Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

ABST ACT:
With the character of low maintenance, cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership. In this paper, we propose a secure multi owner data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the number of revo ed users. In addition, we analy!e the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in e"periments.

!"#ST#$G S%ST!M:
#everal security schemes for data sharing on untrusted servers have been proposed. In these approaches, data owners store the encrypted data files in untrusted storage and distribute the corresponding decryption eys only to authori!ed users. $hus, unauthori!ed users as well as storage servers cannot learn the content of the data files because they have no nowledge of the decryption eys %owever, the comple"ities of user participation and revocation in these schemes are linearly increasing with the number of data owners and the number of revo ed users, respectively. By setting a group with a single attribute, &u et al. proposed a secure provenance scheme based on the cipherte"t-policy attribute-based encryption

technique, which allows any member in a group to share data with others. %owever, the issue of user revocation is not addressed in their scheme. 'u et al. presented a scalable and fine-grained data access control scheme in cloud computing based on the ey policy attribute-based encryption ()*-+B,technique. Unfortunately, the single owner manner hinders the adoption of their scheme into the case, where any user is granted to store and share data. D#SAD&A$TAG!S O' !"#ST#$G S%ST!M: Identity privacy is one of the most significant obstacles for the wide deployment of cloud computing. Without the guarantee of identity privacy, users may be unwilling to .oin in cloud computing systems because their real identities could be easily disclosed to cloud providers and attac ers. /n the other hand, unconditional identity privacy may incur the abuse of privacy. It is highly recommended that any member in a group should be able to fully en.oy the data storing and sharing services provided by the cloud, which is defined as the multiple-owner manner. 0ompared with the single-owner manner, where only the group manager can store and modify data in the cloud, the multiple-owner manner is more fle"ible in practical applications. 1roups are normally dynamic in practice, e.g., new staff participation and current employee revocation in a company. $he changes of membership ma e secure data sharing e"tremely difficult.

( O(OS!D S%ST!M:
In this paper, we propose a secure multiowner data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with

others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the number of revo ed users. In addition, we analy!e the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in e"periments. AD&A$TAG!S O' ( O(OS!D S%ST!M: We propose a secure multi-owner data sharing scheme. It implies that any user in the group can securely share data with others by the untrusted cloud. /ur proposed scheme is able to support dynamic groups efficiently. #pecifically, new granted users can directly decrypt data files uploaded before their participation without contacting with data owners. We provide secure and privacy-preserving access control to users, which guarantees any member in a group to anonymously utili!e the cloud resource. We provide rigorous security analysis, and perform e"tensive simulations to demonstrate the efficiency of our scheme in terms of storage and computation overhead.

S%ST!M A C)#T!CT* !:

+#T! AT* ! S* &!% ,- (lutus: Scala.le Secure 'ile Sharing on *ntrusted Storage

A*T)O S: M. )allahalla, ,. 2iedel, 2. #waminathan, 3. Wang, and ). 4u

*lutus is a cryptographic storage system that enables secure file sharing without placing much trust on the file servers. In particular, it ma es novel use of cryptographic primitives to protect and share files. *lutus features highly scalable ey management while allowing individual users to retain direct control over who gets access to their files. We e"plain the mechanisms in *lutus to reduce the number of cryptographic eys e"changed between users by using filegroups, distinguish file read and write access, handle user revocation efficiently, and allow an untrusted server to authori!e file writes. We have built a prototype of *lutus on

/pen+4#. Measurements of this prototype show that *lutus achieves strong security with overhead comparable to systems that encrypt all networ traffic.

/- Sirius: Securing emote *ntrusted Storage

A*T)O S: ,. 1oh, %. #hacham, 5. Modadugu, and 6. Boneh $his paper presents #i2iU#, a secure file system designed to be layered over insecure networ and *7* file systems such as 54#, 0I4#, /cean#tore, and 'ahoo8 Briefcase. #i2iU# assumes the networ storage is untrusted and provides its own read-write cryptographic access control for file level sharing. )ey management and revocation is simple with minimal out-of-band communication. 4ile system freshness guarantees are supported by #i2iU# using hash tree constructions. #i2iU# contains a novel method of performing file random access in a cryptographic file system without the use of a bloc server. ,"tensions to #i2iU# include large scale group sharing using the 55& ey revocation

construction. /ur implementation of #i2iU# performs well relative to the underlying file system despite using cryptographic operations.

