Skip to main content
SpringerLink
Log in

A pairing-based cryptographic approach for data security in the cloud

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

This paper presents AES4SeC, a security scheme fully constructed over cryptographic pairings. The main building blocks of AES4SeC are attribute-based encryption (ABE) and short signatures (SSign), with generalized constructions for the Type 3 pairing. AES4SeC was developed as an end-to-end storage service for hybrid cloud models and integrated to a file-sharing application for scenarios where data owners upload content to the cloud and selectively decide who is able to access that content. An experimental evaluation of AES4SeC was conducted by testing different security levels, recommended key sizes, and cryptographic engine constructions. This led to a wide experimental evaluation in terms of the running times of the primitive operations (encrypt, decrypt, sign, verify) and the space complexity of the ciphertexts, private and public keys, and the signatures. The implementation results revealed the feasibility and flexibility of AES4SeC in real scenarios, whereas a fine-tuning evaluation revealed that the best results in terms of performance and memory requirements are obtained using Type 3 pairings over type F elliptic curves. This is a relevant result because most of the ABE and SSign schemes in the literature are provided for the Type 1 pairing (symmetric) over type A curves, which exhibited poorer results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. http://www.keylength.com/en.

  2. A cloud storage path can be placed in public, hybrid, or private cloud sites

References

  1. Alpar, G.: Attribute-based identity management. PhD thesis (2015)

  2. Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management-part 1: general(Revision 4). NIST Spec. Publ. 800–57, 1–156 (2015)

    Google Scholar 

  3. Barreto, PSLM., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: 12th International Conference on Selected Areas in Cryptography, Springer-Verlag, SAC’05, pp. 319–331 (2006)

  4. Bartoletti, D., Nelson, LE., Cser, A., Rymer, JR., Kindness, A., Martorelli, W.: Predictions 2016: The cloud accelerates. In: Forrester Research Technical Report, Forrester Inc, (2015) https://www.forrester.com/report/Predictions+2016+The+Cloud+Accelerates/-/E-RES125317

  5. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society, SP ’07, pp. 321–334 (2007)

  6. Bobba, R., Khurana, H., Prabhakaran, M.: Attribute-sets: a practically motivated enhancement to attribute-based encryption. In: 14th European Symposium on Research in Computer Security, pp. 587–604. Saint-Malo, France (2009)

  7. Boneh, D.: Pairing-based cryptography: past, present, and future. In: Advances in Cryptology ASIACRYPT 2012, Springer Berlin Heidelberg, vol. 7658, pp. 1–1 (2012)

  8. Boneh, D., Boyen, X.: Short signatures without random oracles. In: International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, pp. 56–73 (2004)

  9. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian J (ed) Advances in Cryptology CRYPTO 2001, Springer Berlin Heidelberg, vol. 2139, pp. 213–229 (2001)

  10. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Advances in Cryptology, Springer-Verlag, London, UK, ASIACRYPT ’01, pp. 514–532 (2001)

  11. Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014)

    Article  Google Scholar 

  12. Braun, J., Volk, F., Buchmann, J., Mhlhuser, M.: Trust views for the web PKI. Public key infrastructures, services and applications, pp. 134–151. Springer, Berlin Heidelberg (2014)

    Book  Google Scholar 

  13. Chen, C., Chen, J., Lim, HW., Zhang, Z., Feng, D.: Combined public-key schemes: the case of ABE and ABS. In: 6th International Conference on Provable Security, Springer-Verlag, Chengdu, China, ProvSec’12, pp. 53–69 (2012)

  14. De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 IEEE Symposium on Computers and Communications (ISCC), pp. 850–855 (2011)

  15. Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  16. Escofier, J.P.: Galois Theory, Graduate Texts in Mathematics, vol. 204. Springer, New York (2001)

    Google Scholar 

  17. European Network of Excellence in Cryptology II.: ECRYPT II yearly report on algorithms and keysizes. ECRYPT-II project (2012)

  18. European Union Agency for Network and Information Security Algorithms, key size and parameters report (2014)

  19. Gonzalez, J., Carretero Perez, J., Sosa-Sosa, V.J., Sanchez, L.M., Bergua, B.: SkyCDS: a resilient content delivery service based on diversified cloud storage. Simul. Model. Pract. Theory 54, 64–85 (2015)

    Article  Google Scholar 

  20. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM Conference on Computer and Communications Security, ACM, CCS ’06, pp. 89–98 (2006)

  21. Guadie Worku, S., Xu, C., Zhao, J., He, X.: Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput. Electr. Eng. 40(5), 1703–1713 (2014)

    Article  Google Scholar 

  22. Guillevic, A.: KimBarbulescu variant of the number field sieve to compute discrete logarithms in finite fields. (2016) https://ellipticnews.wordpress.com/2016/05/02/kim-barbulescu-variant-of-the-number-field-sieve-to-compute-discrete-logarithms-in-finite-fields/

  23. Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag, New York Inc, Secaucus (2003)

    MATH  Google Scholar 

  24. Hohenberger, S., Waters, B.: Online/offline attribute-based encryption.In: 17th International Conference on Practice and Theory in Public-Key Cryptography, pp. 293–310. Springer, Berlin Heidelberg, Buenos Aires, Argentina (2014)

  25. Hong, H., Sun, Z.: An efficient and secure attribute based signcryption scheme with lsss access structure. Springer Plus 5(644), (2016). doi:10.1186/s40064-016-2286-2

  26. Hur, J., Kang, K.: Secure data retrieval for decentralized disruption-tolerant military networks. IEEE/ACM Trans. Netw. 22(1), 16–26 (2014)

