Secure Data Access Control with User Scalability

in Cloud Computing
1N.Balasupramanian, 2 S.Udhaya Shree
1,2
Assistant Professor,
Department of Computer Applications,
Rajiv Gandhi College of Engineering and Technolog, Puducherr!
Abstract--The key definition of cloud computing is
the Cloud. Cloud is a large group of computers
interconnected servers or personal computers.
Cloud computing is lot bigger than network
computing which encompasses multiple companies,
multiple servers, and multiple networks. The most
obvious disadvantages of web-based application
have long been considered is the security risks and
scalability. erewith we are suppose to focus on
new challenges for secure data and access
control when users outsource sensitive data for
sharing on cloud servers, which are not within
the same authori!ed domain as data owners. To
keep sensitive data confidential against
unauthori!ed servers, the e"iting systems
normally use cryptographic methods by providing
data decryption keys only to authori!ed users.
ence by applying the applying the above logic we
face a heavy computation overhead on the data
owner for key distribution and data
management, which may not ultimately result in
user scalability. ere the aim of achieving secure
data access control with user scalability remains
unresolved. This paper addresses this challenging
open issue by defining and applying access policies
based on data attributes and by allowing the data
owner to delegate most of the computation tasks
involved in secure data access control to
unauthori!ed cloud servers without disclosing the
underlying information present in the message sent.
#e attain this goal by applying cryptographic
techni$ues such as %ey policies attribute-based
encryption and &-' re-encryption. ("tensive
analysis shows that our proposed scheme is highly
efficient and provably secure under e"isting security
models.
Keywords-Cloud, )elegation, &' re-encryption, %&-
Attribute based encryption.
. N!"#DUC!#N
Cloud computing is a promising computing paradigm
which recently has drawn e$tensi%e attention &rom both
academia and industry. By combining a set o& e$isting
and new techni'ues &rom research areas such as
Ser%ice(#riented Architectures )S#A* and
%irtuali+ation, cloud computing is regarded as such a
computing paradigm in which resources in the
computing in&rastructure are pro%ided as ser%ices o%er
the nternet. Along with this new paradigm, %arious
business models are de%eloped, which can be described
by terminology o& ,- as a ser%ice )-aaS*. /10 where -
could be so&tware, hardware, data storage, and etc.
Success&ul e$amples are Ama+on1s 2C2 and S3 /20,
4oogle App 2ngine /30, and 5icroso&t A+ure /60 which
pro%ide users with scalable resources in the pay(as(you
use &ashion at relati%ely low prices. 7or e$ample,
Ama+on1s S3 data storage ser%ice 8ust charges 9:.12 to
9:.1; per gigabyte month. As compared to building
their own in&rastructures, users are able to sa%e their
in%estments signi&icantly by migrating businesses into
the cloud. <ith the increasing de%elopment o& cloud
computing technologies, it is not hard to imagine that in
the near &uture more and more businesses will be
mo%ed into the cloud.
As promising as it is, cloud computing is also &acing
many challenges that, i& not well resol%ed, may impede
its &ast growth. Data security, as it e$ists in many other
applications, is among these challenges that would raise
great concerns &rom users when they store sensiti%e
in&ormation on cloud ser%ers. !hese concerns originate
&rom the &act that cloud ser%ers are usually operated by
commercial pro%iders, which are %ery li=ely to be
outside o& the trusted domain o& the users.
Data con&idential against cloud ser%ers is hence
&re'uently desired when users outsource data &or
storage in the cloud. n some practical application
systems, data con&identiality is not only a
security>pri%acy issue, but also o& 8uristic concerns. 7or
e$ample, in healthcare application scenarios use and
disclosure o& protected health in&ormation )?@* should
meet the re'uirements o& @ealth nsurance ?ortability
and Accountability Act )@?AA* /;0, and =eeping user
data con&idential against the storage ser%ers is not 8ust
an option, but a re'uirement. 7urthermore, we obser%e
that there are also cases in which cloud users
themsel%es are content pro%iders. !hey publish data on
cloud ser%ers &or sharing and need &ine(grained data
access control in terms o& which user )data consumer*
has the access pri%ilege to which types o& data. n the
healthcare case, &or e$ample, a medical center would be
the data owner who stores millions o& healthcare
records in the cloud. t would allow data consumers
Proceedings of "ational Conference on Advanced Computing and Communication#"CACC11, April!1$, 2%11
such as doctors, patients, researchers and etc, to access
%arious types o& healthcare records under policies
admitted by @?AA. !o en&orce these access policies,
the data owners on one hand would li=e to ta=e
ad%antage o& the abundant resources that the cloud
pro%ides &or e&&iciency and economyA on the other
hand, they may want to =eep the data contents
con&idential against cloud ser%ers.
