International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Fine Grained Security in Cloud with Cryptographic Access Control

  • Received : 2024.07.05
  • Published : 2024.07.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cloud computing services has gained increasing popularity in recent years for supporting various on demand and scalable services for IT consumers where there is a need of less investment towards infrastructure. While storage architecture of cloud enjoys a more robust and fault-tolerant cloud computing network, such architecture also poses a number of security challenges especially when applied in applications related to social networks, Financial transactions, etc. First, as data are stored and maintained by individual virtual machines so Cloud resources are prone to hijacked. Such attacks allow attackers to create, modify and delete machine images, and change administrative passwords and settings successfully. hence, it is significantly harder to ensure data security. Second, Due to dynamic and shared nature of the Cloud, data may be compromised in many ways. Last but not least, Service hijacking may lead to redirect client to an illegitimate website. User accounts and service instances could in turn make a new base for attackers. To address the above challenges, we propose in this paper a distributed data access control scheme that is able to fulfil fine-grained access control over cloud data and is resilient against strong attacks such as compromise and user colluding. The proposed framework exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for cloud computing with respect to security requirements

Keywords

References

  1. M.Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.Katz, A.Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, andM. Zaharia, "A View of Cloud Computing," Commun. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.  https://doi.org/10.1145/1721654.1721672
  2. Modi, C., Patel, D., Borisaniya, B., Patel, A. & Rajarajan, M. (2013). "A survey on security issues and solutions at different layers of Cloud computing". The Journal of supercomputing, 63(2), pp. 561-592. doi: 10.1007/s11227-012-0831-5J. 
  3. Yao, S. Chen, S.Nepal,D. Levy, and J. Zic, "TrustStore: MakingAmazon S3 Trustworthy With Services Composition," in Proc. 10th IEEE/ACM Int'l Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2010, pp. 600-605. 
  4. D. Zissis and D. Lekkas, "Addressing Cloud Computing Security Issues," Future Gen. Comput. Syst., vol. 28, no. 3, pp. 583-592, Mar. 2011.  https://doi.org/10.1016/j.future.2010.12.006
  5. Q. Wang, C.Wang, K. Ren,W. Lou, and J. Li, "Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing," IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 5, pp. 847-859, May 2011.  https://doi.org/10.1109/TPDS.2010.183
  6. C. Wang, Q. Wang, K. Ren, and W. Lou, "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," in Proc. 30st IEEE Conf. on Comput. and Commun. (INFOCOM), 2010, pp. 1-9. 
  7. G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, "Scalable and Efficient Provable Data Possession," in Proc. 4th Int'l Conf. Security and Privacy in Commun. Netw. (SecureComm), 2008, pp. 1-10. 
  8. G. Ateniese, R. Burns, R. Curtmola, J. Herring, O. Khan, L. Kissner, Z. Peterson, and D. Song, "Remote Data Checking Using Provable Data Possession," ACM Trans. Inf. Syst. Security, vol. 14, no. 1, May 2011, Article 12. 
  9. G.Ateniese, R.B. Johns,R. Curtmola, J.Herring, L. Kissner,Z. Peterson, and D. Song, "Provable Data Possession at Untrusted Stores," in Proc. 14th ACM Conf. on Comput. and Commun. Security (CCS), 2007, pp. 598-609. 
  10. R. Curtmola, O. Khan, R.C. Burns, and G. Ateniese, "MR-PDP: Multiple-Replica Provable Data Possession," in Proc. 28th IEEE Conf. on Distrib. Comput. Syst. (ICDCS), 2008, pp. 411-420. 
  11. C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, "Dynamic Provable Data Possession," in Proc. 16th ACM Conf. on Comput. and Commun. Security (CCS), 2009, pp. 213-222. 
  12. Y. Zhu, H. Hu, G.-J. Ahn, and M. Yu, "Cooperative Provable Data Possession for Integrity Verification in Multi-Cloud Storage," IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 12, pp. 2231-2244, Dec. 2012.  https://doi.org/10.1109/TPDS.2012.66
  13. A. Juels and B.S. Kaliski Jr., "PORs: Proofs of Retrievability for Large Files," in Proc. 14th ACM Conf. on Comput. and Commun. Security (CCS), 2007, pp. 584-597. 
  14. D. Boneh, C. Gentry, and B. Waters, "Collusion resistant broadcast encryption with short ciphertexts and private keys," in Advances in Crytology CRYPTO05, 2005. 
  15. L. Cheung, J. Cooley, R. Khazan, and C. Newport, "Collusion-resistant group key management using attribute-aased encryption," in Cryptology ePrint Archive Report 2007/161, 2007. 
  16. A. Fiat and M. Noar, "Broadcast encryption," in Advances in Crytology CRYPTO93, 1993. 
  17. D. Naor, M. Naor, and J. Lotspiech, "Revocation and tracing schemes for stateless receivers," in CRYPTO, 2001. 
  18. F. Ye, H. Luo, J. Cheng, S. Lu, and L. Zhang, "A two-tier data dissemination model for large-scale wireless sensor networks," in ACM MOBICOM'02, Atlanta, Georgia, Sep 2002, pp. 148-159. 
  19. V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in ACM CCS,2006. 
  20. D. Lubicz and T. Sirvent, "Attribute-based broadcast encryption scheme made efficient," in AFRICACRYPT'08, Casablanca, Moracco, Jun. 2008. 
  21. S. Yu, K. Ren, and W. Lou, "Attribute-based on-demand multicast group setup with membership anonymity," in SecureComm'08, Istanbul,Turkey, Sep. 2008.