Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/569397

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:The time-bound hierarchical key assignment scheme provides a cryptographic solution for the access control problem in distributed systems (e.g., Pay-TV and cloud computing applications). Most time-bound hierarchical key assignment schemes can be divided into two types: adopting tamper-resistant devices and utilizing public values. Despite the fact that adopting tamper-resistant devices can easily resist to collusion attacks, utilizing public values is much cheaper and more suitable for cloud environment. In this paper, we proposed a new time-bound hierarchical key assignment scheme, which can effectively defeat the collusion attack. Besides, the proposed scheme utilizes public values instead of tamper-resistant devices, which will restrict user's convenience. Compared with the previous works, our scheme requires fewer public values and has better performance.

Zhenyao Qiu,Zhiwei Zhang,Shichong Tan,Jianfeng Wang,Xiaoling Tao

DOI: https://doi.org/10.3966/160792642019052003002

2019-01-01

Abstract:Cloud storage is facing the contradiction between data security and flexible data sharing, and therefore the cryptographic access control mechanisms are well studied. In particular, hierarchical access control in cloud storage is significant for many application scenarios. In these scenarios, the users are divided into several groups organized in a hierarchy, and they are assigned with different access privileges according to their groups and levels. That is, the users in higher level groups can access the data belonging to their subordinate groups while the users in lower level groups cannot access the data belonging to their superior groups. However, most of the existing hierarchical access control solutions seem to be unpractical for their inability of scalable data sharing, inefficiency of key management or lack of delegated reencryption. In this paper, we propose a new hierarchical access control scheme based on key-aggregate encryption, and the proposed scheme realizes scalable data sharing in cloud storage which allows the users to share data with any user group. In the proposed scheme, the size of each key or ciphertext is constant and irrelevant to the scale of hierarchical user structure. Especially, our scheme improves the convenience of key management by cutting off the key derivation widely used in the existing hierarchical key assignment methods. Furthermore, the proposed scheme reduces the users' updating overhead by introducing the delegated re-encryption into the hierarchical scenarios. Finally, the security analysis and the performance evaluation indicate that our scheme is feasible for the hierarchical data sharing applications in cloud storage.

Ran Yang,Chuang Lin,Yixin Jiang

DOI: https://doi.org/10.1109/icc.2012.6364473

2012-01-01

Abstract:In cloud computing, the sensitive data are required to be encrypted before being outsourced to the server, which introduce a heavy computation overhead for key derivation and data management when dynamic hierarchical access control is desired. In this paper, we address this challenging problem by delegating the computation intensive task, such as data re-encryption, key distribution and derivation to cloud servers. Only bilinear pairing and random padding are used in our construction. Extensive analysis shows that the proposed scheme achieves scalability and dynamic simultaneously, and is proved to be secure formally.

Jiang Lan,Gu Chunhua

DOI: https://doi.org/10.1109/csa.2013.16

2013-01-01

Abstract:To protect data users stored on cloud platform, a new access control method that combines Oakley algorithm and a hierarchical scheme by privilege was proposed. CP-ABE algorithm, Oakley protocol and hierarchical management by privilege were integrated creatively to a new effective and secure access control model (OHB-model). The proposed scheme supported user dynamic topology changes. It could be used for hierarchical access control on cloud platform. Through the theoretical analysis and experimental verification, the security vulnerabilities could be solved effectively.

Yingjie Xia,Mingzhe Zhu,Junhua Xuan,Ze Chen

DOI: https://doi.org/10.1109/INDUSIS.2010.5565810

2010-01-01

Abstract:In this paper, we propose a novel hierarchy-aware ECC model termed HHECC for access control in Cloud. This model is implemented by a hierarchical and hybrid Elliptic Curve Cryptography (ECC) encryption on Cloud data. Cloud is a popular storage platform to build data center for data backup, file synchronization and resource sharing. Since accessed by various kinds of users, the Cloud storage services should be affiliated with a secure access control strategy according to its confidential protocol and privacy policy. The hierarchy feature of the scheme is achieved by one-way hash function on the key for data decryption, and the hybrid feature denotes the combination of one-way hash, Advanced Encryption Standard (AES) and ECC for a fine grained control of user access. In comparison with other schemes, the simulation experiments of data access security and efficiency show that HHECC-based hierarchical access control scheme is more efficient for Cloud data encryption and decryption, and much securer for hierarchical user access control. © 2010 IEEE.

