Abstract
Privacy is a critical security requirement in mobile cloud computing. To address the dilemma of data forensics in privacy-preserving cloud environment, secure provenance that records the ownership and process history of data objects was proposed in literatures. Although existing secure provenance schemes provide anonymous authentication to cloud servers, confidentiality of sensitive documents, unforgeability of provenance records and provenance tracking of disputed documents, they do not address the revocation of anonymous user or introduce high computational overhead into anonymous authentication. In this study, we propose a practical secure data provenance for cloud computing. Our scheme provides the necessary security features and efficient revocation of anonymous credentials without sacrificing performance (i.e. computational overhead is minimal). Using provable security techniques, we prove that the proposed scheme is secure under the standard model.
Similar content being viewed by others
References
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: Architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587–1611.
Fernando, N., Loke, S.W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future Generation Computer Systems, 29(1), 84–106. Including Special section: AIRCC-NetCoM 2009 and Special section: Clouds and Service-Oriented Architectures.
Li, J., Chen, X., Huang, Q., & Wong, D. S. (2014). Digital provenance: Enabling secure data forensics in cloud computing. Future Generation Computer Systems, 37, 259–266.
Lu, R., Lin, X., Liang, X., & Shen, X. S. (2010). Secure provenance: The essential of bread and butter of data forensics in cloud computing. In Proceedings of the 5th ACM symposium on information, computer and communications security, ASIACCS ’10 (pp. 282–292). New York, NY: ACM.
Pearson, S. (2009). Taking account of privacy when designing cloud computing services. In Proceedings of the 2009 ICSE workshop on software engineering challenges of cloud computing, CLOUD ’09 (pp. 44–52). Washington, DC: IEEE Computer Society.
Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. (2014). Security issues in cloud environments: A survey. International Journal of Information Security, 13(2), 113–170.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., et al. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371–386.
Ruj, S., Stojmenovic, M., & Nayak, A. (2014). Decentralized access control with anonymous authentication of data stored in clouds. Parallel and Distributed Systems, IEEE Transactions on, 25(2), 384–394.
Chow, S., Chu, C. K., Huang, X., Zhou, J., & Deng, R. (2012). Dynamic secure cloud storage with provenance. In D. Naccache (Ed.), Cryptography and security: From theory to applications (Vol. 6805, pp. 442–464). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.
Bates, A., Mood, B., Valafar, M., & Butler, K. (2013). Towards secure provenance-based access control in cloud environments. In Proceedings of the third ACM conference on data and application security and privacy, CODASPY ’13 (pp. 277–284). New York, NY: ACM.
Asghar, M., Ion, M., Russello, G., & Crispo, B. (2012). Securing data provenance in the cloud. In J. Camenisch & D. Kesdogan (Eds.), Open problems in network security (Vol. 7039, pp. 145–160). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.
Hasan, R., Sion, R., & Winslett, M. (2007). Introducing secure provenance: Problems and challenges. In Proceedings of the 2007 ACM workshop on storage security and survivability, storageSS ’07 (pp. 13–18). New York, NY: ACM.
Au, M., Tsang, P., Susilo, W., & Mu, Y. (2009). Dynamic universal accumulators for ddh groups and their application to attribute-based anonymous credential systems. In M. Fischlin (Ed.), Topics in cryptology - CT-RSA 2009 (Vol. 5473, pp. 295–308). Lecture Notes in Computer Science. Berlin. Heidelberg: Springer.
Simmhan, Y. L., Plale, B., & Gannon, D. (2005). A survey of data provenance in e-science. SIGMOD Record, 34(3), 31–36.
Freire, J., Koop, D., Santos, E., & Silva, C. T. (2008). Provenance for computational tasks: A survey. Computing in Science & Engineering, 10(3), 11–21.
Szomszor, M., & Moreau, L. (2003). Recording and reasoning over data provenance in web and grid services. In R. Meersman, Z. Tari, & D. Schmidt (Eds.), On the move to meaningful internet systems 2003: CoopIS, DOA, and ODBASE (Vol. 2888, pp. 603–620)., Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.
Zhou, W., Sherr, M., Tao, T., Li, X., Loo, B. T., & Mao, Y. (2010). Efficient querying and maintenance of network provenance at internet-scale. In Proceedings of the 2010 ACM SIGMOD international conference on management of data, SIGMOD ’10 (pp. 615–626). New York, NY: ACM.
Muniswamy-Reddy, K. K., Holland, D. A., Braun, U., & Seltzer, M. (2006). Provenance-aware storage systems. In Proceedings of the annual conference on USENIX ’06 annual technical conference, ATEC ’06 (pp. 4–4). Berkeley, CA: USENIX Association.
Muniswamy-Reddy, K. K., Macko, P., & Seltzer, M. (2010). Provenance for the cloud. In Proceedings of the 8th USENIX conference on file and storage technologies, FAST’10 (pp. 15–14). Berkeley, CA: USENIX Association.
Boneh, D., & Shacham, H. (2004). Group signatures with verifier-local revocation. In Proceedings of the 11th ACM conference on computer and communications security, CCS ’04 (pp. 168–177). New York, NY: ACM.
Boneh, D., Boyen, X., & Shacham, H. (2004). Short group signatures. In M. Franklin (Ed.), Advances in cryptology - CRYPTO 2004 (Vol. 3152, pp. 41–55), Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.
Liu, J. K., Baek, J., Zhou, J., Yang, Y., & Wong, J. W. (2010). Efficient online/offline identity-based signature for wireless sensor network. International Journal of Information Security, 9(4), 287–296.
Boneh, D., & Boyen, X. (2008). Short signatures without random oracles and the SDH assumption in bilinear groups. Journal of Cryptology, 21(2), 149–177.
Camenisch, J., & Lysyanskaya, A. (2004). Signature schemes and anonymous credentials from bilinear maps. In M. Franklin (Ed.), Advances in cryptology - CRYPTO 2004 (Vol. 3152, pp. 56–72). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer.
Acknowledgments
This work was supported by the National Natural Science Foundation of China (No.61402117) and Information Security Special Program of National Development and Reform Commission (No. FA GAI BAN GAO JI [2015]289).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wu, S., Zhang, Y. Secure Provenance for Data Forensics with Efficient Revocation of Anonymous Credentials in Cloud Computing. Wireless Pers Commun 90, 1497–1517 (2016). https://doi.org/10.1007/s11277-016-3406-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3406-6