As a signi&icant research area &or system protection,
data access control has been e%ol%ing in the past thirty
years and %arious techni'ues /B0C/D0 ha%e been
de%eloped to e&&ecti%ely implement &ine(grained access
control, which allows &le$ibility in speci&ying
di&&erential access rights o& indi%idual users.
!raditional access control architectures usually assume
the data owner and the ser%ers storing the data are in
the same trusted domain, where the ser%ers are &ully
entrusted as an omniscient re&erence monitor /1:0
responsible &or de&ining and en&orcing access control
policies. !his assumption howe%er no longer holds in
cloud computing since the data owner and cloud
ser%ers are %ery li=ely to be in two di&&erent domains.
#n one hand, cloud ser%ers are not entitled to access
the outsourced data content &or data con&identialityA on
the other hand, the data resources are not physically
under the &ull control o& the owner. 7or the purpose o&
helping the data owner en8oy &ine(grained access
control o& data stored on untrusted cloud ser%ers, a
&easible solution would be encrypting data through
certain cryptographic primiti%e)s*, and disclosing
decryption =eys only to authori+ed users. Unauthori+ed
users, including cloud ser%ers, are not able to decrypt
since they do not ha%e the data decryption =eys. !his
general method actually has been widely adopted by
e$isting wor=s /110C/160 which aim at securing data
storage on untrusted ser%ers. #ne critical issue with this
branch o& approaches is how to achie%e the desired
security goals without introducing a high comple$ity
on =ey management and data encryption. !hese
e$isting wor=s, as we will discuss in section E(C,
resol%e this issue either by introducing a per &ile access
control list )ACF* &or &ine(grained access control, or by
categori+ing &iles into se%eral &ile groups &or e&&iciency.
As the system scales, howe%er, the comple$ity o& the
ACF(based scheme would be proportional to the
number o& users in the system. !he &ile group(based
scheme, on the other hand, is 8ust able to pro%ide
coarse(grained data access control. t actually still
remains open to simultaneously achie%e the goals o&
&ine(grainedness, scalability, and data con&identiality
&or data access control in cloud computing. n this
paper, we address this open issue and propose a secure
and scalable &ine(grained data access control scheme
&or cloud computing. #ur proposed scheme is partially
based on our obser%ation that, in practical application
scenarios each data &ile can be associated with a set o&
attributes, which are meaning&ul in the conte$t o&
interest. !he access structure o& each user can thus be
de&ined as a uni'ue logical e$pression o%er these
attributes to re&lect the scope o& data &iles that the user
is allowed to access. As the logical e$pression can
represent any desired data &ile set, &ine(grainedness o&
data access control is achie%ed. !o en&orce these access
structures, we de&ine a public =ey component &or each
attribute. Data &iles are encrypted using public =ey
components corresponding to their attributes. User
secret =eys are de&ined to re&lect their access structures
so that a user is able to decrypt a cipher te$t i& and only
i& the data &ile attributes satis&y his access structure.
Such a design also brings about the e&&iciency bene&it,
as compared to pre%ious wor=s, in that, 1* the
comple$ity o& encryption is 8ust related the number o&
attributes associated to the data &ile, and is independent
to the number o& users in the systemA and 2* data &ile
creation>deletion and new user grant operations 8ust
a&&ect current &ile>user without in%ol%ing system(wide
data &ile update or re(=eying. #ne e$tremely
challenging issue with this design is the
implementation o& user re%ocation, which would
ine%itably re'uire re(encryption o& data &iles accessible
to the lea%ing user, and may need update o& secret =eys
&or all the remaining users. & all these tas=s are
per&ormed by the data owner himsel&>hersel&, it would
introduce a hea%y computation o%erhead on him>her
and may also re'uire the data owner to be always
online. !o resol%e this challenging issue, our proposed
scheme enables the data owner to delegate tas=s o& data
&ile re(encryption and user secret =ey update to cloud
ser%ers without disclosing data contents or user access
pri%ilege in&ormation. <e achie%e our design goals by
e$ploiting a no%el cryptographic primiti%e, namely =ey
policy attribute(based encryption )G?(AB2* /1;0, and
uni'uely combine it with the techni'ue o& pro$y re(
encryption )?"2* /1B0 and la+y re(encryption /110.
