Fine-grained Access Control System Research Articles

Blockchain Based Multi-Authority Fine-Grained Access Control System With Flexible Revocation

Traditional data sharing systems are facing new challenges when implementing access control with more and more complex data sharing requirements. Flexibility of user revocation in completely decentralized environments needs to be taken into account. In this article, we propose a Key-Policy Attribute-Based Encryption scheme with Multiple and Flexible Revocation (MAFR-KP-ABE) to achieve the features of decentralized authorization and flexible revocation. We prove the security of our MAFR-KP-ABE scheme in the standard model and provide the comparison with relevant schemes to demonstrate its efficiency. Then we propose a fine-grained access control system based on MAFR-KP-ABE scheme and blockchain that matches the need of paid data sharing services with several security properties enhanced. Security analysis and system implementation are given subsequently to demonstrate our system efficient and secure.

Attribute-Based Encryption in Securing Big Data from Post-Quantum Perspective: A Survey

Attribute-based encryption (ABE) cryptography is widely known for its potential to solve the scalability issue of recent public key infrastructure (PKI). It provides a fine-grained access control system with high flexibility and efficiency by labeling the secret key and ciphertext with distinctive attributes. Due to its fine-grained features, the ABE scheme is a protection layer in securing users’ data and privacy in big data processing and analytics. However, quantum computing, new technology on the horizon that will transform the security and privacy environment, has begun to appear. Like the conventional ABE schemes, present cryptography is not excluded from the impacts of quantum technology as they are not made to be quantum-resistant. While most recent surveys generally touched on the generic features of attribute-based encryption schemes such as user revocation, scalability, flexibility, data confidentiality, and scope in pairing-based ABE schemes, this survey investigated quantum-resistant ABE schemes in securing big data. This survey reviews the challenges faced by the recent ABE cryptography in the post-quantum era and highlights its differences from the conventional pairing-based ABE schemes. Subsequently, we defined the criteria of an ideal quantum-resistant ABE scheme. Additionally, existing works on quantum-resistant ABE schemes are reviewed based on their algorithms design, security and functionalities. Lastly, we summarized quantum-resistant ABE schemes’ ongoing challenges and future works.

An Efficient Access Control Scheme With Outsourcing and Attribute Revocation for Fog-Enabled E-Health

Fog computing is increasingly popular partly due to its capability to minimize data transfer and latency requirements, for example by moving some of the computational operations away from the cloud servers and closer to the users. To achieve fine-grained access control in fog-enabled application scenarios to guarantee data security and user privacy, one could use ciphertext-policy attribute-based encryption (CP-ABE). However, the lack of an effective mechanism to carry out access right revocation in conventional CP-ABE schemes limits the deployment of such schemes in practice. Thus, we propose an efficient CP-ABE scheme with attribute revocation capability, designed to construct a fine-grained access control system in fog-enabled E-health (referred to as AC-FEH). In our AC-FEH system, fog nodes undertake data encryption and decryption operations; thus, computational costs for data owners and users are minimized. In comparison to several other competing access control schemes based on CP-ABE, our AC-FEH system reduces the computational costs associated with encryption and decryption. We also prove the selective security of the underlying CP-ABE scheme under the intractability assumption of the $q$ -parallel BDHE problem.

Integrity Checking in Cloud Storage and Policy Based User Revocation using Attribute Based Encryption

Applications that range over various mists are frequently observed to be powerless against security dangers. Such profoundly heterogeneous situations need a fine-grained access control system like Attribute-based Access Control for upholding security. One of the most encouraging applications in distributed computing is online information sharing. Step by step instructions to share client information securely and productively has turned out to be one of the most testing issues in distributed computing. Be that as it may, this postures new provokes identified with making secure and solid information stockpiling over questionable specialist co-ops. The principle objective of distributed computing is the means by which to verify, secure the information and procedure. In this study, we find the issue of guaranteeing the respectability of data in cloud computing. Specifically, we consider techniques for decreasing the weight of producing a consistent measure of metadata at the customer side. Ascribe division chooses whether to momentarily disavow client approval as indicated by property subset. Furthermore, we propose another model called Policy-based Attribute Based Access Control (Pa-ABAC) utilizing half breed property based encryption. Our goal is to officially determine the conduct of various components of the proposed model in a cloud domain. This is imperative to build up a substantial security arrangement for a cloud situation free from determination mistakes and irregularities.