0-

#mpro1ed (ro2y

e-!ncryption Schemes with Applications to Secure

Distri.uted Storage A*T)O S: 1. +teniese, ). 4u, M. 1reen, and #. %ohenberger In 9::;, Bla!e, Bleumer, and #trauss (BB#- proposed an application called atomic proxy re-encryption, in which a semitrusted pro"y converts a cipherte"t for +lice into a cipherte"t for Bob without seeing the underlying plainte"t. We predict that fast and secure re-encryption will become increasingly popular as a method for managing encrypted file systems. +lthough efficiently computable, the widespread adoption of BB# re-encryption has been hindered by considerable security ris s. 4ollowing recent wor of 6odis and Ivan, we present new re-encryption schemes that reali!e a stronger notion of security and demonstrate the usefulness of pro"y re-encryption as a method of adding access control to a secure file system.

*erformance measurements of our e"perimental file system demonstrate that pro"y re-encryption can wor effectively in practice.

3- Secure (ro1enance: The !ssential of Bread and Butter of Data 'orensics in Cloud Computing A*T)O S: 2. &u, <. &in, <. &iang, and <. #hen #ecure provenance that records ownership and process history of data ob.ects is vital to the success of data forensics in cloud computing, yet it is still a challenging issue today. In this paper, to tac le this une"plored area in cloud computing, we proposed a new secure provenance scheme based on the bilinear pairing techniques. +s the essential bread and butter of data forensics and post investigation in cloud computing, the proposed scheme is characteri!ed by providing the information confidentiality on sensitive documents stored in cloud, anonymous authentication on user access, and provenance trac ing on disputed

documents. With the provable security techniques, we formally demonstrate the proposed scheme is secure in the standard model.

4- Cipherte2t-(olicy Attri.ute-Based !ncryption: An !2pressi1e5 !fficient5 and (ro1a.ly Secure eali6ation A*T)O S: B. Waters We present a new methodology for reali!ing 0ipherte"t-*olicy +ttribute ,ncryption (0*-+B,under concrete and noninteractive cryptographic assumptions in the standard model. /ur solutions allow any encryptor to specify access control in terms of any access formula over the attributes in the system. In our most efficient system, cipherte"t si!e, encryption, and decryption time scales linearly with the comple"ity of the access formula. $he only previous wor to achieve these parameters was limited to a proof in the generic group model.

We present three constructions within our framewor . /ur first system is proven selectively secure under a assumption that we call the decisional *arallel Bilinear 6iffie-%ellman ,"ponent (*B6%,- assumption which can be viewed as a generali!ation of the B6%, assumption. /ur ne"t two constructions provide performance tradeoffs to achieve provable security respectively under the (wea erdecisional Bilinear-6iffie-%ellman ,"ponent and decisional Bilinear 6iffie%ellman assumptions.

A+GO #T)MS *S!D:

#ignature 1eneration #ignature =erification 2evocation =erification

A+GO #T)MS D!SC #(T#O$:

Signature Generation:

 Signature &erification:

e1ocation &erification

MOD*+!S:
9.0loud Module 7.1roup Manager Module >.1roup Member Module ?.4ile #ecurity Module @.1roup #ignature Module A. User 2evocation Module .

MOD*+!S D!SC #(T#O$:

,7Cloud Module : In this module, we create a local 0loud and provide priced abundant storage services. $he users can upload their data in the cloud. We develop this module, where the cloud storage can be made secure. %owever, the cloud is not fully

trusted by users since the 0#*s are very li ely to be outside of the cloud usersB trusted domain. #imilar to we assume that the cloud server is honest but curious. $hat is, the cloud server will not maliciously delete or modify user data due to the protection of data auditing schemes, but will try to learn the content of the stored data and the identities of cloud users.