Shaohua Tang

2006-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:An efficient hierarchical key assignment scheme for access control based on one-way hash function is proposed, which allows the user in a security class to derive the keys of its subordinating classes, so that the superior class can access the information encrypted and owned by its subordinating classes. This scheme is also flexible to change the hierarchical relationship among security classes, for example, it is not difficult to add new security classes to the hierarchy, or to delete security classes from the hierarchy dynamically. By analysis and comparison, it is shown that some features, such as efficiency, extensibility, and security, are possessed by this scheme.

Zhusong Liu,Hongyang Yan,Zhiqiang Lin,Lingling Xu

DOI: https://doi.org/10.3217/jucs-021-03-0454

2015-01-01

Abstract:Cloud computing is an emerging computing paradigm that can provide storage resources and computing capacities services over the Internet. However, some new security issues arise when users' sensitive data are outsourced and shared in untrusted cloud. The traditional techniques to protect the confidentiality of sensitive data stored in cloud are encryption and related cryptographic tools. And the corresponding private keys to access and decrypt the files are disclosed to only authorized users. However, these traditional solutions are not scalable because the computational cost of encryption and other access control is heavy for devices with limited computation ability.In this paper, we present a new way to implement scalable and fine-grained access control systems, which can be applied for big data in untrusted cloud computing environment. The solution is based on symmetric, efficient broadcast encryption and fine-grained attribute-based encryption (ABE). In this access control system, users are able to join and revoked with broadcast encryption. An outsourced Hierarchical ABE scheme is first proposed in this paper to construct the access control system. The security analysis is also presented under the security model.

Shaohua Tang

2006-01-01

Abstract:An efficient hierarchical key assignment scheme for access control based on one-way hash function is proposed, which allows the user in a security class to derive the keys of its subordinating classes, so that the superior class can access the information encrypted and owned by its subordinating classes. This scheme is also flexible to change the hierarchical relationship among security classes, for example, it is not difficult to add new security classes to the hierarchy, or to delete security classes from the hierarchy dynamically. By analysis and comparison, it is shown that some features, such as efficiency, extensibility, and security, are possessed by this scheme.

Hua Deng,Zheng Qin,Qianhong Wu,Robert H. Deng,Zhenyu Guan,Yupeng Hu,Fangmin Li

DOI: https://doi.org/10.1109/tdsc.2022.3153467

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud computing has become an increasingly popular option for users to store and share data. Encryption prior to outsourcing data to the cloud is the best way to protect data security and privacy; however, it hinders sharing of the data that was encrypted. In addition, users in many real-world organizations (e.g., enterprises) have multiple level structures and a higher-level user should have the privilege to decide which data can be shared with a lower-level user. Most solutions in the literature suffer from inefficiency or inflexibility in tackling this problem. In this article, we propose a fine-grained hierarchical data sharing (FHDS) scheme in clouds. With FHDS, the data owner can encrypt data with his public key, and then selectively share encrypted data with users in a hierarchy; if necessary, the users can disseminate the owner's data to their subordinates in the lower levels by generating access keys. In particular, the higher-level users could puncture the keys with some tags such that the part of the owner's data which is labeled by the punctured tags will not be accessible to the lower-level users. The proposed scheme is provable secure under our security model and performance analyses show the efficiency of the scheme.

Tabassum N. Mujawar,Lokesh B. Bhajantri

DOI: https://doi.org/10.4018/ijcac.308273

2022-09-08

International Journal of Cloud Applications and Computing

Abstract:Cloud computing delivers various resources and services to users over internet. At present many businesses and individual users are adopting cloud services to avail benefits such as, less time, less cost, less management, and maintenance. Still, security is the primary issue that must be tackled and one of the security issues is access control mechanism. The most widely used access control method includes Ciphertext Policy Attribute based Encryption, which is encrypted access control scheme. In order to ensure trustworthy and encrypted access control, a trusted hierarchical access structure based encryption scheme is proposed in this paper. The proposed scheme uses hierarchical access structure to encrypt multiple messages and avoid generation of multiple ciphertexts. The trust evaluation component is also integrated with the proposed access control mechanism. An efficient method to assign trust level for service providers and data users by utilizing their behavioral parameters is proposed in the paper.