Towards a Fine-Grained Access Control Mechanism for Privacy Protection and Policy Conflict Resolution

Access control is a security technique that specifies access rights to resources in a computing environment. As information systems nowadays become more complex, it plays an important role in authenticating and authorizing users and preventing an attacker from targeting sensitive information. However, no proper consideration has been fully investigated so far in privacy protection. While many studies have acknowledged this issue, recent studies have not provided a fine-grained access control system for data privacy protection. As the data set becomes larger, we have to confront more privacy challenges. For example, the access control mechanism must be able to guarantee fine-grained access control, privacy protection, conflicts and redundancies between rules of the same policy or between different policies. In this paper, we propose a comprehensive framework for enforcing attribute-based security policies stored in the JSON document together with the feature of data privacy protection and incorporates a policy structure based on the prioritization of functions to resolve conflicts at a fine-grained level called “Privacy aware access control model for policy conflict resolution”. We also use Polish notation for modeling condi-tional expressions which are the combination of subject, action, resource, and environment attributes so that privacy policies are flexible, dynamic and fine-grained. Experiments are carried out to two aspects (i) illustrate the relationship between the processing time for access decision and the complexity of policies;(ii) illustrate the relationship between the processing time for the traditional approach (single policy, multi-policy without priority) and our approach (multi-policy with priority). Experimental results show that the evaluation performance satisfies the privacy requirements defined by the user.

BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0

To be prepared for the ‘Industry 4.0’-era, we propose a hierarchical framework comprising four tangible layers, which is designed to vertically integrate inter-organizational value networks, engineering value chain, manufacturing factories, etc. The conceptual framework allows us to efficiently implement a flexible and reconfigurable smart factory. However, we need to consider security inherent in existing (stand-alone) devices and networks as well as those that may arise in such integrations. Especially the existing solutions are insufficient to address these fundamental security concerns. Thus, we present a blockchain-based system for secure mutual authentication, BSeIn, to enforce fine-grained access control polices. The proposed system (with integrated attribute signature, multi-receivers encryption and message authentication code) is designed to provide privacy and security guarantees such as anonymous authentication, auditability, and confidentiality. BSeIn also scales well due to the utilization of smart contract. We then evaluate the security and performance of BSeIn. For example, findings from the performance evaluation demonstrate that Initialization/Request Issuance/Chain Transaction/State Delivery/Permission Update phase only cost 12.123/4.810/6.978/0.013/2.559s, respectively.

Multi-authority fine-grained access control with accountability and its application in cloud

Attribute-based encryption (ABE) is one of critical primitives for the application of fine-grained access control. To reduce the trust assumption on the attribute authority and in the meanwhile enhancing the privacy of users and the security of the encryption scheme, the notion of multi-authority ABE with an anonymous key issuing protocol has been proposed. In an ABE scheme, it allows to encrypt data for a set of users satisfying some specified attribute policy and any leakage of a decryption key cannot be associated to a user. As a result, a misbehaving user could abuse the property of access anonymity by sharing its key other unauthorized users. On the other hand, the previous work mainly focus on the key-policy ABE, which cannot support ciphertext-policy access control. In this paper, we propose a privacy-aware multi-authority ciphertext-policy ABE scheme with accountability, which hides the attribute information in the ciphertext and allows to trace the dishonest user identity who shares the decryption key. The efficiency analysis demonstrates that the new scheme is efficient, and the computational overhead in the tracing algorithm is only proportional to the length of the identity. Finally, we also show how to apply it in cloud computing to achieve accountable fine-grained access control system.

Studying users’ adaptation to Android’s run-time fine-grained access control system

The advent of the sixth Android version brought a significant security and privacy advancement to its users. The platform’s security model has changed dramatically, allowing users to grant or deny access to resources when requested by applications during run-time. This improvement changed the traditional coarse-grained permission system and it was anticipated for a long time by privacy-aware users. In this paper, we present a pilot study that aims to analyze how Android users adapted to the run-time permission model. We gathered anonymous data from 52 participants, who downloaded an application we developed and answered questions related to the run-time permission model. Their answers suggest that most of them positively accepted the new model. We also collected data that describe users’ permission settings for each installed application on their devices. Our analysis shows that individuals make consistent choices regarding the resources they allow to various applications to access. In addition, the results of this pilot study showcase that on a second data collection round (occurred one month after the first phase of our experiments), 50% of the respondents did not change a single permission on their devices and only 2.26% of installed applications (on average) presented altered permission settings.

