Abstract
This paper presents AES4SeC, a security scheme fully constructed over cryptographic pairings. The main building blocks of AES4SeC are attribute-based encryption (ABE) and short signatures (SSign), with generalized constructions for the Type 3 pairing. AES4SeC was developed as an end-to-end storage service for hybrid cloud models and integrated to a file-sharing application for scenarios where data owners upload content to the cloud and selectively decide who is able to access that content. An experimental evaluation of AES4SeC was conducted by testing different security levels, recommended key sizes, and cryptographic engine constructions. This led to a wide experimental evaluation in terms of the running times of the primitive operations (encrypt, decrypt, sign, verify) and the space complexity of the ciphertexts, private and public keys, and the signatures. The implementation results revealed the feasibility and flexibility of AES4SeC in real scenarios, whereas a fine-tuning evaluation revealed that the best results in terms of performance and memory requirements are obtained using Type 3 pairings over type F elliptic curves. This is a relevant result because most of the ABE and SSign schemes in the literature are provided for the Type 1 pairing (symmetric) over type A curves, which exhibited poorer results.
Similar content being viewed by others
Notes
A cloud storage path can be placed in public, hybrid, or private cloud sites
References
Alpar, G.: Attribute-based identity management. PhD thesis (2015)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management-part 1: general(Revision 4). NIST Spec. Publ. 800–57, 1–156 (2015)
Barreto, PSLM., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: 12th International Conference on Selected Areas in Cryptography, Springer-Verlag, SAC’05, pp. 319–331 (2006)
Bartoletti, D., Nelson, LE., Cser, A., Rymer, JR., Kindness, A., Martorelli, W.: Predictions 2016: The cloud accelerates. In: Forrester Research Technical Report, Forrester Inc, (2015) https://www.forrester.com/report/Predictions+2016+The+Cloud+Accelerates/-/E-RES125317
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society, SP ’07, pp. 321–334 (2007)
Bobba, R., Khurana, H., Prabhakaran, M.: Attribute-sets: a practically motivated enhancement to attribute-based encryption. In: 14th European Symposium on Research in Computer Security, pp. 587–604. Saint-Malo, France (2009)
Boneh, D.: Pairing-based cryptography: past, present, and future. In: Advances in Cryptology ASIACRYPT 2012, Springer Berlin Heidelberg, vol. 7658, pp. 1–1 (2012)
Boneh, D., Boyen, X.: Short signatures without random oracles. In: International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, pp. 56–73 (2004)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian J (ed) Advances in Cryptology CRYPTO 2001, Springer Berlin Heidelberg, vol. 2139, pp. 213–229 (2001)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Advances in Cryptology, Springer-Verlag, London, UK, ASIACRYPT ’01, pp. 514–532 (2001)
Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014)
Braun, J., Volk, F., Buchmann, J., Mhlhuser, M.: Trust views for the web PKI. Public key infrastructures, services and applications, pp. 134–151. Springer, Berlin Heidelberg (2014)
Chen, C., Chen, J., Lim, HW., Zhang, Z., Feng, D.: Combined public-key schemes: the case of ABE and ABS. In: 6th International Conference on Provable Security, Springer-Verlag, Chengdu, China, ProvSec’12, pp. 53–69 (2012)
De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 IEEE Symposium on Computers and Communications (ISCC), pp. 850–855 (2011)
Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)
Escofier, J.P.: Galois Theory, Graduate Texts in Mathematics, vol. 204. Springer, New York (2001)
European Network of Excellence in Cryptology II.: ECRYPT II yearly report on algorithms and keysizes. ECRYPT-II project (2012)
European Union Agency for Network and Information Security Algorithms, key size and parameters report (2014)
Gonzalez, J., Carretero Perez, J., Sosa-Sosa, V.J., Sanchez, L.M., Bergua, B.: SkyCDS: a resilient content delivery service based on diversified cloud storage. Simul. Model. Pract. Theory 54, 64–85 (2015)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM Conference on Computer and Communications Security, ACM, CCS ’06, pp. 89–98 (2006)
Guadie Worku, S., Xu, C., Zhao, J., He, X.: Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput. Electr. Eng. 40(5), 1703–1713 (2014)
Guillevic, A.: KimBarbulescu variant of the number field sieve to compute discrete logarithms in finite fields. (2016) https://ellipticnews.wordpress.com/2016/05/02/kim-barbulescu-variant-of-the-number-field-sieve-to-compute-discrete-logarithms-in-finite-fields/
Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag, New York Inc, Secaucus (2003)