Ling Xiong,Fagen Li,Mingxing He,Zhicai Liu,Tu Peng

DOI: https://doi.org/10.1109/tcc.2020.3029878

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:In the last few years, mobile cloud computing (MCC) gains a huge development because of the popularity of mobile applications and cloud computing. User authentication and access control are two indispensable security components in the MCC environment. To the best of our knowledge, they are generally designed in different procedures. Access control can be executed after the authentication completes successfully. In order to improve efficiency, this article constructs an integrated scheme of authentication and hierarchical access control using self-certified public key cryptography (SCPKC) and the Chinese remainder theorem (CRT) for MCC environment. The proposed scheme can achieve mutual authentication while determining the access rights of mobile users without storing any access control list in the MCC service provider side. Besides, we also give a dynamic adding or deletion of MCC service provider to efficiently address potential changes in the hierarchy. The security of our proposed scheme is proved by the random oracle model. Compared with recently related multi-server authentication schemes for the MCC environment, the proposed scheme not only adds a new function of hierarchical access control but also has better computation and communication efficiencies. Therefore, the proposed scheme is more suitable for real-life MCC applications.

Xuejiao Liu,Yingjie Xia,Shasha Jiang,Fubiao Xia,Yanbo Wang

DOI: https://doi.org/10.1109/TrustCom.2013.60

2013-01-01

Abstract:Access control is one of the most important security mechanisms in cloud computing. Attributed based encryption provides an approach that allows data owners to integrate data access policies within the encrypted data. However, little work has been done to explore flexible authorization in specifying the data user's privileges and enforcing the data owner's policy in cloud based environments. In this paper, we propose a hierarchical attribute based access control scheme by extending ciphertext-policy attribute-based encryption (CP-ABE) with a hierarchical structure of multiauthorities and exploiting attribute-based signature (ABS). The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits fine-grained access control with authentication in supporting write privilege on outsourced data in cloud computing. In addition, we decouple the task of policy management from security enforcement by using the extensible access control markup language (XACML) framework. Extensive analysis shows that our scheme is both efficient and scalable in dealing with access control for outsourced data in cloud computing.

Yu Zhang,Jing Chen,Ruiying Du,Lan Deng,Yang Xiang,Qing Zhou

DOI: https://doi.org/10.1109/TrustCom.2014.42

2014-01-01

Abstract:In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Yuanpeng Xie,Hong Wen,Bin Wu,Yixin Jiang,Jiaxiao Meng

DOI: https://doi.org/10.1109/tcc.2015.2513388

IF: 5.697

2015-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud computing is an Internet-based computing pattern through which shared resources are provided to devices on-demand. It is an emerging but promising paradigm to integrating mobile devices into cloud computing, and the integration performs in the cloud based hierarchical multi-user data-shared environment. With integrating into cloud computing, security issues such as data confidentiality and user authority may arise in the mobile cloud computing system, and it is concerned as the main constraints to the developments of mobile cloud computing. In order to provide safe and secure operation, a hierarchical access control method using modified hierarchical attribute-based encryption (M-HABE) and a modified three-layer structure is proposed in this paper. In a specific mobile cloud computing model, enormous data which may be from all kinds of mobile devices, such as smart phones, functioned phones and PDAs and so on can be controlled and monitored by the system, and the data can be sensitive to unauthorized third party and constraint to legal users as well. The novel scheme mainly focuses on the data processing, storing and accessing, which is designed to ensure the users with legal authorities to get corresponding classified data and to restrict illegal users and unauthorized legal users get access to the data, which makes it extremely suitable for the mobile cloud computing paradigms.

Niu Shaozhang,Tu Shanshan,Huang Yongfeng

DOI: https://doi.org/10.1049/cje.2015.07.015

IF: 1.019

2015-01-01

Chinese Journal of Electronics

Abstract:Cloud computing services have got rapid development in the field of the lightweight terminal, especially wireless communications. The comprehensive access control system framework is proposed for the cloud. A kind of access control scheme based on attribute encryption is designed, in which lightweight devices can safely use cloud computing resources to outsource encrypt/decrypt operations, and not worry for exposing terminal sensitive data. The scheme is verified by performance evaluation about the security, computing, storage, to ensure the legitimate interests of users in the cloud.