/7Group Manager Module : 1roup manager ta es charge of followings, 9. #ystem parameters generation, 7. User registration, >. User revocation, and ?. 2evealing the real identity of a dispute data owner. $herefore, we assume that the group manager is fully trusted by the other parties. $he 1roup manager is the admin. $he group manager has the logs of each and every process in the cloud. $he group manager is responsible for user registration and also user revocation too. 07Group Mem.er Module : 1roup members are a set of registered users that will 9. store their private data into the cloud server and 7. #hare them with others in the group. 5ote that, the group membership is dynamically changed, due to the staff resignation and new employee participation in the company. $he group member

has the ownership of changing the files in the group. Whoever in the group can view the files which are uploaded in their group and also modify it. $he group meme 37'ile Security Module : 9. ,ncrypting the data file. 7. 4ile stored in the cloud can be deleted by either the group manager or the data owner. (i.e., the member who uploaded the file into the server-.

47Group Signature Module : + group signature scheme allows any member of the group to sign messages while eeping the identity secret from verifiers. Besides, the designated group manager can reveal the identity of the signatureBs originator when a dispute occurs, which is denoted as traceability. 87 *ser e1ocation Module : User revocation is performed by the group manager via a public available revocation list (2&-, based on which group members can encrypt their data files and ensure the confidentiality against the revo ed users.

S%ST!M !9*# !M!$TS: )A D:A ! !9*# !M!$TS:

#ystem C *entium I= 7.? 1%!.

 %ard 6is Monitor Mouse 2am )eyboard

C ?D 1B. C 9@ inch =1+ 0olour. C &ogitech Mouse. C @97 MB C #tandard )eyboard

SO'T:A ! !9*# !M!$TS:

/perating #ystem C Windows <*. 0oding &anguage C E+=+FE#* 6atabase #erver #creen shot C M'#3& C +pache $omcat

%ome pageC G86/0$'*, html *UB&I0 H-FFW>0FF6$6 <%$M& 9.D #trictFF,5H

HhttpCFFwww.w>.orgF$2F"html9F6$6F"html9-strict.dtdHI

Ghtml "mlnsJHhttpCFFwww.w>.orgF9:::F"htmlHI GheadI Gmeta nameJH eywordsH contentJHH FI Gmeta nameJHdescriptionH contentJHH FI Gmeta http-equivJHcontent-typeH contentJHte"tFhtmlK charsetJutf-;H FI GtitleI0loudGFtitleI Glin hrefJHhttpCFFfonts.googleapis.comFcssLfamilyJ+rvoH relJHstylesheetH typeJHte"tFcssH FI Glin hrefJHhttpCFFfonts.googleapis.comFcssLfamilyJ0odaC?DD,;DDH

relJHstylesheetH typeJHte"tFcssH FI Glin hrefJHcssFstyle.cssH relJHstylesheetH typeJHte"tFcssH mediaJHscreenH FI GFheadI GbodyI Gdiv idJHmenu-wrapperHI Gdiv idJHmenuHI GulI Gli classJHcurrentMpageMitemHIGa hrefJHNHI%omeGFaIGFliI GliIGa hrefJHadmin..spHI+dminGFaIGFliI GliIGa hrefJHnewUser..spHIMember 2egisterGFaIGFliI GliIGa hrefJHuser&ogin..spHI1roup MemberGFaIGFliI

GliIGa hrefJHHI1roup ManagerGFaIGFliI GFulI GFdivI G8-- end Nmenu --I GFdivI Gdiv idJHheader-wrapperHI Gdiv idJHheaderHI Gdiv idJHlogoHI Gh9IGa hrefJHNHI0loud 0omputing #ecurityC GspanIMona #ecure Multi-/wner 6ata #haringGFspanIGFaIGFh9I GFdivI GFdivI GFdivI Gdiv idJHbannerHIGimg srcJHimagesFimgD?..pgH widthJH9DDDH heightJH>@DH altJHH FIGFdivI Gdiv idJHwrapperHI G8-- end Nheader --I Gdiv idJHpageHI Gdiv idJHpage-bgtopHI Gdiv idJHpage-bgbtmHI

Gdiv idJHcontentHI Gdiv classJHpostHI Gh7 classJHtitleHIGa hrefJHNHIWelcome to 0loud 0omputing #ecurityGFaIGFh7I Gdiv styleJHclearC bothKHIOnbspKGFdivI Gdiv classJHentryHI GpI$he use of cloud computing has increased rapidly in many organi!ations. 0loud computing provides many benefits in terms of low cost and accessibility of data. ,nsuring the security of cloud computing is a ma.or factor in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers may be untrusted. 6ealing with Lsingle cloudL providers is predicted to become less popular with customers due to ris s of service availability failure and the possibility of malicious insiders in the single cloud. + movement towards Lmulti-cloudsL, or in other words, LintercloudsL or Lcloud-of-cloudsL has emerged recently. $his paper surveys recent research related to single and multi-cloud security and addresses possible solutions. It is found that the research into the use of multi-cloud providers to maintain security has received less attention from the research community than has the use of single clouds. $his wor aims to promote the use of multi-clouds due to its ability to reduce security ris s that affect the cloud computing user.GFpI Gimg srcJHimagesFlogo.pngHFI GFdivI