5ain contributions o& this paper can be summari+ed as
&ollows. 1* !o the best o& our =nowledge, this paper is
the &irst that simultaneously achie%es &ine(grainedness,
scalability and data con&identiality &or data access
control in cloud computingA 2* #ur proposed scheme
enables the data owner to delegate most o& computation
intensi%e tas=s to cloud ser%ers without disclosing data
contents or user access pri%ilege in&ormationA 3* !he
proposed scheme is pro%ably secure under the standard
security model. n addition, our proposed scheme is
able to support user accountability with minor
e$tension. !he rest o& this paper is organi+ed as
&ollows. Section discusses models and assumptions.
Section re%iews some techni'ue preliminaries
pertaining to our construction. Section E presents our
construction. n section E, we analy+e our proposed
scheme in terms o& its security and per&ormance. <e
conclude this paper in Section E.
. 5#D2FS AND ASSU5?!#NS
A! &stem 'odels
Similar to /1H0, we assume that the system is composed
o& the &ollowing partiesI the Data #wner, many Data
Consumers, many Cloud Ser%ers, and a !hird ?arty
Auditor i& necessary. !o access data &iles shared by the
data owner, Data Consumers, or users &or bre%ity,
2J
Adhiparasakthi Engineering College, Melmaruvathur
download data &iles o& their interest &rom Cloud Ser%ers
and then decrypt. Neither the data owner nor users will
be always online. !hey come online 8ust on the
necessity basis. 7or simplicity, we assume that the only
access pri%ilege &or users is data &ile reading. 2$tending
our proposed scheme to support data &ile writing is
tri%ial by as=ing the data writer to sign the new data &ile
on each update as /120 does. 7rom now on, we will also
call data &iles by files &or bre%ity. Cloud Ser%ers are
always online and operated by the Cloud Ser%ice
?ro%ider )CS?*. !hey are assumed to ha%e abundant
storage capacity and computation power. !he !hird
?arty Auditor is also an online party which is used &or
auditing e%ery &ile access e%ent. n addition, we also
assume that the data owner can not only store data &iles
but also run his own code on Cloud Ser%ers to manage
his data &iles. !his assumption coincides with the
uni&ied ontology o& cloud computing which is recently
proposed by Kouse&& et al. /1J0.
(! &ecurit 'odels
n this wor=, we 8ust consider @onest but Curious
Cloud Ser%ers as /160 does. !hat is to say, Cloud
Ser%ers will &ollow our proposed protocol in general,
but try to &ind out as much secret in&ormation as
possible based on their inputs. 5ore speci&ically, we
assume Cloud Ser%ers are more interested in &ile
contents and user access pri%ilege in&ormation than
other secret in&ormation. Cloud Ser%ers might collude
with a small number o& malicious users &or the purpose
o& har%esting &ile contents when it is highly bene&icial.
Communication channel between the data owner>users
and Cloud Ser%ers are assumed to be secured under
e$isting security protocols such as SSF. Users would
try to access &iles either within or outside the scope o&
their access pri%ileges. !o achie%e this goal,
unauthori+ed users may wor= independently or
cooperati%ely. n addition, each party is preloaded with
a public>pri%ate =ey pair and other parties when
necessary can easily obtain the public =ey. #ur main
design goal is to help the data owner achie%e &ine(
grained access control on &iles stored by Cloud Ser%ers.
. !2C@NLU2 ?"2F5NA"2S
A! )e Polic Attri*ute+(ased Encrption
,)P+A(E-
G?(AB2 /1;0 is a public =ey cryptography
primiti%e &or one(to(many communications. n G?(AB2,
data are associated with attributes &or each o& which a
public =ey component is de&ined. !he encryptor associates
the set o& attributes to the message by encrypting it with
the corresponding public =ey components. 2ach user is
assigned an access structure which is usually de&ined as an
access tree o%er data attributes, i.e., interior nodes o& the
access tree are threshold gates and lea& nodes are
associated with attributes. User secret =ey is de&ined
to re&lect the access structure so that the user is able to
decrypt a cipherte$t i& and only i& the data attributes
satis&y his access structure. A G?(AB2 scheme is
composed o& &our algorithms which can be de&ined as
&ollowsI
*etup !his algorithm ta=es as input a security
parameter M and the attribute uni%erse U N O1, 2, . . .
