Skip to main content
SpringerLink
Log in

Secure Provenance for Data Forensics with Efficient Revocation of Anonymous Credentials in Cloud Computing

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Privacy is a critical security requirement in mobile cloud computing. To address the dilemma of data forensics in privacy-preserving cloud environment, secure provenance that records the ownership and process history of data objects was proposed in literatures. Although existing secure provenance schemes provide anonymous authentication to cloud servers, confidentiality of sensitive documents, unforgeability of provenance records and provenance tracking of disputed documents, they do not address the revocation of anonymous user or introduce high computational overhead into anonymous authentication. In this study, we propose a practical secure data provenance for cloud computing. Our scheme provides the necessary security features and efficient revocation of anonymous credentials without sacrificing performance (i.e. computational overhead is minimal). Using provable security techniques, we prove that the proposed scheme is secure under the standard model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: Architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587–1611.

    Article  Google Scholar 

  2. Fernando, N., Loke, S.W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future Generation Computer Systems, 29(1), 84–106. Including Special section: AIRCC-NetCoM 2009 and Special section: Clouds and Service-Oriented Architectures.

  3. Li, J., Chen, X., Huang, Q., & Wong, D. S. (2014). Digital provenance: Enabling secure data forensics in cloud computing. Future Generation Computer Systems, 37, 259–266.

    Article  Google Scholar 

  4. Lu, R., Lin, X., Liang, X., & Shen, X. S. (2010). Secure provenance: The essential of bread and butter of data forensics in cloud computing. In Proceedings of the 5th ACM symposium on information, computer and communications security, ASIACCS ’10 (pp. 282–292). New York, NY: ACM.

  5. Pearson, S. (2009). Taking account of privacy when designing cloud computing services. In Proceedings of the 2009 ICSE workshop on software engineering challenges of cloud computing, CLOUD ’09 (pp. 44–52). Washington, DC: IEEE Computer Society.

  6. Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. (2014). Security issues in cloud environments: A survey. International Journal of Information Security, 13(2), 113–170.

    Article  Google Scholar 

  7. Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., et al. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371–386.

    Article  Google Scholar 

  8. Ruj, S., Stojmenovic, M., & Nayak, A. (2014). Decentralized access control with anonymous authentication of data stored in clouds. Parallel and Distributed Systems, IEEE Transactions on, 25(2), 384–394.

    Article  Google Scholar 

  9. Chow, S., Chu, C. K., Huang, X., Zhou, J., & Deng, R. (2012). Dynamic secure cloud storage with provenance. In D. Naccache (Ed.), Cryptography and security: From theory to applications (Vol. 6805, pp. 442–464). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.

  10. Bates, A., Mood, B., Valafar, M., & Butler, K. (2013). Towards secure provenance-based access control in cloud environments. In Proceedings of the third ACM conference on data and application security and privacy, CODASPY ’13 (pp. 277–284). New York, NY: ACM.

  11. Asghar, M., Ion, M., Russello, G., & Crispo, B. (2012). Securing data provenance in the cloud. In J. Camenisch & D. Kesdogan (Eds.), Open problems in network security (Vol. 7039, pp. 145–160). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.

  12. Hasan, R., Sion, R., & Winslett, M. (2007). Introducing secure provenance: Problems and challenges. In Proceedings of the 2007 ACM workshop on storage security and survivability, storageSS ’07 (pp. 13–18). New York, NY: ACM.

  13. Au, M., Tsang, P., Susilo, W., & Mu, Y. (2009). Dynamic universal accumulators for ddh groups and their application to attribute-based anonymous credential systems. In M. Fischlin (Ed.), Topics in cryptology - CT-RSA 2009 (Vol. 5473, pp. 295–308). Lecture Notes in Computer Science. Berlin. Heidelberg: Springer.

  14. Simmhan, Y. L., Plale, B., & Gannon, D. (2005). A survey of data provenance in e-science. SIGMOD Record, 34(3), 31–36.

    Article  Google Scholar 

  15. Freire, J., Koop, D., Santos, E., & Silva, C. T. (2008). Provenance for computational tasks: A survey. Computing in Science & Engineering, 10(3), 11–21.

    Article  Google Scholar 

  16. Szomszor, M., & Moreau, L. (2003). Recording and reasoning over data provenance in web and grid services. In R. Meersman, Z. Tari, & D. Schmidt (Eds.), On the move to meaningful internet systems 2003: CoopIS, DOA, and ODBASE (Vol. 2888, pp. 603–620)., Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.

  17. Zhou, W., Sherr, M., Tao, T., Li, X., Loo, B. T., & Mao, Y. (2010). Efficient querying and maintenance of network provenance at internet-scale. In Proceedings of the 2010 ACM SIGMOD international conference on management of data, SIGMOD ’10 (pp. 615–626). New York, NY: ACM.

  18. Muniswamy-Reddy, K. K., Holland, D. A., Braun, U., & Seltzer, M. (2006). Provenance-aware storage systems. In Proceedings of the annual conference on USENIX ’06 annual technical conference, ATEC ’06 (pp. 4–4). Berkeley, CA: USENIX Association.

  19. Muniswamy-Reddy, K. K., Macko, P., & Seltzer, M. (2010). Provenance for the cloud. In Proceedings of the 8th USENIX conference on file and storage technologies, FAST’10 (pp. 15–14). Berkeley, CA: USENIX Association.

  20. Boneh, D., & Shacham, H. (2004). Group signatures with verifier-local revocation. In Proceedings of the 11th ACM conference on computer and communications security, CCS ’04 (pp. 168–177). New York, NY: ACM.

  21. Boneh, D., Boyen, X., & Shacham, H. (2004). Short group signatures. In M. Franklin (Ed.), Advances in cryptology - CRYPTO 2004 (Vol. 3152, pp. 41–55), Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.

  22. Liu, J. K., Baek, J., Zhou, J., Yang, Y., & Wong, J. W. (2010). Efficient online/offline identity-based signature for wireless sensor network. International Journal of Information Security, 9(4), 287–296.

    Article  Google Scholar 

  23. Boneh, D., & Boyen, X. (2008). Short signatures without random oracles and the SDH assumption in bilinear groups. Journal of Cryptology, 21(2), 149–177.

    Article  MathSciNet  MATH  Google Scholar 

  24. Camenisch, J., & Lysyanskaya, A. (2004). Signature schemes and anonymous credentials from bilinear maps. In M. Franklin (Ed.), Advances in cryptology - CRYPTO 2004 (Vol. 3152, pp. 56–72). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China (No.61402117) and Information Security Special Program of National Development and Reform Commission (No. FA GAI BAN GAO JI [2015]289).

Author information

Authors and Affiliations

  1. The Third Research Institute of Ministry of Public Security, Shanghai, 201204, China

    Songyang Wu & Yong Zhang

Authors
  1. Songyang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Zhang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, S., Zhang, Y. Secure Provenance for Data Forensics with Efficient Revocation of Anonymous Credentials in Cloud Computing. Wireless Pers Commun 90, 1497–1517 (2016). https://doi.org/10.1007/s11277-016-3406-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3406-6

Keywords

Search

Navigation