Towards Virtuous Cloud Data Storage Using Access Policy Hiding in Ciphertext Policy Attribute-Based Encryption

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

Download Full-text

Accounting and Privacy Preserving of Data Owner in Cloud Storage

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.f8715.0410621 ◽

2021 ◽

Vol 10 (6) ◽

pp. 14-17

Author(s):

Mohan A. ◽

vamshikrishna P.

Keyword(s):

Distributed Computing ◽

Cloud Storage ◽

Cloud Provider ◽

Confidential Information ◽

Encrypted Data ◽

Access Policy ◽

Attribute Based Encryption ◽

Data Owner ◽

Edos Attacks ◽

Ciphertext Policy

People use the support of distributed computing however can't completely believe the cloud suppliers to have protection and confidential information. To guarantee secrecy, data owners relocate encoded information rather than plain texts. To divide the encoded documents with different clients, Ciphertext-Policy Attribute-based Encryption (CP-ABE) can be utilized. But this cannot become secure against some other assaults. Many other schemes did not gave guarantee that the cloud provider has the power to check whether a downloader can unscramble or not. Consequently, these files are accessible to everybody who is approachable to the cloud storage. An intentionally harmful assailant can download a great many records to start Economic Denial of Sustainability (EDoS) attacks, it will to a great extent expend the cloud asset. The owner will bear all the expenses for the cloud storage but the cloud provider doesn’t provide the whole information about the access or usage. There is no transparency for the owner. We have to solve these concerns. In order to this we are going to propose a solution for securing the encrypted data from EDoS attacks and providing the owner whole usage information about the cloud storage. We are implementing by using the arbitrary access policy of CP-ABE.

Download Full-text

What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Information ◽

10.3390/info12040142 ◽

2021 ◽

Vol 12 (4) ◽

pp. 142

Author(s):

Weijing You ◽

Lei Lei ◽

Bo Chen ◽

Limin Liu

Keyword(s):

Experimental Evaluation ◽

Cloud Storage ◽

Security Analysis ◽

Encrypted Data ◽

Cloud Data ◽

Storage Cost ◽

Outsourced Data ◽

Proof Of Ownership ◽

Client Side ◽

Over Time

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively.

Download Full-text

Study of privacy-preserving framework for cloud storage

Computer Science and Information Systems ◽

10.2298/csis100327029r ◽

2011 ◽

Vol 8 (3) ◽

pp. 801-819 ◽

Cited By ~ 12

Author(s):

Huang Ruwei ◽

Gui Xiaolin ◽

Yu Si ◽

Zhuang Wei

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Bloom Filter ◽

Data Access ◽

Data Retrieval ◽

Privacy Preserving ◽

Index Structure ◽

Structure Generation ◽

Access Right

In order to implement privacy-preserving, efficient and secure data storage and access environment of cloud storage, the following problems must be considered: data index structure, generation and management of keys, data retrieval, treatments of change of users? access right and dynamic operations on data, and interactions among participants. To solve those problems, the interactive protocol among participants is introduced, an extirpation-based key derivation algorithm (EKDA) is designed to manage the keys, a double hashed and weighted Bloom Filter (DWBF) is proposed to retrieve the encrypted keywords, which are combined with lazy revocation, multi-tree structure, asymmetric and symmetric encryptions, which form a privacypreserving, efficient and secure framework for cloud storage. The experiment and security analysis show that EKDA can reduce the communication and storage overheads efficiently, DWBF supports ciphertext retrieval and can reduce communication, storage and computation overhead as well, and the proposed framework is privacy preserving while supporting data access efficiently.

Download Full-text

Security Analysis on a Public POR Scheme in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5395 ◽

2014 ◽

Vol 556-562 ◽

pp. 5395-5399

Author(s):

Jian Hong Zhang ◽

Wen Jing Tang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Integrity ◽

Data File ◽

Cloud Data ◽

Security Proof ◽

Cloud Server ◽

Cloud Data Storage ◽

Active Attack

Data integrity is one of the biggest concerns with cloud data storage for cloud user. Besides, the cloud user’s constrained computing capabilities make the task of data integrity auditing expensive and even formidable. Recently, a proof-of-retrievability scheme proposed by Yuan et al. has addressed the issue, and security proof of the scheme was provided. Unfortunately, in this work we show that the scheme is insecure. Namely, the cloud server who maliciously modifies the data file can pass the verification, and the client who executes the cloud storage auditing can recover the whole data file through the interactive process. Furthermore, we also show that the protocol is vulnerable to an efficient active attack, which means that the active attacker is able to arbitrarily modify the cloud data without being detected by the auditor in the auditing process. After giving the corresponding attacks to Yuan et al.’s scheme, we suggest a solution to fix the problems.