,NP o& cardinality N. t de&ines a bilinear group 41 o&
prime order p with a generator g, a bilinear map e I 41
Q41 R 42 which has the properties o& *ilinearit,
computa*ilit, and non+degenerac. t returns the
public =ey ?G as well as a system master =ey 5G as
&ollows
?G N )K, !1, !2, . . . , !N*
5G N )y, t1, t2, . . . , tN*
where !i 4 1 and ti S p are &or attribute i, 1 T i T N,
and K 4 2 is another public =ey component. <e ha%e
!i N gti and K N e)g, g*y, y S p. <hile ?G is publicly
=nown to all the parties in the system, 5G is =ept as a
secret by the authority party.
(ncryption !his algorithm ta=es a message 5, the
public =ey ?G, and a set o& attributes as input. t
outputs the cipherte$t 2 with the &ollowing &ormatI
2 N ),2U, O2iPi *
where 2U N 5K s, 2i N ! s, and s is randomly chosen
&rom Sp
%ey +eneration !his algorithm ta=es as input an
access tree ! , the master =ey 5G, and the public =ey
?G. t outputs a user secret =ey SG as &ollows. 7irst, it
de&ines a random polynomial pi)$* &or each node i o& !
in the top(down manner starting &rom the root node r.
7or each non(root node 8, p8 ):* N pparent)8*)id$)8**
where parent)8* represents 81s parent and id$)8* is 81s
uni'ue inde$ gi%en by its parent. 7or the root node r,
pr):* N y. !hen it outputs SG as &ollows.
SG N Os=iPi F
)ecryption !his algorithm ta=es as input the cipherte$t
2 encrypted under the attribute set , the user1s secret
=ey SG &or access tree ! , and the public =ey ?G. t
&irst computes e)2i, s=i* N e)g, g*pi):*s &or lea& nodes.
!hen, it aggregates these pairing results in the bottom(
up manner using the polynomial interpolation
techni'ue. 7inally, it may reco%er the blind &actor K s N
e)g, g*ys and output the message 5 i& and only i&
satis&ies ! . ?lease re&er to /1;0 &or more details on G?(
AB2 algorithms. /1D0 is an enhanced G?(AB2 scheme
which supports user
secret =ey accountability.
(! P+. Re+Encrption ,P+. RE-
?ro$y "e(2ncryption )?"2* is a cryptographic
primiti%e in which a semi(trusted pro$y is able to
con%ert a cipherte$t encrypted under Alice1s public =ey
into another cipherte$t that can be opened by Bob1s
pri%ate =ey without seeing the underlying plainte$t.
5ore &ormally, a ?"2 scheme allows the pro$y, gi%en
the pro$y re(encryption =ey r=aVb, to translate
cipherte$ts under public =ey p=a into cipherte$ts under
public =ey p=b and %ise %ersa. ?lease re&er to /1B0 &or
2D
Proceedings of "ational Conference on Advanced Computing and Communication#"CACC11, April!1$, 2%11
more details on pro$y re(encryption schemes. Fa+y re(
encryption is 8ust updating the secret =ey &or the data
owner.
. #U" ?"#?#S2D SC@252
A! 'ain /dea
n order to achie%e secure, scalable and &ine(grained
access control on outsourced data in the cloud, we utili+e
and uni'uely combine the &ollowing three ad%anced
cryptographic techni'uesI G?(AB2, ?"2 and la+y re(
encryption. 5ore speci&ically, we associate each data &ile
with a set o& attributes, and assign each user an e$pressi%e
access structure which is de&ined o%er these attributes. !o
en&orce this =ind o& access control, we utili+e G?(AB2 to
escort data encryption =eys o& data &iles. Such a
construction enables us to immediately en8oy
&ine(grainedness o& access control. @owe%er, this
construction, i& deployed alone, would introduce hea%y
computation o%erhead and cumbersome online burden
towards the data owner, as he is in charge o& all the
operations o& data>user management. Speci&ically, such an
issue is mainly caused by the operation o& user re%ocation,
which ine%itabily re'uires the data owner to re(encrypt all
the data &iles accessible to the lea%ing user, or e%en needs
the data owner to stay online to update secret =eys &or
users. !o resol%e this challenging issue and ma=e the
construction suitable &or cloud computing, we uni'uely
combine ?"2 with G?(AB2 and enable thedata owner to
delegate most o& the computation intensi%e operations to
Cloud Ser%ers without disclosing the underlying &ile
contents. Such a construction allows the data owner to
control access o& his data &iles with a minimal o%erhead in
terms o& computation e&&ort and online time, and thus &its
well into the cloud en%ironment. Data con&identiality is
also achie%ed since Cloud Ser%ers are not able to learn the
plainte$t o& any data &ile in our construction. 7or &urther
reducing the computation o%erhead on Cloud Ser%ers and
thus sa%ing the data owner1s in%estment, we ta=e
ad%antage o& the la+y re(encryption techni'ue and allow
Cloud Ser%ers to ,aggregate. computation tas=s o&
multiple system operations.
