Skip to main content

Advertisement

Springer Nature Link
Log in

Oblivious user management for cloud-based data synchronization

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

One of the main issues with data sharing in cloud environment is to manage user access and its auto revocation in a controlled and flexible way. The issue becomes more complex when privacy on user access has to be ensured as well to hide additional leakage of information. For automatic revocation over cloud data, access can be bounded within certain anticipated time limit so that the access expires beyond effective time period. This time-oriented approach is more rigid and not a one-size-fits-all solution. In certain circumstances, exact time anticipation is not an easy choice. Instead, the alternate solution could be task oriented to restrict user beyond certain number of permissible attempts to access the data. We have proposed oblivious user management (OUM) in which a user can have access on cloud data for certain number of attempts without imposing any time restriction. For user authorization and her subsequent revocation, owner will perform one time setup activity and that is same for all users. The model also alleviates the burden of managing different access parameters at user end with each request as she will always use the same parameter for all valid attempts. Our approach also conceals the privacy of user attempts throughout the communication. Hiding this information helps to avoid distinguishing importance of particular user that has more authorization over others. Evaluation results have proved that OUM hides \((N-1)\) number of permissible attempts until \(N\mathrm{th}\) request arrives at Cloud Storage. The Performance analysis conducted on Google App Engine revealed that the cost of operations performed in OUM is within the range of 0.097–0.278 $ per 1,000 requests.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Mell P, Grance T (2011) The nist definition of cloud computing (draft). NIST Spec Publ 800(145):7

    Google Scholar 

  2. Motahari-Nezhad HR, Stephenson B, Singhal S (2009) Outsourcing business to cloud computing services: Opportunities and challenges. In: IEEE Internet Computing, Palo Alto, 10

  3. Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Gener Comput Syst 25(6):599–616

    Article  Google Scholar 

  4. Armbrust M, Fox A, Griffith R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I et al (2010) A view of cloud computing. Commun ACM 53(4):50–58

    Article  Google Scholar 

  5. Giles J (2012) Big data: lessons from the leaders. economist intelligence unit limited

  6. Leavitt N (2009) Is cloud computing really ready for prime time? Computer 42(1):15–20

  7. Dikaiakos MD, Katsaros D, Mehra P, Pallis G, Vakali A (2009) Cloud computing: Distributed internet computing for it and scientific research. IEEE Internet Comput 13(5):10–13

    Article  Google Scholar 

  8. Catteddu D (2010) Cloud Computing: benefits, risks and recommendations for information security. Springer

  9. Gammage B, Plummer D, Valdes R, McGee K, Potter K, Tan S, Dave A, Richard H, Jay H, Brian P et al (2011) Gartners top predictions for it organizations and usersand beyond: Its growing transparency. Document ID G00208367:2010

  10. Weller M (2010) Big and little oer. In: 2010 Proceedings. Barcelona. http://hdl.handle.net/10609/4851

  11. Jacques B, Corb L, Manyika J, Nottebohm O, Chui M (2011) Borja de Muller Barbat, and Remi Said. Search, The impact of internet technologies

  12. Dijcks J-P (2013) Oracle:big data for the enterprise. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=609&p_org_id=15&lang=KO&get_params=dc:D75058GC10,p_preview:N

  13. (2013) dunnhumby. Dunnhumby:customer science company. http://www.dunnhumby.com/

  14. Kaplan AM, Haenlein M (2010) Users of the world, unite! the challenges and opportunities of social media. Bus Horiz 53(1):59–68

    Article  Google Scholar 

  15. University of California (2013) Uci machine learning repository. http://archive.ics.uci.edu/ml/datasets.html

  16. The world bank (2013) The world bank data catalog. http://datacatalog.worldbank.org/

  17. Mao W (2001) Modern cryptography. In: Selected Areas in Cryptography VIII (SAC’01. Citeseer

  18. Ateniese G, Kevin F (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans Inf Syst Secur (TISSEC) 9(1):1–30

    Article  MATH  Google Scholar 

  19. Simmons G, Armstrong GA, Durkin MG (2011) An exploration of small business website optimization: enablers, influencers and an assessment approach. Int Small Bus J 29(5):534–561

    Article  Google Scholar 

  20. Bayardo RJ, Agrawal R (2005) Data privacy through optimal k-anonymization. In: Proceedings 21st International Conference on Data Engineering, 2005. ICDE 2005, pp 217–228

  21. Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. In: ACM Proceedings of the 2009 ACM workshop on Cloud computing security, pp 85–90

  22. Kamara S, Lauter K (2010) Cryptographic cloud storage. In: Financial Cryptography and Data Security. Springer, pp 136–149

  23. Coull S, Green M, Hohenberger S (2009) Controlling access to an oblivious database using stateful anonymous credentials. In: Public Key Cryptography-PKC 2009. Springer, pp 501–520

  24. Camenisch J, Dubovitskaya M, Neven G, Zaverucha GM (2011) Oblivious transfer with hidden access control policies. In: Public Key Cryptography-PKC 2011. Springer, pp 192–209

  25. Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55(10):1259–1270

    Article  Google Scholar 

  26. Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public Key Cryptography-PKC 2011. Springer, pp 53–70

  27. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security, ACM, pp 89–98

  28. Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Advances in Cryptology-EUROCRYPT 2005. Springer, pp 457–473