Hohenberger, S., Waters, B.: Online/offline attribute-based encryption.In: 17th International Conference on Practice and Theory in Public-Key Cryptography, pp. 293–310. Springer, Berlin Heidelberg, Buenos Aires, Argentina (2014)
Hong, H., Sun, Z.: An efficient and secure attribute based signcryption scheme with lsss access structure. Springer Plus 5(644), (2016). doi:10.1186/s40064-016-2286-2
Hur, J., Kang, K.: Secure data retrieval for decentralized disruption-tolerant military networks. IEEE/ACM Trans. Netw. 22(1), 16–26 (2014)
Hur, J., Koo, D., Hwang, S.O., Kang, K.: Removing escrow from ciphertext policy attribute-based encryption. Comput. Math. Appl. 65(9), 1310–1317 (2013)
Jackson, K.: OpenStack Cloud Computing Cookbook. Packt Publishing, Birmingham (2012)
Khader, D.: Introduction to attribute based searchable encryption. In: De Decker, B., Zquete, A. (eds.) Communications and Multimedia Security, vol. 8735, pp. 131–135. Springer, Berlin Heidelberg (2014)
Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Advances in cryptology—CRYPTO 2016: 36th Annual International Cryptology Conference, Proceedings, Part I, Springer Berlin Heidelberg, Santa Barbara, CA, USA, August 14-18, pp. 543–571 (2016)
Koo, D., Hur, J., Yoon, H.: Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)
Lewko, A., Waters, B. Decentralizing attribute-based encryption. In: Advances in Cryptology EUROCRYPT 2011, Springer Berlin Heidelberg, vol. 6632, pp. 568–588 (2011)
Li, S., Gao, J.: Big Data Concepts, Theories, and Applications, Springer International Publishing, chap Security and Privacy for Big Data, pp 281–313 (2016)
Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52(C), 67–76 (2015)
Liu, Z., Wong, D.S.: Practical attribute-based encryption: traitor tracing, revocation and large universe. The Computer Journal (2015). doi:10.1093/comjnl/bxv101, online, doi:10.1093/comjnl/bxv101, http://comjnl.oxfordjournals.org/content/early/2015/11/23/comjnl.bxv101.full.pdf+html
Liu, Z., Cao, Z., Wong, DS.: Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptology ePrint Archive, Report 2010/374, (2010) http://eprint.iacr.org/
Lynn, B.: On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University, Department of Computere Science, (2007)
Moody, D., Peralta, R., Perlner, R., Regenscheid, A., Roginsky, A., Chen, L.: Report on pairing-based cryptography. J. Res. Natl. Inst. Stand. Technol. 120, 11–27 (2015). doi:10.6028/jres.120.002
Morales-Sandoval, M., Diaz-Perez, A.: DET-ABE: A Java API for data confidentiality and fine-grained access control from attribute based encryption. In: 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice— WISTP 2015, pp. 104–119 (2015)
Pang, L., Yan, X., Zhao, H., Hu, Y., Li, H.: A novel multi-receiver signcryption scheme with complete anonymity. PLoS ONE 11(11), (2016). doi:10.1371/journal.pone.0166173
Pasupuleti, S.K., Ramalingam, S., Buyya, R.: An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing. J. Netw. Comput. Appl. 64, 12–22 (2016). doi:10.1016/j.jnca.2015.11.023
Rannenberg, K., Camenisch, J., Sabouri, A.: Attribute-Based Credentials for Trust. Springer International Publishing, Berlin (2015)
Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Financial Cryptography and Data Security, Springer, Berlin Heidelberg 8975, pp. 315–332 (2015)
Scott, M.: On the efficient implementation of pairing-based protocols. In: Proceedings of the 13th IMA International Conference, Springer, Oxford, UK, IMACC 2011, pp. 296–308 (2011)
Song, W., Wang, B., Wang, Q., Peng, Z., Lou, W., Cui, Y.: A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications. J. Parallel Distrib. Comput. 99, 14–27 (2017). doi:10.1016/j.jpdc.2016.05.017
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Wan, Z., Liu, J., Deng, R.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)
Wang, J., Kissel, Z.: Introduction to Network Security: Theory and Practice. Wiley, Hoboken (2015)
Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public Key Cryptography PKC 2011, Springer Berlin Heidelberg, vol. 6571, pp. 53–70 (2011)
Younis, Y.A., Kifayat, K., Merabti, M.: An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014)
Zhang, J., Zhang, Z.: Secure and efficient data-sharing in clouds. Concurr. Comput. Pract. Exper. 27(8), 2125–2143 (2015)
Zickau, S., Thatmann, D., Butyrtschik, A., Denisow, I., Kupper, A.: Applied attribute-based encryption schemes. In: 19th International ICIN Conference—Innovations in Clouds, pp. 88–95. Internet and Networks, Paris (2016)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Morales-Sandoval, M., Gonzalez-Compean, J.L., Diaz-Perez, A. et al. A pairing-based cryptographic approach for data security in the cloud. Int. J. Inf. Secur. 17, 441–461 (2018). https://doi.org/10.1007/s10207-017-0375-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-017-0375-z