As we will discuss in section E(B, the computation
comple$ity on Cloud Ser%ers is either proportional to the
number o& system attributes, or linear to the si+e o& the
user access structure>tree, which is independent to the
number o& users in the system. Scalability is thus
achie%ed. n addition, our construction also protects user
access pri%ilege in&ormation against Cloud Ser%ers.
Accoutability o& user secret =ey can also be achie%ed by
using an enhanced scheme o& G?(AB2.
(! Definition and "otation
7or each data &ile the owner assigns a set o& meaning&ul
attributes which are necessary &or access control. Di&&erent
data &iles can ha%e a subset o& attributes in common. 2ach
attribute is associated with a %ersion number &or the
purpose o& attribute update as we will discuss later. Cloud
Ser%ers =eep an attribute history list AHL which records
the %ersion e%olution history o& each attribute and ?"2
=eys used.
C! &cheme Description
7or clarity we will present our proposed scheme in two
le%elsI &stem .evel and Algorithm .evel. At system le%el,
we describe the implementation o& high le%el operations,
i.e., &stem &etup, "e0 1ile Creation, "e0 2ser Grant,
and 2ser Revocation, 1ile Access, 1ile Deletion, and the
interaction between in%ol%ed parties. At algorithm le%el,
we &ocus on the implementation o& low le%el algorithms
that are in%o=ed by system le%el operations.
1- &stem .evel 3perations4 System le%el operations in
our proposed scheme are designed as &ollows.
&stem &etup n this operation, the data owner chooses a
security parameter and calls the algorithm le%el inter&ace
ASetup(), which outputs the system public parameter
PK and the system master =ey MK. !he data owner then
signs each component o& PK and sends PK along with
these signatures to Cloud Ser%ers.
"e0 1ile Creation Be&ore uploading a &ile to Cloud
Ser%ers, the data owner processes the data &ile as &ollows.
select a uni'ue ID &or this data &ileA randomly select a
symmetric data encryption =ey DEK R K, where K is the
=ey space, and encrypt the data &ile using DEKA de&ine a
set o& attribute I &or the data &ile and encrypt
DEK with I using G?(AB2, i.e., )E, {Ei}i I *
AEncrpt)I,DEK,PK*.
"e0 2ser Grant <hen a new user wants to 8oin the
system, the data owner assigns an access structure and the
corresponding secret =ey to this user.#n recei%ing C, the
user &irst decrypts it with his pri%ate =ey. !hen he %eri&ies
the signature O,(P,SK,PK). & correct, he accepts )P, SK,
PK* as his access structure, secret =ey, and the system
public =ey. As described abo%e, Cloud Ser%ers store all
the secret =ey components o& SK e$cept &or the one
corresponding to thedummy attribute AttD. Such a design
allows Cloud Ser%ers to update these secret =ey
components during user re%ocation as we will describe
soon. As there still e$ists one undisclosed secret =ey
component )the one &or AttD*, Cloud Ser%ers can not use
these =nown ones to correctly decrypt cipherte$ts.
Actually, these disclosed secret =ey components, i& gi%en
to any unauthori+ed user, do not gi%e him any e$tra
ad%antage in decryption as we will show in our security
analysis.
2ser Revocation <e start with the intuition o& the user
re%ocation operation as &ollows. <hene%er there is a user
to be re%o=ed, the data owner &irst determines a minimal
set o& attributes without which the lea%ing user1s access
structure will ne%er be satis&ied. Ne$t, he updates these
attributes by rede&ining their corresponding system master
=ey components in MK. ?ublic =ey components o& all
these updated attributes in PK are rede&ined accordingly.
