Advertisement

DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems

  • Kan YangEmail author
  • Xiaohua Jia
Chapter
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Abstract

Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for access control of encrypted data, which requires a trusted authority to manage all the attributes and distributes keys in the system. In multi-authority cloud storage systems, the users’ attributes come from different domains each of which is managed by a different authority. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority cloud storage systems, due to the inefficiency of decryption and revocation. In this chapter, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure data access control scheme with efficient decryption and revocation.

Keywords

Cloud Storage System Data Access Control Attribute Revocation Decryption Token Ciphertext Update 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: Proceedings of the first ACM Cloud Computing Security Workshop (CCSW’09), pp. 103–114. ACM (2009)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S &P’07), pp. 321–334. IEEE Computer Society (2007)Google Scholar
  3. 3.
    Chase, M.: Multi-authority attribute based encryption. In: Proceedings of the 4th Theory of Cryptography Conference on Theory of Cryptography (TCC’07), pp. 515–534. Springer (2007)Google Scholar
  4. 4.
    Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09), pp. 121–130. ACM (2009)Google Scholar
  5. 5.
    Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: Proceedings of the 2005 ACM Workshop On Storage Security and Survivability (StorageSS’05), pp. 74–83. ACM (2005)Google Scholar
  6. 6.
    Dong, C., Russello, G., Dulay, N.: Shared and searchable encrypted data for untrusted servers. J. Comput. Secur. 19(3), 367–397 (2011)Google Scholar
  7. 7.
    Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: Sirius: Securing remote untrusted storage. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’03). The Internet Society (2003)Google Scholar
  8. 8.
    Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute based encryption. In: Proceedings of the 35th International Colloquium on Automata, Languages and Programming (ICALP’08), pp. 579–591. Springer (2008)Google Scholar
  9. 9.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 89–98. ACM (2006)Google Scholar
  10. 10.
    Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: Proceedings of the 20th USENIX Security Symposium. USENIX Association (2011)Google Scholar
  11. 11.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  12. 12.
    Jahid, S., Mittal, P., Borisov, N.: Easier: encryption-based access control in social networks with efficient revocation. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11), pp. 411–415. ACM (2011)Google Scholar
  13. 13.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX Conference on File and Storage Technologies (FAST’03). USENIX (2003)Google Scholar
  14. 14.
    Lewko, A.B., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology—EUROCRYPT’10, pp. 62–91. Springer (2010)Google Scholar
  15. 15.
    Lewko, A.B., Waters, B.: Decentralizing attribute-based encryption. In: Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology—EUROCRYPT’11, pp. 568–588. Springer (2011)Google Scholar
  16. 16.
    Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11), pp. 386–390. ACM (2011)Google Scholar
  17. 17.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. (2012)Google Scholar
  18. 18.
    Lin, H., Cao, Z., Liang, X., Shao, J.: Secure threshold multi authority attribute based encryption without a central authority. Inf. Sci. 180(13), 2618–2632 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  19. 19.
    Müller, S., Katzenbeisser, S., Eckert, C.: Distributed attribute-based encryption. In: Proceedings of the 11th International Conference on Information Security and Cryptology, pp. 20–36. Springer (2008)Google Scholar
  20. 20.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. Electronic Colloquium on Computational Complexity (ECCC) (2002)Google Scholar
  21. 21.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07), pp. 195–203. ACM (2007)Google Scholar
  22. 22.
    Ruj, S., Nayak, A., Stojmenovic, I.: DACC: Distributed access control in clouds. In: Proceeding of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’11), pp. 91–98. IEEE (2011)Google Scholar
  23. 23.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology—EUROCRYPT’05, pp. 457–473. Springer (2005)Google Scholar
  24. 24.
    Wang, W., Li, Z., Owens, R., Bhargava, B.K.: Secure and efficient access to outsourced data. In: Proceedings of the first ACM Cloud Computing Security Workshop (CCSW’09), pp. 55–66. ACM (2009)Google Scholar
  25. 25.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Proceedings of the 4th International Conference on Practice and Theory in Public Key Cryptography (PKC’11), pp. 53–70. Springer (2011)Google Scholar
  26. 26.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10), pp. 261–270. ACM (2010)Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  1. 1.Department of Computer ScienceCity University of Hong KongKowloonHong Kong SAR

Personalised recommendations