A Secure and Fine-Grained Big Data Access Control Scheme for Cloud-Based Services

Cloud computing is the delivery of computing services including servers, storage, databases, networking, software, analytics, and intelligence over the Internet. Nowadays, access control is one of the most critical problems with cloud computing. Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising encryption technique that enables end-users to encrypt their data under the access policies defined over some attributes of data consumers and only allows data consumers whose attributes satisfy the access policies to decrypt the data. In CP-ABE, the access policy is attached to the ciphertext in plaintext form, which may also leak some private information about end-users. Existing methods only partially hide the attribute values in the access policies, while the attribute names are still unprotected. This paper proposes an efficient and fine-grained big data access control scheme with privacy-preserving policy. Specifically, it hides the whole attribute (rather than only its values) in the access policies. To assist data decryption, it designs an algorithm called Attribute Bloom Filter to evaluate whether an attribute is in the access policy and locate the exact position in the access policy if it is in the access policy. The paper also deals with offline attribute guessing attack. Security analysis and performance evaluation show that this scheme can preserve the privacy from any LSSS access policy without employing much overhead.

Download Full-text

A Review of fine grained access control techniques

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.7.10249 ◽

2018 ◽

Vol 7 (2.7) ◽

pp. 20 ◽

Cited By ~ 2

Author(s):

Rakesh Shirsath ◽

Dr K. V. Daya Sagar

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Access ◽

Control Approach ◽

Access Policy ◽

Fine Grained ◽

Data Access Control ◽

Encrypt Data ◽

Cloud Server ◽

Access Policies

Nowadays cloud computing is most demanding technology where computing resources are availed as per demand through Internet. Cloud computing model also brings many challenges for confidentiality, integrity, privacy of data and data access control. As cloud computing develops vigorously, an increasing number of enterprises and individuals are motivated to upload their data sources to the public cloud server for sharing. It is not entirely credible for enterprises and individuals to transfer data owing to the openness of the cloud server, so they must encrypt data before uploading and also loose direct control of data. Therefore, an elastic access control or fine-grained access control approach for data is urgently required and becomes a challenging open problem. In this paper, the issue of access control is discussed by defining traditional access policies. Attribute based access policy is analysed with its types. Finally, comparison is made among all policies with respect to various parameters.

Download Full-text

AN EFFICIENT AND FINE-GRAINED BIG DATA ACCESS CONTROL SCHEME WITH PRIVACY-PRESERVING POLICY

International Journal of Advance Engineering and Research Development ◽

10.21090/ijaerd.38344 ◽

2017 ◽

Vol 4 (10) ◽

Keyword(s):

Big Data ◽

Access Control ◽

Data Access ◽

Privacy Preserving ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

An efficient attribute-based hierarchical data access control scheme in cloud computing

Human-centric Computing and Information Sciences ◽

10.1186/s13673-020-00255-5 ◽

2020 ◽

Vol 10 (1) ◽

Author(s):

Heng He ◽

Liang-han Zheng ◽

Peng Li ◽

Li Deng ◽

Li Huang ◽

...

Keyword(s):

Cloud Computing ◽

Access Control ◽

High Performance ◽

Data Access ◽

Fine Grained ◽

Security Issues ◽

Access Structures ◽

Data Access Control ◽

Control Scheme ◽

Access Requirement

AbstractSecurity issues in cloud computing have become a hot topic in academia and industry, and CP-ABE is an effective solution for managing and protecting data. When data is shared in cloud computing, they usually have multiple access structures that have hierarchical relationships. However, existing CP-ABE algorithms do not consider such relationships and just require data owners to generate multiple ciphertexts to meet the hierarchical access requirement, which would incur substantial computation overheads. To achieve fine-grained access control of multiple hierarchical files effectively, first we propose an efficient hierarchical CP-ABE algorithm whose access structure is linear secret sharing scheme. Moreover, we construct an attribute-based hierarchical access control scheme, namely AHAC. In our scheme, when a data visitor’s attributes match a part of the access control structure, he can decrypt the data that associate with this part. The experiments show that AHAC has good security and high performance. Furthermore, when the quantity of encrypted data files increases, the superiority of AHAC will be more significant.

Download Full-text

An Efficient and Fine-Grained Big Data Access Control Scheme With Privacy-Preserving Policy

IEEE Internet of Things Journal ◽

10.1109/jiot.2016.2571718 ◽

2017 ◽

Vol 4 (2) ◽

pp. 563-571 ◽

Cited By ~ 48

Author(s):

Kan Yang ◽

Qi Han ◽

Hui Li ◽

Kan Zheng ◽

Zhou Su ◽

...