!hen, he updates user secret=eys accordingly &or all the
users e$cept &or the one to be
re%o=ed. 7inally, DEKs o& a&&ected data &iles are re(
encrypted with the latest %ersion o& PK. !he main issue
with this intuiti%e scheme is that it would introduce a
hea%y computation o%erhead &or the data owner to re(
encrypt data &iles and might re'uire the data owner to be
always online to pro%ide secret =ey update ser%ice &or
users. !o resol%e this issue, we combine the techni'ue o&
pro$y re(encryption with G?(AB2 and delegate tas=s o&
data &ile re(encryption and user secret =ey update to Cloud
Ser%ers. 5ore speci&ically, we di%ide the user re%ocation
3:
Adhiparasakthi Engineering College, Melmaruvathur
scheme into two stages as is shown in 7ig.6.n the &irst
stage, the data owner determines the minimal set o&
attributes, rede&ines MK and PK &or in%ol%ed attributes,
and generates the corresponding ?"2 =eys. @e then sends
the user1s ID, the minimal attribute set, the ?"2 =eys, the
updated public =ey components, along with his signatures
on these components to Cloud Ser%ers, and can go o&&(line
again. Cloud Ser%ers, on recei%ing this message &rom the
data owner, remo%e the re%o=ed user &rom the system user
list UL, store the updated public =ey components as well
as the owner1s signatures on them, and record the ?"2
=ey o& the latest %ersion in the attribute history list AHL
&or each updated attribute. AHL o& each attribute is a list
used to record the %ersion e%olution history o& this
attribute as well as the ?"2 =eys used. 2%ery attribute has
its own AHL. <ith AHL, Cloud Ser%ers are able to
compute a single ?"2 =ey that enables them to update the
attribute &rom any historical %ersion to the latest %ersion.
1ile Access !his is also the second stage o& user
re%ocation. n this operation, Cloud Ser%ers respond user
re'uest on data &ile access, and update user secret =eys
and re(encrypt re'uested data &iles i& necessary. As is
depicted in 7ig. 6, Cloud Ser%ers &irst %eri&y i& the
re'uesting user is a %alid system user in UL. & true, they
update this user1s secret =ey components to the latest
%ersion and re(encrypt the DEKs o& re'uested data &iles
using the latest %ersion o& PK. Notably, Cloud Ser%ers
will not per&orm update>re(encryption i& secret =ey
components>data &iles are already o& the latest %ersion.
7inally, Cloud Ser%ers send updated secret =ey
components as well as cipherte$ts o& the re'uested data
&iles to the user. #n recei%ing the response &rom Cloud
Ser%ers, the user &irst %eri&ies i& the claimed %ersion o&
each attribute is really newer than the current %ersion he
=nows. 7or this purpose, he needs to %eri&y the data
owner1s signatures on the attribute in&ormation )including
the %ersion in&ormation* and the corresponding public =ey
components, i.e., tuples o& the &orm )j, !* in 7ig. 6. &
correct, the user &urther %eri&ies i& each secret =ey
component returned by Cloud Ser%ers is correctly
computed.
1ile Deletion !his operation can only be per&ormed at the
re'uest o& the data owner. !o delete a &ile, the data owner
sends the &ile1s uni'ue ID along with his signature on this
ID to Cloud Ser%ers. & %eri&ication o& the owner1s
signature returns true, Cloud Ser%ers delete the data &ile.
2- Algorithm level operations4 Algorithm le%el operations
include eight algorithmsI ASetup, AE"#$%pt, AKe%&e",
ADe#$%pt, AUp'(teAtt, AUp'(teSK, AUp'(teAtt)*
i+e, and AMi"i,(+Set. As the &irst &our algorithms are 8ust
the same as Setup, E"#$%pti-", Ke% &e"e$(ti-", and
De#$%pti-" o& the standard G?(AB2 respecti%ely, we
&ocus on our implementation o& the last &our algorithms.
7ig.; depicts two o& the &our algorithms. AUp'(teAtt
!his algorithm updates an attribute to a new %ersion by
rede&ining its system master =ey and public =ey
component. t also outputs a pro$y re(encryption =ey
between the old %ersion and the new %ersion o& the
attribute. AUp'(teAtt)*i+e !his algorithm translates the
cipherte$t component o& an attribute i o& a &ile &rom an old
%ersion into the latest %ersion. t &irst chec=s the attribute
history list o& this attribute and locates the position o& the
old %ersion. !hen it multiplies all the ?"2 =eys between
the old %ersion and the latest %ersion and obtains a single
?"2 =ey. 7inally it apply this single ?"2 =ey to the
cipherte$t component Ei and returns
E(") which coincides with the latest de&inition o& attribute i.
AUp'(teSK !his algorithm translates the secret =ey
component o& attribute i in the user secret =ey SK &rom an
old %ersion into the latest %ersion. ts implementation is
similar to AUp'(teAtt)* i+e e$cept that, in the last step it
applies ($.i/i(") )01 to SKi instead o& $.i/i(") . !his is because
ti is the denominator o& the e$ponent part o& SKi while in
Ei it is a numerator. AMi"i,(+Set !his algorithm
determines a minimal set o& attributes without which an
access tree will ne%er be satis&ied.7or this purpose, it
constructs the con8uncti%e normal &orm )CN7* o& the
access tree, and returns attributes in the shortest
clause o& the CN7 &ormula as the minimal attribute set.
