Security-enhanced Data Access Control for Multi-authority Cloud Storage

Abstract

Abstract: Cloud storage has brought many advantages, such as saving users hardware purchase costs and providing real-time online data storage services. More and more people are choosing to store data on the cloud. In order to improve data security and data privacy, Wu et al. gave an extended data access control scheme for multi-authority cloud storage (NEDAC-MACS) on the basis of the scheme of Yang. In this paper, an attack method is given to demonstrate that a revoked user can still decrypt new ciphertexts in NEDAC-MACS, and a scheme to enhance the security of NEDAC-MACS is proposed, which can resist the collusion attack between cloud server and users. Cryptographic analyses confirm that the scheme is able to resist collusion attacks and is feasible.

Key words: access control, data security, collusion attack, cloud storage

LIU Zheng, WU Ke-hua, YE Chun-xiao. Security-enhanced Data Access Control for Multi-authority Cloud Storage[J]. Computer and Modernization, 2021, 0(10): 119-126.

References

［1］ BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption［C］// Proceedings of the 2007 IEEE Symposium on Security and Privacy. 2007:321-334.
［2］ LV Z Q, CHI J L, ZHANG M, et al. Efficiently attribute-based access control for mobile cloud storage system［C］// Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications. 2014:292-299.
［3］ YANG K, JIA X H, REN K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems［C］// Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 2013:523-528.
［4］ WEI J H, LIU W F, HU X X. Secure and efficient attribute-based access control for multiauthority cloud storage［J］. IEEE Systems Journal, 2018,12(2):1731-1742.
［5］ RUJ S, NAYAK A, STOJMENOVIC I. DACC: Distributed access control in clouds［C］// Proceedings of the 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. 2011:91-98.
［6］ CHASE M. Multi-authority attribute based encryption［C］// Proceedings of the 4th Conference on Theory of Cryptography. 2007:515-534.
［7］ CHASE M, CHOW S S M. Improving privacy and security in multi-authority attribute-based encryption［C］// Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009:121-130.
［8］ YANG K, JIA X H, REN K, et al. DAC-MACS: Effective data access control for multiauthority cloud storage systems［J］. IEEE Transactions on Information Forensics and Security, 2013,8(11):1790-1801.
［9］ LI M, YU S C, ZHENG Y, et al. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption［J］. IEEE Transactions on Parallel and Distributed Systems, 2013,24(1):131-143.
［10］LI J, HUANG X Y, LI J W, et al. Securely outsourcing attribute-based encryption with checkability［J］. IEEE Transactions on Parallel and Distributed Systems, 2014,25(8):2201-2210.
［11］LI J G, YAO W, HAN J G, et al. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage［J］. IEEE Systems Journal, 2018,12(2):1767-1777.
［12］HU C Q, LI W, CHENG X Z, et al. A secure and verifiable access control scheme for big data storage in clouds［J］. IEEE Transactions on Big Data, 2018,4(3):341-355.
［13］WU X L, JIANG R, BHARGAVA B. On the security of data access control for multiauthority cloud storage systems［J］. IEEE Transactions on Services Computing, 2017,10(2):258-272.
［14］SAHAI A, WATERS B. Fuzzy identity-based encryption［C］// Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. 2005:457-473.
［15］GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data［C］// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006:89-98.
［16］OSTROVSKY R, SAHAI A, WATERS B. Attribute-based encryption with non-monotonic access structures［C］// Proceedings of the 14th ACM Conference on Computer and Communications Security. 2007:195-203.
［17］LEWKO A, OKAMOTO T, SAHAI A, et al. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption［C］// Proceedings of the 29th Annual International Conference on Theory and Applications of Cryptographic Techniques. 2010:62-91.
［18］WATERS B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization［C］// Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography. 2011:53-70.
［19］ROUSELAKIS Y, WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption［C］// Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013:463-474.
［20］LEWKO A, WATERS B. Decentralizing attribute-based encryption［C］// Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology. 2011:568-588.
［21］PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems［C］// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006:99-112.
［22］HUR J, NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems［J］. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7):1214-1221.
［23］CHEN J W, MA H D. Efficient decentralized attribute-based access control for cloud storage with user revocation［C］// Proceedings of the 2014 IEEE International Conference on Communications. 2014:3782-3787.
［24］LI X Y, TANG S H, XU L L, et al. Two-factor data access control with efficient revocation for multi-authority cloud storage systems［J］. IEEE Access, 2017,5:393-405.
［25］YU S C, WANG C, REN K, et al. Attribute based data sharing with attribute revocation［C］// Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. 2010:261-270.
［26］KAWAI Y, TAKASHIMA K. Fully-anonymous functional proxy-re-encryption［DB/OL］. (2013-10-11)［2021-01-21］. https://eprint.iacr.org/2013/318.pdf.
［27］CHAUDHARI P, DAS M L, DASGUPTA D. Privacy-preserving proxy re-encryption with fine-grained access control［C］// Proceedings of the 2017 International Conference on Information Systems Security. 2017:88-103.
［28］ZIEGLER D, MARSALEK A. Efficient revocable attribute-based encryption with hidden policies［C］// Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications. 2020:1638-1645.
［29］WANG H J, DONG X L, CAO Z F. Multi-value-independent ciphertext-policy attribute based encryption with fast keyword search［J］. IEEE Transactions on Services Computing, 2020,13(6):1142-1151.
［30］ZHANG M Y, ZHOU J L, ZHANG G X, et al. Scalable and updatable attribute-based privacy protection scheme for big data publishing［C］// Proceedings of the 2020 IEEE Global Communications Conference. 2020. DOI: 10.1109/GLOBECOM42002.2020.9322458.