GFdivI Gdiv styleJHclearC bothKHIOnbspKGFdivI GFdivI G8-- end Ncontent --I

G8-- end Nsidebar --I Gdiv styleJHclearC bothKHIOnbspKGFdivI GFdivI GFdivI GFdivI G8-- end Npage --I GFdivI Gdiv idJHfooterHI GpI0opyright OcopyK 7D9? . +ll rights 2eserved.GFpI GFdivI G8-- end Nfooter --I GFbodyI GFhtmlI #ource codeC

FP P $o change this template, choose $ools Q $emplates P and open the template in the editor. PF pac age com.+ctionK

import .ava.io.I/,"ceptionK import .ava.io.*rintWriterK import .ava".servlet.#ervlet,"ceptionK import .ava".servlet.http.%ttp#ervletK import .ava".servlet.http.%ttp#ervlet2equestK import .ava".servlet.http.%ttp#ervlet2esponseK

FPP P P Rauthor #abari PF public class +dmin&ogin e"tends %ttp#ervlet S

FPP P *rocesses requests for both %$$* GcodeI1,$GFcodeI and GcodeI*/#$GFcodeI methods. P Rparam request servlet request P Rparam response servlet response P Rthrows #ervlet,"ception if a servlet-specific error occurs P Rthrows I/,"ception if an IF/ error occurs PF protected void process2equest(%ttp#ervlet2equest request,

%ttp#ervlet2esponse responsethrows #ervlet,"ception, I/,"ception S response.set0ontent$ype(Hte"tFhtmlKcharsetJU$4-;H-K FF*rintWriter out J response.getWriter(-K try S #ystem.out.println(request.get*arameter(HnameMHTH-------HTrequest.get*arameter(HpasswordH--K if ( request.get*arameter(HnameMH-.equals(HadminH- OO request.get*arameter(HpasswordH-.equals(HadminH- - S response.send2edirect(Hadmin%ome..spH-K U else S

response.send2edirect(Hinde"..spLmsgJ0hec Userid or *asswordH-K U U catch(,"ception e-S e.print#tac $race(-K U

FF Geditor-fold defaultstateJHcollapsedH descJH%ttp#ervlet methods. 0lic on the T sign on the left to edit the code.HI FPP P %andles the %$$* GcodeI1,$GFcodeI method. P Rparam request servlet request P Rparam response servlet response P Rthrows #ervlet,"ception if a servlet-specific error occurs P Rthrows I/,"ception if an IF/ error occurs PF R/verride protected void do1et(%ttp#ervlet2equest request, %ttp#ervlet2esponse response-

throws #ervlet,"ception, I/,"ception S process2equest(request, response-K U

FPP P %andles the %$$* GcodeI*/#$GFcodeI method. P Rparam request servlet request P Rparam response servlet response P Rthrows #ervlet,"ception if a servlet-specific error occurs P Rthrows I/,"ception if an IF/ error occurs PF R/verride protected void do*ost(%ttp#ervlet2equest request, %ttp#ervlet2esponse responsethrows #ervlet,"ception, I/,"ception S process2equest(request, response-K U

FPP

P 2eturns a short description of the servlet. P Rreturn a #tring containing servlet description PF R/verride public #tring get#ervletInfo(- S return H#hort descriptionHK UFF GFeditor-foldI U

!'! !$C!:
<uefeng &iu, 'uqing Vhang,Member, I,,,, Boyang Wang, and Eingbo 'an WMonaC #ecure Multi-/wner 6ata #haring for 6ynamic 1roups in the 0loudX #!!! T A$SACT#O$S O$ (A A++!+ A$D D#ST #B*T!D S%ST!MS5 &O+7 /35 $O7 85 ;*$! /<,07