Keyword(s):

Big Data ◽

Access Control ◽

Data Access ◽

Privacy Preserving ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing

Cluster Computing ◽

10.1007/s10586-017-0863-y ◽

2017 ◽

Vol 20 (2) ◽

pp. 1457-1472 ◽

Cited By ~ 6

Author(s):

Heng He ◽

Ji Zhang ◽

Jinguang Gu ◽

Yan Hu ◽

Fangfang Xu

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Access ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

An Efficient Ciphertext Policy-Attribute Based Encryption for Big Data Access Control in Cloud Computing

2017 Ninth International Conference on Advanced Computing (ICoAC) ◽

10.1109/icoac.2017.8441507 ◽

2017 ◽

Cited By ~ 4

Author(s):

P. Praveen Kumar ◽

P. Syam Kumar ◽

P.J.A. Alphonse

Keyword(s):

Cloud Computing ◽

Big Data ◽

Access Control ◽

Data Access ◽

Data Access Control ◽

Attribute Based Encryption ◽

Ciphertext Policy

Download Full-text

Secure and efficient fine-grained data access control scheme in cloud computing1

Journal of High Speed Networks ◽

10.3233/jhs-150524 ◽

2015 ◽

Vol 21 (4) ◽

pp. 259-271 ◽

Cited By ~ 10

Author(s):

Changsong Yang ◽

Jun Ye

Keyword(s):

Access Control ◽

Data Access ◽

Fine Grained ◽

Data Access Control ◽

Control Scheme

Download Full-text

Big Data Handling Approach for Unauthorized Access of Cloud Computing

10.20944/preprints202112.0068.v1 ◽

2021 ◽

Author(s):

Abdul Razaque ◽

Shaldanbayeva Nazerke ◽

Bandar Alotaibi ◽

Munif Alotaibi ◽

Akhmetov Murat ◽

...

Keyword(s):

Cloud Computing ◽

Big Data ◽

Access Control ◽

Intrusion Detection ◽

Data Access ◽

Computing System ◽

Data Handling ◽

Unauthorized Access ◽

Data Access Control ◽

Cloud Computing System

Nowadays, cloud computing is one of the important and rapidly growing paradigms that extend its capabilities and applications in various areas of life. The cloud computing system challenges many security issues, such as scalability, integrity, confidentiality, and unauthorized access, etc. An illegitimate intruder may gain access to the sensitive cloud computing system and use the data for inappropriate purposes that may lead to losses in business or system damage. This paper proposes a hybrid unauthorized data handling (HUDH) scheme for Big data in cloud computing. The HUDU aims to restrict illegitimate users from accessing the cloud and data security provision. The proposed HUDH consists of three steps: data encryption, data access, and intrusion detection. HUDH involves three algorithms; Advanced Encryption Standards (AES) for encryption, Attribute-Based Access Control (ABAC) for data access control, and Hybrid Intrusion Detection (HID) for unauthorized access detection. The proposed scheme is implemented using Python and Java language. Testing results demonstrate that the HUDH can delegate computation overhead to powerful cloud servers. User confidentiality, access privilege, and user secret key accountability can be attained with more than 97% high accuracy.

Download Full-text

Formalization and Verification of TESAC Using CSP

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194019400199 ◽

2019 ◽

Vol 29 (11n12) ◽

pp. 1741-1760

Author(s):

Dongzhen Sun ◽

Huibiao Zhu ◽

Yuan Fei ◽

Lili Xiao ◽

Gang Lu ◽

...

Keyword(s):

Cloud Computing ◽

Access Control ◽

Process Analysis ◽

Computing Time ◽

Data Access ◽

Computing Paradigm ◽

Data Access Control ◽

Control Scheme ◽

Critical Issues ◽

Security Properties

Cloud computing is an emerging computing paradigm in IT industries. The wide adoption of cloud computing is raising concerns about management of data in the cloud. Access control and data security are two critical issues of cloud computing. Time-efficient secure access control (TESAC) model is a new data access control scheme which can minimize many significant problems. This scheme has better performance than other existing models in a cloud computing environment. TESAC is attracting more and more attentions from industries. Hence, the reliability of TESAC becomes extremely important. In this paper, we apply Communication Sequential Processes (CSP) to model TESAC, as well as their security properties. We mainly focus on its data access mechanism part and formalize it in detail. Moreover, using the model checker Process Analysis Toolkit (PAT), we have verified that the TESAC model cannot assure the security of data with malicious users. For the purpose of solving this problem, we introduce a new method similar to digital signature. Our study can improve the security and robustness of the TESAC model.

Download Full-text