Data Sharing with Fine-Grained Access Control for Multi-tenancy Cloud Storage System

The application of cloud storage system has been deployed widely in recent years. A lot of electronic medical records (EMRs) are collected and uploaded to the cloud for scalable sharing among the authority users. It is necessary to guarantee the confidentiality of EMRs and the privacy of EMR owners. To achieve this target, we summarize a series of attack behaviors in the cloud storage system and present the security model against many types of unexpected privacy leakage. Privacy of unassailed EMRs is guaranteed in this model, and the influence of privacy leakage is controlled in a certain scope. We also propose a role-based access control scheme to achieve flexible access control on these private EMRs. One can access medical records only if his/her role satisfies the defined access policy, which implies a fine-grained access control. Theoretical and experimental analyses show the efficiency of our scheme in terms of computation and communication.

Download Full-text

Fine-Grained Access Control with Efficient Revocation in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.79 ◽

2014 ◽

Vol 571-572 ◽

pp. 79-89

Author(s):

Ting Zhong ◽

You Peng Sun ◽

Qiao Liu

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Fine Grained ◽

Computational Overhead ◽

Attribute Based Encryption ◽

Encrypt Data ◽

User Revocation ◽

Ciphertext Policy ◽

Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

Download Full-text

Blockchain-Based Access Control and Data Sharing Mechanism in Cloud Decentralized Storage System

Journal of Web Engineering ◽

10.13052/jwe1540-9589.2054 ◽

2021 ◽

Author(s):

Yogesh M Gajmal ◽

R. Udayakumar

Keyword(s):

Access Control ◽

Data Sharing ◽

Data Security ◽

Cloud Storage ◽

Control Method ◽

Single Point ◽

Storage System ◽

Data Encryption ◽

Data Owner ◽

Data User

Access control is a major factor in enhancing data security in the cloud storage system. However, the existing data sharing and the access control method have privacy data leakage and key abuse, which is a major challenge in the research community. Therefore, an effective method named Blockchain-based access control and data sharing approach is developed in the cloud storage system to increase data security. The proposed Blockchain-based access control and data sharing approach effectively solve single-point failure in the cloud system. It provides more benefits by increasing the throughput and reducing the cost. The Data user (DU) makes the registration request using the ID and password and forwards it to the Data Owner (DO), which processes the request and authenticates the Data user. The information of the data owner is embedded in the transactional blockchain using the encrypted master key. The Data owner achieves the data encryption process, and encrypted files are uploaded to the Interplanetary File System (IPFS). Based on the encrypted file location and encrypted key, the Data owner generates the ciphertext metadata and is embedded in the transactional blockchain. The proposed Blockchain-based access control and data sharing approach achieved better performance using the metrics, like a better genuine user detection rate of 95% and lower responsiveness of 25sec with the blockchain of 100 sizes.

Download Full-text

Reliable Policy Updating under Efficient Policy Hidden Fine-grained Access Control Framework for Cloud Data Sharing

IEEE Transactions on Services Computing ◽

10.1109/tsc.2021.3096177 ◽

2021 ◽

pp. 1-1

Author(s):

Zuobin Ying ◽

Wenjie Jiang ◽

Ximeng Liu ◽

Shengmin Xu ◽

Robert Deng

Keyword(s):

Access Control ◽

Data Sharing ◽

Cloud Data ◽

Fine Grained ◽

Control Framework

Download Full-text

Enabling Efficient Decentralized and Privacy Preserving Data Sharing in Mobile Cloud Computing

Wireless Communications and Mobile Computing ◽

10.1155/2021/8513869 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Jiawei Zhang ◽

Ning Lu ◽

Teng Li ◽

Jianfeng Ma

Keyword(s):

Cloud Computing ◽

Access Control ◽

Mobile Devices ◽

Data Sharing ◽

Mobile Cloud Computing ◽

High Efficiency ◽

Mobile Cloud ◽

User Privacy ◽

Access Policy ◽

Fine Grained

Mobile cloud computing (MCC) is embracing rapid development these days and able to provide data outsourcing and sharing services for cloud users with pervasively smart mobile devices. Although these services bring various conveniences, many security concerns such as illegally access and user privacy leakage are inflicted. Aiming to protect the security of cloud data sharing against unauthorized accesses, many studies have been conducted for fine-grained access control using ciphertext-policy attribute-based encryption (CP-ABE). However, a practical and secure data sharing scheme that simultaneously supports fine-grained access control, large university, key escrow free, and privacy protection in MCC with expressive access policy, high efficiency, verifiability, and exculpability on resource-limited mobile devices has not been fully explored yet. Therefore, we investigate the challenge and propose an Efficient and Multiauthority Large Universe Policy-Hiding Data Sharing (EMA-LUPHDS) scheme. In this scheme, we employ fully hidden policy to preserve the user privacy in access policy. To adapt to large scale and distributed MCC environment, we optimize multiauthority CP-ABE to be compatible with large attribute universe. Meanwhile, for the efficiency purpose, online/offline and verifiable outsourced decryption techniques with exculpability are leveraged in our scheme. In the end, we demonstrate the flexibility and high efficiency of our proposal for data sharing in MCC by extensive performance evaluation.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text