D! &ummar
n our proposed scheme, we e$ploit j j the techni'ue o&
hybrid encryption to protect data &iles, i.e., we encrypt
data &iles using symmetric DEKs and encrypt DEKs with
G?AB2. Using G?(AB2, we are able to immediately
en8oy &ine(grained data access control and e&&icient
operations such as &ile creation>deletion and new user
grant. !o resol%e the challenging issue o& user re%ocation,
we combine the techni'ue o& pro$y re(encryption with
G?(AB2 and delegate most o& the burdensome
computational tas= to Cloud Ser%ers. <e achie%e this by
letting Cloud Ser%ers =eep a partial copy o& each user1s
secret =ey, i.e., secret =ey components o& all but one
)dummy* attributes. <hen the data owner rede&ines a
certain set o& attributes &or the purpose o& user re%ocation,
he also generates corresponding pro$y re(encryption =eys
and sends them to Cloud Ser%ers. Cloud Ser%ers, gi%en
these pro$y re(encryption =eys, can update user secret =ey
components and re(encrypt data &iles accordingly without
=nowing the underlying plainte$ts o& data &iles. !his
enhancement releases the data owner &rom the possible
huge computation o%erhead on user re%ocation. !he data
owner also does not need to always stay online since
Cloud Ser%ers will ta=e o%er the burdensome tas= a&ter
ha%ing obtained the ?"2 =eys. !o &urther sa%e
computation o%erhead o& Cloud Ser%ers on user
re%ocation, we use the techni'ue o& la+y re(encryption and
enable Cloud Ser%ers to ,aggregate. multiple successi%e
secret =ey update>&ile re(encryption operations into one,
and thus statistically sa%e the computation o%erhead.
E. ANAFKSS #7 #U"
?"#?#S2D SC@252
A!&ecurit Analsis
<e &irst analy+e security properties o& our proposed
scheme, starting with the &ollowing immediately a%ailable
properties.
1- 1ine+grainedness of Access Control4 n our proposed
scheme, the data owner is able to de&ine and en&orce
e$pressi%e and &le$ible access structure &or each user.
Speci&ically, the
access structure o& each user is de&ined as a logic &ormula
o%er data &ile attributes, and is able to represent any
desired data &ile set.
31
Proceedings of "ational Conference on Advanced Computing and Communication#"CACC11, April!1$, 2%11
2- 2ser Access Privilege Confidentialit4 #ur proposed
scheme 8ust discloses the lea& node in&ormation o& a user
access tree to Cloud Ser%ers. As interior nodes o& an
access tree can be any threshold gates and are un=nown to
Cloud Ser%ers, it is hard &or Cloud Ser%ers to reco%er the
access structure and thus deri%e user access pri%ilege
in&ormation.
5- 2ser &ecret )e Accounta*ilit4 !his property can be
immediately achie%ed by using the enhanced construction
o& G?(AB2 /1D0 which can be used to disclose the
identities o& =ey abusers. Now we analy+e data
con&identiality o& our proposed scheme by gi%ing a
cryptographic security proo&.
6- Data Confidentialit4 <e analy+e data con&identiality
o& our proposed scheme by comparing it with an intuiti%e
scheme in which data &iles are encrypted using symmetric
DEKs, and DEKs are directly encrypted using standard
G?(AB2.
(! Performance Analsis
!his section represents the cloud security responsibilities
between the data owners and the users.
.
C! Related 7or8
2$isting wor= close to ours can be &ound in the areas o&
,achie%e secure and scalable &ine(grained data access
control in cloud computing..
E. C#NCFUS#N
!his paper aims at secure data access control with user
scalability in cloud computing. #ne challenge in this
conte$t is to achie%e data access control, data
con&identiality, and scalability simultaneously, which is
not pro%ided in the e$isting system. n this paper we
propose a scheme to attain this goal by e$ploiting G?AB2
and uni'uely combining it with techni'ues o& ?(F
encryption. 5oreo%er, our proposed scheme can enable
the data owner to delegate most o& computation o%erhead
to power&ul cloud ser%ers. Con&identiality o& user access
pri%ilege and user secret =ey accountability can be
achie%ed. 7ormal security proo&s show that our proposed
scheme is secure under standard cryptographic models.
