 523–527 IEEE (2014)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Boneh, D., Franklin, M.: Identity based encryption from the weil pairing. SIAM J. Comput. 32(3), 213–229 (2001)
Liu, D., Fan, Y.: Design and implementation on cloud document secure storage management system based on IBE mechanism. Netinfo Secur. 12, 1–7 (2016)
Liu, Z.: Research and implementation on cloud computing security based on HDFS. Comput. Model. New Technol. 17(5B), 41–45 (2013)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28
Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: IEEE, International Conference on Trust, Security and Privacy in Computing and Communications, pp. 91–98. IEEE (2011)
Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: ACM Conference on Computer and Communications Security, pp. 121–130. ACM (2009)
Kim, S.H., Lee, I.Y.: Study on user authority management for safe data protection in cloud computing environments. Symmetry 7(1), 269–283 (2015)
Müller, S., Katzenbeisser, S., Eckert, C.: Distributed attribute-based encryption. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 20–36. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00730-9_2
Bobba, R., Khurana, H., Prabhakaran, M.: Attribute-sets: a practically motivated enhancement to attribute-based encryption. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 587–604. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_36
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhang, L., Jiang, P., Yi, Q., Lan, F., Jiang, T. (2019). A Cloud Storage Data Access Control Scheme Based on Attribute-Sets Encryption. In: Zhang, H., Zhao, B., Yan, F. (eds) Trusted Computing and Information Security. CTCIS 2018. Communications in Computer and Information Science, vol 960. Springer, Singapore. https://doi.org/10.1007/978-981-13-5913-2_22
Download citation
DOI: https://doi.org/10.1007/978-981-13-5913-2_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5912-5
Online ISBN: 978-981-13-5913-2
eBook Packages: Computer ScienceComputer Science (R0)