Yibing Kong,Jennifer Seberry,Janusz R. Getta,Ping Yu

DOI: https://doi.org/10.1007/11556992_33

2005-01-01

Abstract:As one of the most popular information safeguarding mechanisms, access control is widely deployed in information systems. However, access control approach suffers from a tough problem, i.e. system administrators must be unconditionally trusted. Cryptographic substitutes have been developed to solve the above problem. In particular, hierarchical encryption, as an alternate solution of access control in a hierarchy, has been intensively studied. In this paper, we propose a cryptographic solution for general access control based on Chinese Remainder Theorem. Our solution has two categories: data based solution and key based solution. In contrast to the most recent hierarchical encryption system: Ray, Ray and Narasimhamurthi's system [1], our solution is more efficient, secure and flexible. Moreover, we introduce an efficient mechanism for authorization alterations. This paper ends with a set of experimental results that support our research.

Jin Li,Gansen Zhao,Xiaofeng Chen,Dongqing Xie,Chunming Rong,Wenjun Li,Lianzhang Tang,Yong Tang

DOI: https://doi.org/10.1109/cloudcom.2010.44

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which IT resources and capacities are provided as services over the Internet. Promising as it is, this paradigm also brings forth new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are likely outside of the same trust domain of data owners. To maintain the confidentiality of, sensitive user data against untrusted servers, existing work usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. In this paper, we present a way to implement, scalable and fine-grained access control systems based on attribute-based encryption (ABE). For the purpose of secure access control in cloud computing, the prevention of illegal key sharing among colluding users is missing from the existing access control systems based on ABE. This paper addresses this challenging open issue by defining and enforcing access policies based on data attributes and implementing user accountability by using traitor tracing. Furthermore, both the user grant and revocation are efficiently supported by using the broadcast encryption technique. Extensive analysis shows that the proposed scheme is highly efficient and provably secure under existing security models.

Yuhan Bai,Kai Fan,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2024.3358745

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The attribute-based encryption (ABE) scheme, which can set specific conditions to control user access to data, has been widely studied and applied to cloud storage services. Considering file hierarchy in practical scenarios, the ABE scheme can set a hierarchical access control policy so multiple files can be associated with one access structure to reduce users’ computing overhead and save the cloud server’s storage space. However, the existing systems have the risk of user collusion due to the hierarchical access control structure parameters. This paper proposes a secure file hierarchy ABE scheme supporting user collusion resistance (CR-FH-CPABE) in cloud computing. We add a data noise vector without changing the hierarchical access control structure to prevent user ultra vires. Technically, we break the relationships that colluding users could exploit, prevent malicious users from colluding with their computing results, and extract meaningful information from the ciphertext. In addition, we provide an improved CR-FH-CPABE scheme with outsourced decryption, which helps resource-limited devices obtain computing services. Finally, we demonstrate our scheme is CPA secure and show outstanding performance through simulation results.

Yuxiang Chen,Yao Hao,Zhongqiang Yi,Xiaoyu Guo,Chunxiang Xu

DOI: https://doi.org/10.1109/nana56854.2022.00042

2022-01-01

Abstract:As file management is widely used in e-government and enterprise office, the file exchange, as the main means of sharing and collaborating in office, has been far from able to meet the needs of data security. Encrypted Storage with its highly security, controllability, can be an effective solution to the limitations of existing authority control services. However, during the data sharing and exchange, the file is separated from the owner, which has the problem of insufficient or over -authorization, thus needs fine-grained hierarchical control and cooperation. In this article, we propose a hierarchical management and control scheme for encrypted storage combined with ciphertext retrieval. The proposed scheme supports top-down privilege division without increasing the number of managed keys, all the data are processed and authorized strictly, the high-level user can deduce the keys of lower authorized users, but not vice versa, thus solving data leakage caused by over-authorization. Through performance and security analysis, we demonstrate that the scheme can better meet the data security and precise authorization requirements.