KSF-OABE: Outsourced Attribute-Based Encryption with Keyword Search Function for Cloud Storage

Cloud computing becomes increasingly popular for data owners to outsource their data to public cloud servers while allowing intended data users to retrieve these data stored in cloud. This kind of computing model brings challenges to the security and privacy of data stored in cloud. Attribute-based encryption (ABE) technology has been used to design fine-grained access control system, which provides one good method to solve the security issues in cloud setting. However, the computation cost and ciphertext size in most ABE schemes grow with the complexity of the access policy. Outsourced ABE (OABE) with fine-grained access control system can largely reduce the computation cost for users who want to access encrypted data stored in cloud by outsourcing the heavy computation to cloud service provider (CSP). However, as the amount of encrypted files stored in cloud is becoming very huge, which will hinder efficient query processing. To deal with above problem, we present a new cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and outsourcing decryption, which can implement keyword search function (KSF-OABE). The proposed KSF-OABE scheme is proved secure against chosen-plaintext attack (CPA). CSP performs partial decryption task delegated by data user without knowing anything about the plaintext. Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in trapdoor.

Fine-grained access control system based on fully outsourced attribute-based encryption

First fully outsourced attributed-based encryption scheme.Lightweight operations for the private key generator and users.Imperceptible communication cost for the private key generator and users.Rigorous theoretical and detailed experimental analyses of our proposal.Suitable for cloud applications on mobile devices. Attribute-based encryption (ABE) has potential to be applied in cloud computing applications to provide fine-grained access control over encrypted data. However, the computation cost of ABE is considerably expensive, because the pairing and exponentiation operations grow with the complexity of access formula. In this work, we propose a fully outsourced ciphertext-policy ABE scheme that for the first time achieves outsourced key generation, encryption and decryption simultaneously. In our scheme, heavy computations are outsourced to public cloud service providers, leaving no complex operations for the private key generator (PKG) and only one modular exponentiation for the sender or the receiver, and the communication cost of the PKG and users is optimized. Moreover, we give the security proof and implement our scheme in Charm, and the experimental results indicate that our scheme is efficient and practical.

Reinforce cloud computing access control with key policy attribute-based anonymous proxy reencryption

Cloud computing is an emerging paradigm that provide technology and computer resources as a service. However due to data outsourcing and untrusted cloud servers, the data privacy and data access control becomes a challenging issues in cloud computing. In this paper, we propose a fine-grained access control system using a combination of key-policy attribute-based encryption system and an anonymous proxy reencryption, this proposed scheme is an efficient model that enforcing access policies based on data attributes, allowing the delegation of computation implicated in fine-grained access control to untrusted cloud servers without disclosing the data content. Previous schemes that use (KP-ABE) and proxy reencryption, leave how to be secure against chosen-cipher-text attacks (CCAs) as an open problem. The new scheme supports attribute-based encryption with anonymous proxy re-encryption. Our scheme is CCA secure, and secret key security is guaranteed, which is not provided by the current work.

Reinforce cloud computing access control with key policy attribute-based anonymous proxy reencryption

Cloud computing is an emerging paradigm that provide technology and computer resources as a service. However due to data outsourcing and untrusted cloud servers, the data privacy and data access control becomes a challenging issues in cloud computing. In this paper, we propose a fine-grained access control system using a combination of key-policy attribute-based encryption system and an anonymous proxy reencryption, this proposed scheme is an efficient model that enforcing access policies based on data attributes, allowing the delegation of computation implicated in fine-grained access control to untrusted cloud servers without disclosing the data content. Previous schemes that use (KP-ABE) and proxy reencryption, leave how to be secure against chosen-cipher-text attacks (CCAs) as an open problem. The new scheme supports attribute-based encryption with anonymous proxy re-encryption. Our scheme is CCA secure, and secret key security is guaranteed, which is not provided by the current work.

A Fine-Grained Data Access Control System in Wireless Sensor Network

The evolving realities of Wireless Sensor Network (WSN) deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE) to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.

