Abstract
Cloud storage services have become ubiquitous. A large number of individuals and organizations are using them to store and share data, taking the benefits of mobility and affordability offered by these services. However, secure management of data in cloud storage services, more specifically supporting multi-party sharing in the context of a collaboration, is a challenging problem. The problem is further exacerbated if the data owner does not have any trust on the cloud storage providers and the data need regular updates from collaborating parties. A number of cryptographically enforced secure cloud storage solutions have been proposed to address this problem. One of the key issues with these solutions is the revocation of access to data for invalid users without moving the data (in the era of big data) and relying on the cloud service providers. In this paper, we introduce a cloud storage system that offers cryptographically enforced security. In contrast to other cryptographically protected cloud storage systems, our system supports a fine-grained access control mechanism and allows flexible revocations of invalid users without moving the data and relying on the cloud service providers. Our system employs an attribute-based encryption technique to support a complex access structure that allows a user to define human readable access policies to the data in the cloud storage. In addition, our system supports a flexible revocation scheme that can revoke invalid users directly by updating the revoked users’ list or indirectly by updating an epoch counter. The system administrator can choose one of these options flexibly depending on the needs. Our system also allows authorized users to update the encrypted data, and any users accessing such updated data in future can verify whether the data are modified by authorized users.
Highlights
Cloud storage services are widely used by individuals and organizations due to the inherent benefits offered by them; for example, affordability, availability, mobility
Users must rely on the service-level agreement (SLA) to entrust cloud service providers to provide a level of protection to their data
Administrator can be one of the users, but it performs a number of maintenance activities for the data stored in the cloud storage as follows: Key generation and distribution To set up the system, the administrator generates public and private keys using the NM-CP-attribute-based encryption (ABE) scheme, and signing and verification keys using the signature scheme discussed earlier
Summary
Cloud storage services are widely used by individuals and organizations due to the inherent benefits offered by them; for example, affordability, availability, mobility. A number of solutions have been proposed [28, 40, 43] using the above-explained cryptographic method to protect user’s data from an untrusted cloud storage These simple solutions do not support multi-party collaboration between organizations and individuals without a help from a trusted third party. To address this shortcoming, attribute-based encryption (ABE) [14, 34] techniques are often utilized in data storage [8, 29, 39, 41, 44] to support a more fine-grained access control mechanism. The access control policies can be enforced without any help from the cloud storage services, and the data file is cryptographically protected. The final section concludes the paper by providing potential future works
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