Download Full-text

Implementing secure data access control for multi-authority cloud storage system using Ciphertext Policy-Attribute based encryption

International Conference on Information Communication and Embedded Systems (ICICES2014) ◽

10.1109/icices.2014.7033749 ◽

2014 ◽

Author(s):

S. Vijaya Lekshmi ◽

M. P. Revathi

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Data Access ◽

Data Access Control ◽

Attribute Based Encryption ◽

Secure Data ◽

Ciphertext Policy

Download Full-text

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100102 ◽

2019 ◽

Vol 13 (4) ◽

pp. 12-27

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Storage ◽

Private Information ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

Download Full-text

Revocable attribute-based proxy re-encryption

Journal of Mathematical Cryptology ◽

10.1515/jmc-2020-0039 ◽

2021 ◽

Vol 15 (1) ◽

pp. 465-482

Author(s):

Fucai Luo ◽

Saif Al-Kuwari

Keyword(s):

Cloud Storage ◽

Security Model ◽

Encrypted Data ◽

Practical Applications ◽

Access Policy ◽

Attribute Based Encryption ◽

The Standard Model ◽

Identity Based ◽

Learning With Errors ◽

Predicate Encryption

Abstract Attribute-based proxy re-encryption (ABPRE), which combines the notions of proxy re-encryption (PRE) and attribute-based encryption (ABE), allows a semi-trusted proxy with re-encryption key to transform a ciphertext under a particular access policy into a ciphertext under another access policy, without revealing any information about the underlying plaintext. This primitive is very useful in applications where encrypted data need to be stored in untrusted environments, such as cloud storage. In many practical applications, and in order to address scenarios where users misbehave or the re-encryption keys are compromised, an efficient revocation mechanism is necessary for ABPRE. Previously, revocation mechanism was considered in the settings of identity-based encryption (IBE), ABE, predicate encryption (PE), and broadcast PRE, but not ABPRE, which is what we set to do in this paper. We first formalize the concept of revocable ABPRE and its security model. Then, we propose a lattice-based instantiation of revocable ABPRE. Our scheme not only supports an efficient revocation mechanism but also supports polynomial-depth policy circuits and has short private keys, where the size of the keys is dependent only on the depth of the supported policy circuits. In addition, we prove that our scheme is selectively chosen-plaintext attack (CPA) secure in the standard model, based on the learning with errors assumption.

Download Full-text

Modified Ciphertext-Policy Attribute-Based Encryption Scheme with Efficient Revocation for PHR System

Mathematical Problems in Engineering ◽

10.1155/2017/6808190 ◽

2017 ◽

Vol 2017 ◽

pp. 1-10 ◽

Cited By ~ 2

Author(s):

Hongying Zheng ◽

Jieming Wu ◽

Bo Wang ◽

Jianyong Chen

Keyword(s):

Cloud Storage ◽

Personal Health Record ◽

Storage System ◽

Personal Health ◽

Encryption Scheme ◽

Promising Technique ◽

Access Policy ◽

Attribute Based Encryption ◽

Role Based ◽

Ciphertext Policy

Attribute-based encryption (ABE) is considered a promising technique for cloud storage where multiple accessors may read the same file. For storage system with specific personal health record (PHR), we propose a modified ciphertext-policy attribute-based encryption scheme with expressive and flexible access policy for public domains. Our scheme supports multiauthority scenario, in which the authorities work independently without an authentication center. For attribute revocation, it can generate different update parameters for different accessors to effectively resist both accessor collusion and authority collusion. Moreover, a blacklist mechanism is designed to resist role-based collusion. Simulations show that the proposed scheme can achieve better performance with less storage occupation, computation assumption, and revocation cost compared with other schemes.

Download Full-text

Access Policy’s Over Encrypted Cloud Storage for Secure Deduplication

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.27.17648 ◽

2018 ◽

Vol 7 (3.27) ◽

pp. 27

Author(s):

G Kiran Kumar ◽

E Amarnath Reddy ◽

B Mamatha ◽

Kompally Manisha

Keyword(s):

Cloud Storage ◽

Data Access ◽

Public Key Cryptography ◽

Public Key ◽

Symmetric Encryption ◽

Private Key ◽

Attribute Based Encryption ◽

Original File ◽

Ciphertext Policy ◽

Access Policies

Attribute-Based Encryption (ABE) is a basic concept that considers public-key cryptography. Ciphertext-Policy ABE (CP-ABE) is one of the approaches used by ABE for data sharing in the cloud. In CP-ABE scheme, each user’s private key has a set of attributes and then the user decrypts a ciphertext if it holds a matching key. Our proposed system provides an extension to CP-ABE by implementing AES. AES uses a symmetric encryption key algorithm for a same set of keys. Our system provides a higher security through AES because of its complexity and helps in generating the content key . This key is used during the encryption of the original file over the cloud. Our methodology also focuses on deduplication to provide less consumption of cloud storage over the cloud. Another advantage of using this system is to provide an efficient way of data access via access policies for a certain set of credentials.

Download Full-text

An Effective Data Access Method for Public Cloud Data Storage

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k1017.09811s219 ◽

2019 ◽

Vol 8 (11S2) ◽

pp. 105-109

Keyword(s):

Access Control ◽

Data Storage ◽

Single Point ◽

Data Access ◽

Access Method ◽

Control Plan ◽

Cloud Data ◽

Promising Strategy ◽

Attribute Based Encryption ◽

Cloud Data Storage

These days attribute-based encryption has been gotten as a promising strategy to give versatile and secure data to oversee the conveyed storage in the cloud registering environment. In the attribute-based encryption plan, the single property pro should execute the customer legitimacy check and mystery key flow, and thusly, its outcomes. Customers may be stuck in the believing that at a stretch get their mystery keys and choose to get the required data from Cloud. So as to maintain a strategic distance from the single-point execution bottleneck, we are proposing multi-master access control plan which will assess the issue such way that it gives increasingly successful access control on cloud data to the clients.

Download Full-text