    Article  Google Scholar 

  27. Hur, J., Koo, D., Hwang, S.O., Kang, K.: Removing escrow from ciphertext policy attribute-based encryption. Comput. Math. Appl. 65(9), 1310–1317 (2013)

    Article  MathSciNet  Google Scholar 

  28. Jackson, K.: OpenStack Cloud Computing Cookbook. Packt Publishing, Birmingham (2012)

    Google Scholar 

  29. Khader, D.: Introduction to attribute based searchable encryption. In: De Decker, B., Zquete, A. (eds.) Communications and Multimedia Security, vol. 8735, pp. 131–135. Springer, Berlin Heidelberg (2014)

    Google Scholar 

  30. Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Advances in cryptology—CRYPTO 2016: 36th Annual International Cryptology Conference, Proceedings, Part I, Springer Berlin Heidelberg, Santa Barbara, CA, USA, August 14-18, pp. 543–571 (2016)

  31. Koo, D., Hur, J., Yoon, H.: Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)

    Article  Google Scholar 

  32. Lewko, A., Waters, B. Decentralizing attribute-based encryption. In: Advances in Cryptology EUROCRYPT 2011, Springer Berlin Heidelberg, vol. 6632, pp. 568–588 (2011)

  33. Li, S., Gao, J.: Big Data Concepts, Theories, and Applications, Springer International Publishing, chap Security and Privacy for Big Data, pp 281–313 (2016)

  34. Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52(C), 67–76 (2015)

    Article  Google Scholar 

  35. Liu, Z., Wong, D.S.: Practical attribute-based encryption: traitor tracing, revocation and large universe. The Computer Journal (2015). doi:10.1093/comjnl/bxv101, online, doi:10.1093/comjnl/bxv101, http://comjnl.oxfordjournals.org/content/early/2015/11/23/comjnl.bxv101.full.pdf+html

  36. Liu, Z., Cao, Z., Wong, DS.: Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptology ePrint Archive, Report 2010/374, (2010) http://eprint.iacr.org/

  37. Lynn, B.: On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University, Department of Computere Science, (2007)

  38. Moody, D., Peralta, R., Perlner, R., Regenscheid, A., Roginsky, A., Chen, L.: Report on pairing-based cryptography. J. Res. Natl. Inst. Stand. Technol. 120, 11–27 (2015). doi:10.6028/jres.120.002

    Article  Google Scholar 

  39. Morales-Sandoval, M., Diaz-Perez, A.: DET-ABE: A Java API for data confidentiality and fine-grained access control from attribute based encryption. In: 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice— WISTP 2015, pp. 104–119 (2015)

  40. Pang, L., Yan, X., Zhao, H., Hu, Y., Li, H.: A novel multi-receiver signcryption scheme with complete anonymity. PLoS ONE 11(11), (2016). doi:10.1371/journal.pone.0166173

  41. Pasupuleti, S.K., Ramalingam, S., Buyya, R.: An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing. J. Netw. Comput. Appl. 64, 12–22 (2016). doi:10.1016/j.jnca.2015.11.023

    Article  Google Scholar 

  42. Rannenberg, K., Camenisch, J., Sabouri, A.: Attribute-Based Credentials for Trust. Springer International Publishing, Berlin (2015)

    Book  Google Scholar 

  43. Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Financial Cryptography and Data Security, Springer, Berlin Heidelberg 8975, pp. 315–332 (2015)

  44. Scott, M.: On the efficient implementation of pairing-based protocols. In: Proceedings of the 13th IMA International Conference, Springer, Oxford, UK, IMACC 2011, pp. 296–308 (2011)

  45. Song, W., Wang, B., Wang, Q., Peng, Z., Lou, W., Cui, Y.: A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications. J. Parallel Distrib. Comput. 99, 14–27 (2017). doi:10.1016/j.jpdc.2016.05.017

    Article  Google Scholar 

  46. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  47. Wan, Z., Liu, J., Deng, R.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)

    Article  Google Scholar 

  48. Wang, J., Kissel, Z.: Introduction to Network Security: Theory and Practice. Wiley, Hoboken (2015)

    Book  Google Scholar 

  49. Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public Key Cryptography PKC 2011, Springer Berlin Heidelberg, vol. 6571, pp. 53–70 (2011)

  50. Younis, Y.A., Kifayat, K., Merabti, M.: An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014)

    Google Scholar 

  51. Zhang, J., Zhang, Z.: Secure and efficient data-sharing in clouds. Concurr. Comput. Pract. Exper. 27(8), 2125–2143 (2015)

    Article  Google Scholar 

  52. Zickau, S., Thatmann, D., Butyrtschik, A., Denisow, I., Kupper, A.: Applied attribute-based encryption schemes. In: 19th International ICIN Conference—Innovations in Clouds, pp. 88–95. Internet and Networks, Paris (2016)

Download references

Author information

Authors and Affiliations

  1. Cinvestav Unidad Tamaulipas, Cd Victoria, Mexico

    Miguel Morales-Sandoval, Jose Luis Gonzalez-Compean, Arturo Diaz-Perez & Victor J. Sosa-Sosa

Authors
  1. Miguel Morales-Sandoval
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jose Luis Gonzalez-Compean
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Arturo Diaz-Perez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Victor J. Sosa-Sosa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Miguel Morales-Sandoval.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Morales-Sandoval, M., Gonzalez-Compean, J.L., Diaz-Perez, A. et al. A pairing-based cryptographic approach for data security in the cloud. Int. J. Inf. Secur. 17, 441–461 (2018). https://doi.org/10.1007/s10207-017-0375-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-017-0375-z

Keywords

Search

Navigation