New access control systems based on outsourced attribute-based encryption1

As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Towards Efficient, Secure, and Fine-Grained Access Control System in MSNs with Flexible Revocations

With the pervasiveness of mobile communications, MSNs have become a promising networking paradigm for users to share contents with others through mobile devices. This convenience comes at the cost of some serious security and privacy issues. In this work, we propose a novel privacy-preserving scheme for MSNs, which can efficiently solve some of the most serious security and privacy issues such as data confidentiality, fine-grained access control, and flexible revocation. In particular, we leverage the attribute based encryption technique to realize fine-grained access control over encrypted data. Moreover, we enhance this technique and design a flexible and fine-grained revocation mechanism which enables not only efficient user revocation but also efficient attribute revocation. As we show, our system can achieve both forward secrecy and backward secrecy using such mechanism. We compare our scheme with other related works and show that not only most of the previous works suffer from larger size of encrypted data but also their decryption time grows linearly with the complexity of access policies. In comparison, our scheme achieves higher efficiency and smaller computation time while consuming lesser storage space. We provide extensive analysis and performance evaluation to demonstrate the security, scalability, and efficiency of our proposed framework.

LotusNet: Tunable privacy for distributed online social network services

The evolution of the role of online social networks in the Web has led to a collision between private, public and commercial spheres that have been inevitably connected together in social networking services since their beginning. The growing awareness on the opaque data management operated by many providers reveals that a privacy-aware service that protects user information from privacy leaks would be very attractive for a consistent portion of users. In order to meet this need we propose LotusNet, a framework for the development of social network services relying on a peer-to-peer paradigm which supports strong user authentication. We tackle the trade-off problem between security, privacy and services in distributed social networks by providing the users the possibility to tune their privacy settings through a very flexible and fine-grained access control system. Moreover, our architecture is provided with a powerful suite of high-level services that greatly facilitates custom application development and mash up.

A Fine-Grained Access Control System Combining MAC and RBACK Models for XML

In this paper, we present a novel fine-grained access control system for applications where the information flow is critical; the confidentiality of the data is essential and there are a huge numbe...

A Fine-Grained Access Control System Combining MAC and RBACK Models for XML

In this paper, we present a novel fine-grained access control system for applications where the information flow is critical; the confidentiality of the data is essential and there are a huge number of users who access different portions of an XML document as in military applications. We combine MAC and RBACK models for XML for use in the mentioned type of applications. In accordance with the peculiarities of the target applications, the access control model is structured in such a way that the implementation can be done efficiently for large number of users. In the system presented, instead of using access control lists, we use a security labeling approach in defining the grant rules. By combining the advantages of role-based and mandatory access control schemes, the access control system presented provides a fine-grained, flexible and effective access for applications where the confidentiality of data is crucial. The system is implemented and tested for correctness. Performance analysis is also given.

Fine-Grained Access Control of PDM and CAPP

With the development of Information Technolo gy, distributed integrated system of PDM and CAPP has being focused on by many researchers. To enhance the security access control ability of the integrated PDM and CAPP system, an operational model based on attribute certificate with roles was made. It can prevent unknown entity from accessing to the product data in the integrated system. The function framework of security access control system was analyzed in detail. The function of fine-grained access control system was presented.

A fine-grained access control system for XML documents

Web-based applications greatly increase information availability and ease of access, which is optimal for public information. The distribution and sharing of information via the Web that must be accessed in a selective way, such as electronic commerce transactions, require the definition and enforcement of security controls, ensuring that information will be accessible only to authorized entities. Different approaches have been proposed that address the problem of protecting information in a Web system. However, these approaches typically operate at the file-system level, independently of the data that have to be protected from unauthorized accesses. Part of this problem is due to the limitations of HTML, historically used to design Web documents. The extensible markup language (XML), a markup language promoted by the World Wide Web Consortium (W3C), is de facto the standard language for the exchange of information on the Internet and represents an important opportunity to provide fine-grained access control. We present an access control model to protect information distributed on the Web that, by exploiting XML's own capabilities, allows the definition and enforcement of access restrictions directly on the structure and content of the documents. We present a language for the specification of access restrictions, which uses standard notations and concepts, together with a description of a system architecture for access control enforcement based on existing technology. The result is a flexible and powerful security system offering a simple integration with current solutions.