Flexible Data Access Control Research Articles

Data Access Control in Cloud Computing: Flexible and Receiver Extendable

Broadcast encryption provides a promising technique of data access control for specified users in cloud computing. A data uploader can generate a ciphertext for a set of chosen users such that only the intended users are able to access the data. However, with the rapidly increasing of collaboration between users, it is desired to extend the receiver set to grant decryption right for more users. The existing broadcast encryption systems cannot support receiver extension. In this article, we for the first time take this problem into consideration and give a solution. We take the merits of identity-based cryptosystem and propose a notion of EIBBE: a flexible data access control with receiver extendable for cloud computing based on broadcast encryption. It allows the authorized user to extend the receiver set <inline-formula><tex-math notation="LaTeX">$S$</tex-math></inline-formula> stated in the IBBE ciphertext by adding a new receiver set <inline-formula><tex-math notation="LaTeX">$S^{\prime }$</tex-math></inline-formula> without re-encryption. Both the users in <inline-formula><tex-math notation="LaTeX">$S$</tex-math></inline-formula> and <inline-formula><tex-math notation="LaTeX">$S^{\prime }$</tex-math></inline-formula> can access the data successfully. Moreover, the data uploader determines the maximum number of extended receivers. We then give a concrete construction of EIBBE and provide a rigorous security analysis of our proposed scheme. Finally, we demonstrate the scheme's efficiency and feasibility.

Authorized Attribute-Based Encryption Multi-Keywords Search with Policy Updating

Attribute-based encryption is cryptographic techniques that provide flexible data access control to encrypted data content in cloud storage. Each trusted authority needs proper management and distribution of secret keys to the user’s to only authorized user’s attributes. However existing schemes cannot be applied multiple authority that supports only a single keywords search compare to multi keywords search high computational burden or inefficient attribute’s revocation. In this paper, a ciphertext policy attribute-based encryption (CP-ABE) scheme has been proposed which focuses on multi-keyword search and attribute revocation by new policy updating feathers under multiple authorities and central authority. The data owner encrypts the keywords index under the initial access policy. Moreover, this paper addresses further issues such as data access, search policy, and confidentiality against unauthorized users. Finally, we provide the correctness analysis, performance analysis and security proof for chosen keywords attack and search trapdoor in general group model using DBDH and DLIN assumption.

Toward Delay-Tolerant Flexible Data Access Control for Smart Grid With Renewable Energy Resources

In the smart grid with renewable energy resources (RERs), the residential units (RUs) with distributed energy resources are considered to be both power consumers and suppliers. Specifically, RUs with excessive renewable generations can trade with the utility in deficit of power supplies for mutual benefits. It causes two challenging issues. First, the trading data of RUs are quite sensitive, which should be only accessed by authorized users with fine-grained policies. Second, the behaviors of the RUs to generate trading data are spontaneous and unpredictable, and then the problem is how to guarantee system efficiency and delay tolerance simultaneously. In this paper, we propose a delay-tolerant flexible data access control scheme based on key policy attribute-based encryption for smart grid with RERs. We adopt the secret-sharing scheme to realize a flexible access control with encryption delay tolerance. Furthermore, there is no central trusted server to perform the encryption/decryption. We reduce the computation cost on RUs and operators via a semitrusted model. The analysis shows that the proposed scheme can meet the data security requirement of the smart grid with RERs, and it also has less cost compared with other popular models.

Flexible data access control in D2D communications

Device-to-Device (D2D) communications have been regarded as an advanced technology for the next generation mobile communication networks and wireless systems (5G). It is essential to secure D2D communication data for resisting malicious attacks. However, secure D2D communications among mobile devices have not been well solved. By paying attention to the important role of trust in securing D2D communications, in this paper, we propose a scheme using either a General Trust (GT) level issued by a core network or a Local Trust (LT) level evaluated by a device or both to control D2D communication data access by applying Attribute-Based Encryption (ABE). This scheme realizes secure data communications among mobile devices under the legacy system model of Long-Term Evolution (LTE). Performance analysis and evaluation demonstrate that the proposed scheme is effective with regard to security, computation complexity, communication cost, flexibility and scalability.

Flexible Data Access Control Based on Trust and Reputation in Cloud Computing

Cloud computing offers a new way of services and has become a popular service platform. Storing user data at a cloud data center greatly releases storage burden of user devices and brings access convenience. Due to distrust in cloud service providers, users generally store their crucial data in an encrypted form. But in many cases, the data need to be accessed by other entities for fulfilling an expected service, e.g., an eHealth service. How to control personal data access at cloud is a critical issue. Various application scenarios request flexible control on cloud data access based on data owner policies and application demands. Either data owners or some trusted third parties or both should flexibly participate in this control. However, existing work hasn't yet investigated an effective and flexible solution to satisfy this demand. On the other hand, trust plays an important role in data sharing. It helps overcoming uncertainty and avoiding potential risks. But literature still lacks a practical solution to control cloud data access based on trust and reputation. In this paper, we propose a scheme to control data access in cloud computing based on trust evaluated by the data owner and/or reputations generated by a number of reputation centers in a flexible manner by applying Attribue-Based Encryption and Proxy Re-Encryption. We integrate the concept of context-aware trust and reputation evaluation into a cryptographic system in order to support various control scenarios and strategies. The security and performance of our scheme are evaluated and justified through extensive analysis, security proof, comparison and implementation. The results show the efficiency, flexibility and effectiveness of our scheme for data access control in cloud computing.

From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services

This paper addresses how to construct an RBAC-compatible secure cloud storage service with a user-friendly and easy-to-manage attribute-based access control (ABAC) mechanism. Similar to role hierarchies in RBAC, attribute hierarchies (considered as partial ordering relations) are introduced into attribute-based encryption (ABE) in order to define a seniority relation among all values of an attribute, whereby a user holding senior attribute values acquires permissions of his/her juniors. Based on these notations, we present a new ABE scheme called attribute-based encryption with attribute hierarchies (ABE-AH) to provide an efficient approach to implement comparison operations between attribute values on a poset derived from an attribute lattice. By using bilinear groups of a composite order, we present a practical construction of ABE-AH based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation approach that can significantly reduce the size of private-keys and ciphertexts. To demonstrate how to use the presented solution, we illustrate how to provide richer expressive access policies to facilitate flexible access control for data access services in clouds.