Fine-Grained Access Control Aware Multi-User Data Sharing with Secure Keyword Search

Mobile cloud computing (MCC) is embracing rapid development these days and able to provide data outsourcing and sharing services for cloud users with pervasively smart mobile devices. Although these services bring various conveniences, many security concerns such as illegally access and user privacy leakage are inflicted. Aiming to protect the security of cloud data sharing against unauthorized accesses, many studies have been conducted for fine-grained access control using ciphertext-policy attribute-based encryption (CP-ABE). However, a practical and secure data sharing scheme that simultaneously supports fine-grained access control, large university, key escrow free, and privacy protection in MCC with expressive access policy, high efficiency, verifiability, and exculpability on resource-limited mobile devices has not been fully explored yet. Therefore, we investigate the challenge and propose an Efficient and Multiauthority Large Universe Policy-Hiding Data Sharing (EMA-LUPHDS) scheme. In this scheme, we employ fully hidden policy to preserve the user privacy in access policy. To adapt to large scale and distributed MCC environment, we optimize multiauthority CP-ABE to be compatible with large attribute universe. Meanwhile, for the efficiency purpose, online/offline and verifiable outsourced decryption techniques with exculpability are leveraged in our scheme. In the end, we demonstrate the flexibility and high efficiency of our proposal for data sharing in MCC by extensive performance evaluation.

Download Full-text

BaDS: Blockchain-Based Architecture for Data Sharing with ABS and CP-ABE in IoT

Wireless Communications and Mobile Computing ◽

10.1155/2018/2783658 ◽

2018 ◽

Vol 2018 ◽

pp. 1-9 ◽

Cited By ~ 13

Author(s):

Yunru Zhang ◽

Debiao He ◽

Kim-Kwang Raymond Choo

Keyword(s):

Data Sharing ◽

Consensus Algorithm ◽

Byzantine Fault Tolerance ◽

Tolerance Mechanism ◽

User Privacy ◽

Fine Grained ◽

User Data ◽

Iot Devices ◽

And Storage ◽

Inform Decision Making

Internet of Things (IoT) and cloud computing are increasingly integrated, in the sense that data collected from IoT devices (generally with limited computational and storage resources) are being sent to the cloud for processing, etc., in order to inform decision making and facilitate other operational and business activities. However, the cloud may not be a fully trusted entity, like leaking user data or compromising user privacy. Thus, we propose a privacy-preserving and user-controlled data sharing architecture with fine-grained access control, based on the blockchain model and attribute-based cryptosystem. Also, the consensus algorithm in our system is the Byzantine fault tolerance mechanism, rather than Proof of Work.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

Data Sharing with Fine-Grained Access Control for Multi-tenancy Cloud Storage System

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - Cloud Computing, Security, Privacy in New Computing Environments ◽

10.1007/978-3-319-69605-8_12 ◽

2017 ◽

pp. 123-132 ◽

Cited By ~ 1

Author(s):

Zhen Li ◽

Minghao Zhao ◽

Han Jiang ◽

Qiuliang Xu

Keyword(s):

Access Control ◽

Data Sharing ◽

Cloud Storage ◽

Storage System ◽

Fine Grained

Download Full-text

Privacy-Preserving and Efficient Public Key Encryption with Keyword Search Based on CP-ABE in Cloud

Cryptography ◽

10.3390/cryptography4040028 ◽

2020 ◽

Vol 4 (4) ◽

pp. 28

Author(s):

Yunhong Zhou ◽

Shihui Zheng ◽

Licheng Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Keyword Search ◽

Good Method ◽

Privacy Preserving ◽

Public Key ◽

Public Key Encryption ◽

Encrypted Data ◽

Fine Grained ◽

Attribute Based Encryption

In the area of searchable encryption, public key encryption with keyword search (PEKS) has been a critically important and promising technique which provides secure search over encrypted data in cloud computing. PEKS can protect user data privacy without affecting the usage of the data stored in the untrusted cloud server environment. However, most of the existing PEKS schemes concentrate on data users’ rich search functionalities, regardless of their search permission. Attribute-based encryption technology is a good method to solve the security issues, which provides fine-grained access control to the encrypted data. In this paper, we propose a privacy-preserving and efficient public key encryption with keyword search scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique to support both fine-grained access control and keyword search over encrypted data simultaneously. We formalize the security definition, and prove that our scheme achieves selective indistinguishability security against an adaptive chosen keyword attack. Finally, we present the performance analysis in terms of theoretical analysis and experimental analysis, and demonstrate the efficiency of our scheme.

Download Full-text

Fine-Grained Data Access for Networking Applications

Encyclopedia of Multimedia Technology and Networking, Second Edition ◽

10.4018/978-1-60566-014-1.ch076 ◽

2009 ◽

pp. 568-573 ◽

Cited By ~ 2

Author(s):

Harith Indraratne ◽

Gábor Hosszú

Keyword(s):

Access Control ◽

Data Access ◽

Fine Grained ◽

Security Issues ◽

Network Applications ◽

Access Controls ◽

User Data ◽

Secure Network ◽

Data Separation ◽

Query Modification

Current-day network applications require much more secure data storages than anticipated before. With millions of anonymous users using same networking applications, security of data behind the applications have become a major concern of database developers and security experts. In most security incidents, the databases attached to the applications are targeted, and attacks have been made. Most of these applications require allowing data manipulation at several granular levels to the users accessing the applications—not just table and view level, but tuple level. A database that supports fine-grained access control restricts the rows a user sees, based on his/her credentials. Generally, this restriction is enforced by a query modification mechanism automatically done at the database. This feature enables per-user data access within a single database, with the assurance of physical data separation. It is enabled by associating one or more security policies with tables, views, table columns, and table rows. Such a model is ideal for minimizing the complexity of the security enforcements in databases based on network applications. With fine-grained access controls, one can create fast, scalable, and secure network applications. Each application can be written to find the correct balance between performance and security, so that each data transaction is performed as quickly and safely as possible. Today, the database vendors like Oracle 10g, and IBM DB2 provides commercial implementations of fine-grained access control methods, such as filtering rows, masking columns selectively based on the policy, and applying the policy only when certain columns are accessed. The behavior of the fine-grained access control model can also be increased through the use of multiple types of policies based on the nature of the application, making the feature applicable to multiple situations. Meanwhile, Microsoft SQL Server2005 has also come up with emerging features to control the access to databases using fine-grained access controls. Fine-grained access control does not cover all the security issues related to Internet databases, but when implemented, it supports building secure databases rapidly and bringing down the complexity of security management issues.

Download Full-text