Who Is Touching My Cloud

  • Hua Deng
  • Qianhong Wu
  • Bo Qin
  • Jian Mao
  • Xiao Liu
  • Lei Zhang
  • Wenchang Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8712)


Advanced access controls have been proposed to secure sensitive data maintained by a third party. A subtle issue in such systems is that some access credentials may be leaked due to various reasons, which could severely damage data security. In this paper, we investigate leakage tracing enabled access control over outsourced data, so that one can revoke the suspected leaked credentials or prepare judicial evidences for legal procedure if necessary. Specifically, we propose a leaked access credential tracing (LACT) framework to secure data outsourced to clouds and formalize its security model. Following the framework, we construct a concrete LACT scheme that is provably secure. The proposed scheme offers fine-grained access control over outsourced data, by which the data owner can specify an access policy to ensure that the data is only accessible to the users meeting the policy. In case of suspectable illegal access to outsourced data with leaked credentials, a tracing procedure can be invoked to tracing in a black-box manner at least one of the users who leaked their access credentials. The tracing procedure can run without the cloud service provider being disturbed. Analysis shows that the introduction of tracing access credential leakage incurs little additional cost to either data outsourcing or access procedure.


Data privacy Access control Cloud storage Access credential leakage Digital forensics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asokan, N., Dmitrienko, A., Nagy, M., Reshetova, E., Sadeghi, A.-R., Schneider, T., Stelle, S.: CrowdShare: Secure mobile resource sharing. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 432–440. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Beimel, A.: Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)Google Scholar
  3. 3.
    Boneh, D., Naor, M.: Traitor tracing with constant size ciphertext. In: ACM CCS 2008, pp. 501–510. ACM Press, New York (2008)Google Scholar
  4. 4.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Waters, B.: A fully collusion resistant broadcast, trace, and revoke system. In: ACM CCS 2006, pp. 211–220. ACM Press, New York (2006)Google Scholar
  6. 6.
    Deng, H., Wu, Q., Qin, B., Chow, S.S.M., Domingo-Ferrer, J., Shi, W.: Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data. In: ASIACCS 2014, pp. 425–434. ACM Press, New York (2014)Google Scholar
  7. 7.
    Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Information Sciences 275, 370–384 (2014)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Garg, S., Kumarasubramanian, A., Sahai, A., Waters, B.: Building efficient fully collusion-resilient traitor tracing and revocation schemes. In: ACM CCS 2010, pp. 121–130. ACM Press, New York (2010)Google Scholar
  9. 9.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted Data. In: ACM CCS 2006, pp. 89–98. ACM Press, New York (2006)Google Scholar
  10. 10.
    Huang, D., Zhou, Z., Xu, L., Xing, T., Zhong, Y.: Secure data processing framework for mobile cloud computing. In: IEEE Conferenc on Computer Communications Workshops, pp. 614–618. IEEE (2011)Google Scholar
  11. 11.
    Lai, J., Deng, R.H., Li, Y.: Expressive cp-abe with partially hidden access structures. In: ASIACCS 2012, pp. 18–19. ACM Press, New York (2012)Google Scholar
  12. 12.
    Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: ASIACCS 2011, pp. 386–390. ACM Press, New York (2011)Google Scholar
  13. 13.
    Li, F., Rahulamathavan, Y., Rajarajan, M., Phan, R.C.W.: Low complexity multi-authority attribute based encryption scheme for mobile cloud computing. In: IEEE 7th International Symposium on Service Oriented System Engineering, pp. 573–577. IEEE (2013)Google Scholar
  14. 14.
    Li, J., Ren, K., Kim, K.: A2BE: accountable attribute-based encryption for abuse free access control. IACR Cryptology ePrint Archive, Report 2009/118 (2009),
  15. 15.
    Liu, W., Liu, J., Wu, Q., Qin, B., Zhou, Y.: Practical direct chosen ciphertext secure key-policy attribute-based encryption with public ciphertext test. In: Kutylowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 91–108. Springer, Heidelberg (2014)Google Scholar
  16. 16.
    Liu, Z., Cao, Z.F., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Transaction on Informaction Forensics and Security 8(1), 76–88 (2013)CrossRefGoogle Scholar
  17. 17.
    Liu, Z., Cao, Z.F., Wong, D.S.: Expressive black-box traceable ciphertext-policy attribute-based encryption. IACR Cryptology ePrint Archive, Report 2012/669 (2012),
  18. 18.
    Liu, Z., Cao, Z.F., Wong, D.S.: Blackbox traceable cp-abe: how to catch people leaking their keys by selling decryption devices on eBay. In: ACM CCS 2013, pp. 475–486. ACM Press, New York (2013)Google Scholar
  19. 19.
    Nuida, K., Fujitsu, S., Hagiwara, M., Kitagawa, T., Watanabe, H., Ogawa, K., Imai, H.: An improvement of discrete tardos fingerprinting codes. Designs, Codes and Cryptography 52(3), 339–362 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  20. 20.
    Qin, B., Wang, H., Wu, Q., Liu, J., Domingo-Ferrer, D.: Simultaneous authentication and secrecy in identity-based data upload to cloud. Cluster Computing 16(4), 845–859 (2013)CrossRefGoogle Scholar
  21. 21.
    Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G.J., Bertino, E.: Collaboration in multicloud computing environments: framework and security issues. IEEE Computer 46(2), 76–84 (2013)CrossRefGoogle Scholar
  22. 22.
    Tardos, G.: Optimal Probabilistic Fingerprint Codes. In: STOC 2003, pp. 116–125. ACM Press, New York (2003)Google Scholar
  23. 23.
    Wang, Y., Wu, Q., Wong, D.S., Qin, B., Chow, S.S.M., Liu, Z., Tan, X.: Securely outsourcing exponentiations with single untrusted program for cloud storage. In: Kutylowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 323–340. Springer, Heidelberg (2014)Google Scholar
  24. 24.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  25. 25.
    Wang, Y.T., Chen, K.F., Chen, J.H.: Attribute-based traitor tracing. J. Inf. Sci. Eng. 27(1), 181–195 (2011)zbMATHMathSciNetGoogle Scholar
  26. 26.
    Wu, Y., Deng, R.H.: On the security of fully collusion resistant taitor tracing schemes. IACR Cryptology ePrint Archive, Report 2008/450 (2008),
  27. 27.
    Yang, Y., Jia, X.: Attributed-based access control for multi-authority systems in cloud storage. In: IEEE 32nd International Conference on Distributed Computing Systems, pp. 536–545. IEEE (2012)Google Scholar
  28. 28.
    Yu, S., Ren, K., Lou, W., Li, J.: Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 311–329. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings of IEEE INFOCOM, pp. 1–9. IEEE (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Hua Deng
    • 1
    • 2
    • 3
  • Qianhong Wu
    • 2
    • 5
  • Bo Qin
    • 3
  • Jian Mao
    • 2
  • Xiao Liu
    • 2
  • Lei Zhang
    • 4
  • Wenchang Shi
    • 3
  1. 1.School of ComputerWuhan UniversityWuhanChina
  2. 2.School of Electronic and Information EngineeringBeihang UniversityBeijingChina
  3. 3.School of InformationRenmin University of ChinaBeijingChina
  4. 4.Software Engineering InstituteEast China Normal UniversityShanghaiChina
  5. 5.The Academy of Satellite ApplicationBeijingChina

Personalised recommendations