PAbAC: A Privacy Preserving Attribute based Framework for Fine Grained Access Control in Clouds

Sana Belguith, Nesrine Kaaniche, Abderrazak Jemai, Maryline Laurent, Rabah Attia

2016

Abstract

Several existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. Moreover, to keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired. In addition, access control policies as well as users’ access patterns are also considered as sensitive information that should be protected from the cloud. In this paper, we propose PAbAC, a novel privacy preserving Attribute-based framework, that combines attribute-based encryption and attribute-based signature mechanisms for securely sharing outsourced data via the public cloud. Our proposal is multifold. First, it ensures fine-grained cryptographic access control enforced at the data owner’s side, while providing the desired expressiveness of the access control policies. Second, PAbAC preserves users’ privacy, while hiding any identifying information used to satisfy the access control. Third, PAbAC is proven to be highly scalable and efficient for sharing outsourced data in remote servers, at both the client and the cloud provider side.

References

  1. Beimel, A. (1996). Secure schemes for secret sharing and key distribution. PhD thesis, Technion-Israel Institute of technology, Faculty of computer science.
  2. Benaloh, J., Chase, M., Horvitz, E., and Lauter, K. (2009). Patient controlled encryption: ensuring privacy of electronic medical records. In The 2009 ACM workshop on Cloud computing security, pages 103-114. ACM.
  3. Bethencourt, J., Sahai, A., and Waters, B. (2007). Ciphertext-policy attribute-based encryption. In IEEE Symposium on Security and Privacy, 2007., pages 321-334.
  4. Bobba, R., Fatemieh, O., Khan, F., Gunter, C., Khurana, H., et al. (2006). Using attribute-based access control to enable attribute-based messaging. In The 22nd Annual Computer Security Applications Conference, pages 403-413. IEEE.
  5. Chaum, D. and Van Heyst, E. (1991). Group signatures. In Advances in CryptologyEUROCRYPT91, pages 257- 265. Springer.
  6. Di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., and Samarati, P. (2010a). Encryptionbased policy enforcement for cloud storage. In Distributed Computing Systems Workshops (ICDCSW), 2010 IEEE 30th International Conference on, pages 42-51. IEEE.
  7. Di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2007). Over-encryption: management of access control evolution on outsourced data. In Proceedings of the 33rd international conference on Very large data bases, pages 123-134. VLDB endowment.
  8. Di Vimercati, S. D. C., Foresti, S., Livraga, G., and Samarati, P. (2015). Selective and private access to outsourced data centers. In Handbook on Data Centers, pages 997-1027. Springer.
  9. Di Vimercati, S. D. C. D., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2010b). Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems (TODS), 35(2):12.
  10. El Kaafarani, A., Chen, L., Ghadafi, E., and Davenport, J. (2014a). Attribute-based signatures with usercontrolled linkability. In Cryptology and Network Security, pages 256-269. Springer.
  11. El Kaafarani, A., Ghadafi, E., and Khader, D. (2014b). Decentralized traceable attribute-based signatures. In Topics in Cryptology-CT-RSA 2014, pages 327-348. Springer.
  12. Frikken, K. B., Li, J., and Atallah, M. J. (2006). Trust negotiation with hidden credentials, hidden policies, and policy cycles. In NDSS. Citeseer.
  13. Ghadafi, E. (2015). Stronger security notions for decentralized traceable attribute-based signatures and more efficient constructions. InTopics in Cryptology-CTRSA 2015, pages 391-409. Springer.
  14. Goyal, V., Pandey, O., Sahai, A., and Waters, B. (2006). Attribute-based encryption for fine-grained access control of encrypted data. In The 13th ACM conference on Computer and communications security, pages 89-98.
  15. Horváth, M. (2015). Attribute-based encryption optimized for cloud computing. In SOFSEM 2015: Theory and Practice of Computer Science, pages 566-577. Springer.
  16. Horwitz, J. and Lynn, B. (2002). Toward hierarchical identity-based encryption. In Advances in CryptologyEUROCRYPT 2002, pages 466-481. Springer.
  17. Hur, J. and Noh, D. K. (2011). Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems, 22(7):1214-1221.
  18. Jahid, S., Mittal, P., and Borisov, N. (2011). Easier: Encryption-based access control in social networks with efficient revocation. InThe 6th ACM Symposium on Information, Computer and Communications Security, pages 411-415. ACM.