  29. Blaze M, Bleumer G, Strauss M (1998) Divertible protocols and atomic proxy cryptography. In: Advances in Cryptology EUROCRYPT’98. Springer, pp 127–144

  30. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE, INFOCOM, 2010 Proceedings IEEE, pp 1–9

  31. Liu Q, Wang G, Wu J (2014) Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. In: Information Sciences, 2014, vol 258. Elsevier, pp 355–370

  32. Bethencourt J,Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, IEEE, 2007. SP’07, pp 321–334

  33. Müller S, Katzenbeisser S, Eckert C (2009) Distributed attribute-based encryption. In: Information Security and Cryptology-ICISC 2008. Springer, pp 20–36

  34. Wang G, Liu Q, Wu J (2010) Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM conference on Computer and communications security, ACM, pp 735–737

  35. Wang G, Liu Q, Guo M (2011) Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur 30(5):320–331

    Article  Google Scholar 

  36. Patel B, Crowcroft J (1997) Ticket based service access for the mobile user. In: Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking, ACM, pp 223–233

  37. Freedman MJ, Nissim K, Pinkas B (2004) Efficient private matching and set intersection. In: Advances in Cryptology-EUROCRYPT 2004. Springer, pp 1–19

  38. Paillier P (2000) Trapdooring discrete logarithms on elliptic curves over rings. In: Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’00. Springer-Verlag, London, pp 573–584

  39. Paillier P (1999) Public key cryptosystems based on composite degree residuosity classes. In: Proceedings of the 17th international conference on Theory and application of cryptographic techniques, EUROCRYPT’99. Springer-Verlag, Berlin, pp 223–238

  40. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th conference on Information communications, INFOCOM’10. IEEE Press, Piscataway, pp 534–542

  41. James M, Chui M, Brown B, Bughin J, Dobbs R, Roxburgh C, Byers AH (2011)The next frontier for innovation, competition, and productivity, Big data

  42. Google (2013) Google app engine. https://cloud.google.com/products/app-engine

  43. The Android open source project (2013) Netbeans android plugin. http://plugins.netbeans.org/plugin/19545

  44. Pervez Z, Ahmad A, Masood A, Lee S (2013) Privacy-aware searching with oblivious term matching for cloud storage. Supercomputing 63(2):538–560

    Article  Google Scholar 

  45. Allcock B, Bester J, Bresnahan J, Chervenak AL, Kesselman C, Meder S, Nefedova V, Quesnel D, Tuecke S, Foster I (2001) Secure, efficient data transport and replica management for high-performance data-intensive computing. In: Eighteenth IEEE Symposium on Mass Storage Systems and Technologies, 2001, IEEE, MSS’01, pp 13–13

  46. Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: Advances in Cryptology-EUROCRYPT 2010. Springer, pp 62–91

  47. Chase M (2007) Multi-authority attribute based encryption. In: Theory of Cryptography. Springer, pp 515–534

  48. Li J, Huang Q, Chen X, Chow SS, Wong DS, Xie D (2011) Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ACM, pp 386–390

  49. Goh E-J, Shacham H, Modadugu N, Boneh D (2003) Sirius: Securing remote untrusted storage. NDSS 3:131–145

    Google Scholar 

  50. Venkatesh VP, Sugavanan V (2009) High performance grid computing and security through load balancing. In: IEEE, International Conference on Computer Engineering and Technology, 2009. ICCET’09, vol 1, pp 68–72

Download references

Acknowledgments

This research was supported by a grant from the Kyung Hee University in 2013[KHU-20130439].

Author information

Authors and Affiliations

  1. Ubiquitous Computing Lab, Department of Computer Engineering, Kyung Hee University, Global Campus, 1 Seocheon-dong, Giheung-gu, Yongin-si, Gyeonggi-do, 446-701, South Korea

    Mahmood Ahmad, Taechoong Cheong & Sungyoung Lee

  2. School of Computing, University of the West of Scotland, Paisley, PA1 2BE, UK

    Zeeshan Pervez

Authors
  1. Mahmood Ahmad
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Zeeshan Pervez
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Taechoong Cheong
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Sungyoung Lee
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Taechoong Cheong.

Appendix: Performance evaluation: Data tables

Appendix: Performance evaluation: Data tables

Performance evaluation presented in Sects. 6 and 7 is based on the following data tables. Figure 3 presented the visual representation of Table  2. Similarly, Figs. 4, 5, 6, 7, 8 are represented by Tables 3, 4, 5, 6 and 7 respectively.

Table 2 Time required for initial setup by owner and request evaluation at TTP with variable key length
Full size table
Table 3 Cost analysis and execution time at F4 instance of Google cloud
Full size table
Table 4 Execution time on android and Google app engine
Full size table
Table 5 Execution time for different numbers of attempts(10,500,1000) where key size is 1024 for all
Full size table
Table 6 Values of users request after evaluation at CSP, i.e., \(\Delta _{y_{1 \ldots n}}\) (without randomization)
Full size table
Table 7 Values of users request after evaluation at CSP, i.e., \(\Delta _{y_{1 \ldots n}}\) (with randomization)
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ahmad, M., Pervez, Z., Cheong, T. et al. Oblivious user management for cloud-based data synchronization. J Supercomput 71, 1378–1400 (2015). https://doi.org/10.1007/s11227-014-1369-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-014-1369-5

Keywords