Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud

To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers). To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.

INTEGRATED CRYPTOGRAPHICAL ACCESS CONTROL OVER NETWORK PROJECT

Cryptanalysis is a new ID-based encryption scheme proposed by Meshram. I found a method for factor N, where N is the parameter proposed by Meshram. We also provide a method for retrieving the Secret Master key for Mayshram’s ID-based encryption scheme. Identity-based (ID-based) cryptography is very useful because it simplifies certificate management in public-key cryptocurrency. For the design of the Integrated File Level Cryptographic Access Control (IFLCAC) system, it makes file security much easier for the end-user. This system combines the advantages of traditional file-level cryptography and full-disc cryptography systems, making it safe and easy to use. We first look at existing file cryptography systems, compare them to two, and then describe the interactions between components and components of the integrated file-level cryptographic access control system. Because its defense relies on the difficulty of discrete logarithmic and integer factor problems, it proves that his scheme is safe against favorable select-plain invasion. We show that this new ID-based encryption scheme is not secure by introducing a method to retrieve the secret master key.