  19. Kaaniche, N., Boudguiga, A., and Laurent, M. (2013). Id based cryptography for cloud data storage. In 2013 IEEE Sixth International Conference on Cloud Computing, pages 375-382. IEEE.
  20. Kaaniche, N., Laurent, M., and El Barbori, M. (2014). Cloudasec: A novel publickey based framework to handle data sharing security in clouds. In 11th IEEE International Conference on Security and Cryptography(Secrypt).
  21. Karchmer, M. and Wigderson, A. (1993). On span programs. In Structure in Complexity Theory Conference, pages 102-111.
  22. Lewko, A. and Waters, B. (2011). Decentralizing attributebased encryption. In Advances in CryptologyEUROCRYPT 2011, pages 568-588. Springer.
  23. Maji, H. K., Prabhakaran, M., and Rosulek, M. (2011). Attribute-based signatures. In Topics in CryptologyCT-RSA 2011, pages 376-392. Springer.
  24. Okamoto, T. and Takashima, K. (2013). Decentralized attribute-based signatures. In Public-Key Cryptography-PKC 2013, pages 125-142. Springer.
  25. Raykova, M., Zhao, H., and Bellovin, S. (2012). Privacy enhanced access control for outsourced data sharing. In Financial Cryptography and Data Security, volume 7397, pages 223-238.
  26. Rivest, R. L., Shamir, A., and Tauman, Y. (2001). How to leak a secret. In Advances in CryptologyASIACRYPT 2001, pages 552-565. Springer.
  27. Ruj, S., Nayak, A., and Stojmenovic, I. (2011). Dacc: Distributed access control in clouds. In IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 91-98.
  28. Ruj, S., Stojmenovic, M., and Nayak, A. (2012). Privacy preserving access control with authentication for securing data in clouds. In The 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), 2012, pages 556-563. IEEE.
  29. Ruj, S., Stojmenovic, M., and Nayak, A. (2014). Decentralized access control with anonymous authentication of data stored in clouds. IEEE Transactions on Parallel and Distributed Systems, 25(2):384-394.
  30. Sahai, A. and Waters, B. (2005). Fuzzy identity-based encryption. In EUROCRYPT 2005, pages 457-473. Springer.
  31. Wan, Z., Liu, J. E., and Deng, R. H. (2012). Hasbe: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Transactions on Information Forensics and Security, 7(2):743-754.
  32. Wang, G., Liu, Q., and Wu, J. (2010). Hierarchical attributebased encryption for fine-grained access control in cloud storage services. In The 17th ACM conference on Computer and communications security, pages 735-737. ACM.
  33. Wang, W., Li, Z., Owens, R., and Bhargava, B. (2009). Secure and efficient access to outsourced data. In The 2009 ACM workshop on Cloud computing security, pages 55-66. ACM.
  34. Waters, B. (2005). Efficient identity-based encryption without random oracles. In Advances in CryptologyEUROCRYPT 2005, pages 114-127. Springer.
  35. Yu, S., Wang, C., Ren, K., and Lou, W. (2010a). Achieving secure, scalable, and fine-grained data access control in cloud computing. In INFOCOM IEEE Proceedings 2010, pages 1-9.
  36. Yu, S., Wang, C., Ren, K., and Lou, W. (2010b). Attribute based data sharing with attribute revocation. In The 5th ACM Symposium on Information, Computer and Communications Security, pages 261-270.
  37. Zhao, F., Nishide, T., and Sakurai, K. (2011). Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems. In Information Security Practice and Experience, pages 83-97. Springer.
  38. Zunnurhain, K. (2012). Fapa: a model to prevent flooding attacks in clouds. In The 50th Annual Southeast Regional Conference, pages 395-396. ACM.
Download


Paper Citation


in Harvard Style

Belguith S., Kaaniche N., Jemai A., Laurent M. and Attia R. (2016). PAbAC: A Privacy Preserving Attribute based Framework for Fine Grained Access Control in Clouds . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 133-146. DOI: 10.5220/0005968201330146


in Bibtex Style

@conference{secrypt16,
author={Sana Belguith and Nesrine Kaaniche and Abderrazak Jemai and Maryline Laurent and Rabah Attia},
title={PAbAC: A Privacy Preserving Attribute based Framework for Fine Grained Access Control in Clouds},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={133-146},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005968201330146},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - PAbAC: A Privacy Preserving Attribute based Framework for Fine Grained Access Control in Clouds
SN - 978-989-758-196-0
AU - Belguith S.
AU - Kaaniche N.
AU - Jemai A.
AU - Laurent M.
AU - Attia R.
PY - 2016
SP - 133
EP - 146
DO - 10.5220/0005968201330146