E. "272"2NC2S
/10 5. Armbrust, A. 7o$, ". 4ri&&ith, A. D. Woseph, ". @. Gat+, A.
Gonwins=i,4. Fee, D. A. ?atterson, A. "ab=in, . Stoica, and 5. Saharia,
,Abo%e the cloudsI A ber=eley %iew o& cloud computing,. Uni%ersity o&
Cali&ornia, Ber=eley, !ech. "ep. USB(22CS(2::D(2J, 7eb 2::D.
/20 Ama+on <eb Ser%ices )A<S*, #nline at httpI>>aws. ama+on.com.
/30 4oogle App 2ngine, #nline at httpI>>code.google.com>appengine>.
/60 5icroso&t A+ure, httpI>>www.microso&t.com>a+ure>.
/;0 1:6th United States Congress, ,@ealth nsurance ?ortability and
Accountability Act o& 1DDB )@??A*,. #nline at httpI>>aspe.hhs.go%>
admnsimp>pl1:61D1.htm, 1DDB.
/B0 @. @arney, A. Colgro%e, and ?. D. 5cDaniel, ,?rinciples o& policy in
secure groups,. in Proc! of "D&&9%1, 2::1.
/H0 ?. D. 5cDaniel and A. ?ra=ash, ,5ethods and limitations o& security
policy reconciliation,. in Proc! of &P9%2, 2::2.
/J0 !. Ku and 5. <inslett, ,A uni&ied scheme &or resource protection in
automated trust negotiation,. in Proc! of &P9%5, 2::3.
/D0 W. Fi, N. Fi, and <. @. <insborough, ,Automated trust negotiation
using cryptographic credentials,. in Proc! of CC&9%:, 2::;.
/1:0 W. Anderson, ,Computer Security !echnology ?lanning Study,. Air
7orce 2lectronic Systems Di%ision, "eport 2SD(!"(H3(;1, 1DH2, httpI
>>seclab.cs.ucda%is.edu>pro8ects>history>.
/110 5. Gallahalla, 2. "iedel, ". Swaminathan, L. <ang, and G. 7u,
,Scalable secure &ile sharing on untrusted storage,. in Proc! of 1A&T9%5,
2::3.
/120 2. 4oh, @. Shacham, N. 5odadugu, and D. Boneh, ,SiriusI Securing
remote untrusted storage,. in Proc! of "D&&9%5, 2::3.
/130 4. Ateniese, G. 7u, 5. 4reen, and S. @ohenberger, ,mpro%ed pro$y
re(encryption schemes with applications to secure distributed storage,. in
Proc! of "D&&9%:, 2::;.
/160 S. D. C. di Eimercati, S. 7oresti, S. Wa8odia, S. ?araboschi, and
?. Samarati, ,#%er(encryptionI 5anagement o& access control e%olution
on outsourced data,. in Proc! of ;.D(9%<, 2::H.
/1;0 E. 4oyal, #. ?andey, A. Sahai, and B. <aters, ,Attribute(based
encryption &or &ine(grained access control o& encrypted data,. in Proc! 3f
CC&9%$, 2::B.
/1B0 5. Bla+e, 4. Bleumer, and 5. Strauss, ,Di%ertible protocols and
atomic pro$y cryptography,. in Proc! of E2R3CR=PT 9>?, 1DDJ.
/1H0 L. <ang, C. <ang, W. Fi, G. "en, and <. Fou, ,2nabling public
%eri&iability and data dynamics &or storage security in cloud computing,.
in Proc! of E&3R/C& 9%>, 2::D.
/1J0 F. Kouse&&, 5. Butrico, and D. D. Sil%a, ,!oward a uni&ied ontology
o& cloud computing,. in Proc! of GCE9%?, 2::J.
/1D0 S. Ku, G. "en, <. Fou, and W. Fi, ,De&ending against =ey abuse
attac=sin =p(abe enabled broadcast systems,. in Proc! of
&EC2REC3''9%>, 2::D.
/2:0 D. Sheridan, ,!he optimality o& a &ast CN7 con%ersion and its use
with SA!,. in Proc! of &AT9%6, 2::6.
/210 D. Naor, 5. Naor, and W. B. Fotspiech, ,"e%ocation and tracing
schemes&or stateless recei%ers,. in Proc! of CR=PT39%1, 2::1.
/220 5. Atallah, G. 7ri==en, and 5. Blanton, ,Dynamic and e&&icient
=eymanagement &or access hierarchies,. in Proc! of CC&9%:, 2::;.
32
Adhiparasakthi Engineering College, Melmaruvathur
33