Abstract
In this work, we construct a key access management scheme that seamlessly transitions any hierarchical-like access policy to the digital medium. The proposed scheme allows any public cloud system to be used as a private cloud. We consider the data owner an entity consisting of several organization units. We provide a secure method for each user of this entity to access the public cloud from both inside and outside the company's network. The idea of our key access control scheme, which is based on Shamir's secret sharing algorithm and polynomial interpolation method, is suitable especially for hierarchical organizational structures. It offers a secure, flexible, and hierarchical key access mechanism for organizations utilizing mission-critical data. It also minimizes concerns about moving mission-critical data to the public cloud and ensures that only users with sufficient approvals from the same or higher privileged users can access the key by making use of the topological ordering of a directed graph, including self-loop. Main overheads such as public and private storage needs are reduced to a tolerable level, and the key derivation is computationally efficient. From a security perspective, our scheme is both resistant to collaboration attacks and provides key indistinguishability security. Since the key does not need to be held anywhere, the problem of a data breach based on key disclosure risk is also eliminated.
Highlights
D IGITIZING several services increases demands on storage systems, large-scale computations, and hosting
Communication as a service (CaaS), compute as a service (CompaaS), data storage as a service (DSaaS) are defined in [4], and in this work, we focus on the DSaaS model
In accordance with the organization’s security level policy, securing access the data uploaded to the public cloud both from inside and outside the company, guaranteeing hierarchical access control mechanism on the basis of organizational unit, not sharing secret keys with any user but only through a secure channel, and the lack of the need to hold the key anywhere are the main features of the proposed scheme
Summary
D IGITIZING several services increases demands on storage systems, large-scale computations, and hosting. The proposed method provides a secure scheme so that any public cloud infrastructure can be used by organizations requiring a higher level of security. Compliance, security, and privacy requirements can create an issue since the infrastructure is managed and owned by a cloud storage provider that is located off-premise. The group structure for the organizational unit OU1 is similar to hierarchical and the proposed key access control scheme is adapted . G1 only needs approvals from users in G1 In this way, the data owner can flexibly determine distinct relations according to its own security policy.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