[1]	ZHU Ke1, XUAN Jiaxing2, XUE Wenhao2. An Electronic License Access Control Method Based on Aggregation and Association of Smart Contracts [J]. Computer and Modernization, 2024, 0(06): 103-108.
[2]	HAN Kun, WANG Zheng, DUAN Jun-yong, YANG Hua-lin. Overview of Data Processing Techniques for MIoT Based on Fog Computing [J]. Computer and Modernization, 2024, 0(01): 13-20.
[3]	Gulbostan Akim, Nurmamat Helil. ABAC Decision Recycling with Dynamic Policy Change [J]. Computer and Modernization, 2022, 0(10): 47-54.
[4]	LI Wen-quan, XU Su-ping. Tourism Resource Information Database System Based on Geographic Information [J]. Computer and Modernization, 2021, 0(08): 100-103.
[5]	LIU Xue-zhen, CUI Yan, DENG Xiao-fei, PENG Jie. An Efficient Attribute Revocation Scheme of Supporting Rights Management [J]. Computer and Modernization, 2021, 0(07): 95-101.
[6]	ZHAO Wei, QIN Li-han, YUN Chen-chao. Cross Platform Access Control of Technology Achievement Data Based on Portal Authentication Technology#br# [J]. Computer and Modernization, 2021, 0(07): 102-106.
[7]	SUN Guang-cheng, LI Hong-zhe, LI Sai-fei, ZHANG Xiao-wei. Internet of Things Access Control System Based on Blockchain [J]. Computer and Modernization, 2020, 0(11): 100-108.
[8]	CAO Yong-ming. A Fuzzy Keyword Search Encryption Scheme Without Secure Channel [J]. Computer and Modernization, 2020, 0(04): 42-.
[9]	ZHANG Xi, WANG Jian. A Public Integrity Auditing Scheme Based on Blind Signature for Shared Data in Cloud [J]. Computer and Modernization, 2020, 0(04): 60-.
[10]	QIN Lu-lu, ZHOU Li-jing, WANG Min. A Conditional Proxy Re-encryption Supporting Multi-keyword Search [J]. Computer and Modernization, 2020, 0(01): 100-.
[11]	MIAO Si-wei1， YU Wen-hao1， YAO Feng2， GAO Jing3. Security Analysis for PLC Access Control [J]. Computer and Modernization, 2019, 0(09): 41-.
[12]	YANG Yang, CAO Yan. Adaptive Access Control Model Based on Hazardous Events [J]. Computer and Modernization, 2019, 0(08): 98-.
[13]	ZHANG Peng, ZHOU Liang. Trust-based Dynamic Multi-level Access Control Model [J]. Computer and Modernization, 2019, 0(07): 116-.
[14]	FANG Zhou, CHENG Qing, PEI Xu-bin . Data Security Protection of Electricity Marketing Information System [J]. Computer and Modernization, 2019, 0(03): 111-.
[15]	CHEN Cheng, Nurmamat HELIL. Hidden Attribute Outsourced Decryption Access Control Scheme Based on CP-ABE [J]. Computer and Modernization, 2018, 0(05): 74-.