Skip to main content
SpringerLink
Log in

Multi-level on-demand access control for flexible data sharing in cloud

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The exponential growth of data storage and sharing in cloud demands an efficient access control mechanism for flexible data sharing. Attribute-Based Encryption (ABE) is a promising cryptographic solution to share data among users in the cloud. But it suffers from user revocation, attribute revocation, forward secrecy and backward secrecy issues. Communication and computation overhead is more due to the linear variation in the size of ciphertext and the secret key with respect to the number of attributes. In this paper, we investigate an on-demand access control for flexible sharing of secure data among randomly selected users. It is a tunable access control mechanism for the flexible sharing of ciphertext classes in the cloud. It delegates the decryption rights of any set of ciphertext classes among the users only if their attributes are satisfied with the access policy associated with ciphertext and if they should possess a compact key corresponding to the intended set of ciphertext classes. It produces a constant size ciphertext and a compact secret key to efficiently utilize the storage space and reduce the communication cost. The compact key aggregates the power of secret keys used to encrypt the outsourced data. This method flexibly shares the ciphertext classes among the randomly selected users with a specific set of attributes. All other ciphertext classes outside the set remain confidential. It allows dynamic data updates by verifying the data manipulation privilege of users with the help of claim policy. The proposed scheme provides access control of varying granularity, at user-level, at file-level, and attribute-level. Granularity levels can be chosen based on applications and user demands. Hence, it is a multi-level, tunable access control over the shared data. It is very useful for secure data storage. This scheme tackles user revocation and attribute revocation problems so that, it allows the data owner to revoke a specific user or a group of users. It prevents forward and backward secrecy issues.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Ciphertext-policy attribute-based encryption toolkit. (2014). http://acsc.csl.sri.com/cpabe/

  2. Cai, F., Zhu, N., He, J., Mu, P., Li, W., Yu, Y.: Survey of access control models and technologies for cloud computing. Cluster Comput. 22(3), 6111–6122 (2019)

    Article  Google Scholar 

  3. Challagidad, P.S., Birje, M.N.: Efficient multi-authority access control using attribute-based encryption in cloud storage. Proc. Comput. Sci. 167, 840–849 (2020)

    Article  Google Scholar 

  4. Chen, X., Li, J., Huang, X., Li, J., Xiang, Y., Wong, D.: Secure outsourced attribute-based signatures. IEEE Trans. Parallel Distrib. Syst. 25(12), 3285–3294 (2014)

    Article  Google Scholar 

  5. Chu, C.K., Chow, S.S., Tzeng, W.G., Zhou, J., Deng, R.H.: Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(2), 468–477 (2014)

    Article  Google Scholar 

  6. Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  7. Dong, X., Yu, J., Zhu, Y., Chen, Y., Luo, Y., Li, M.: Seco: secure and scalable data collaboration services in cloud computing. Comput. Secur. 50, 91–105 (2015)

    Article  Google Scholar 

  8. Florence, M.L., Suresh, D.: Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search. Cluster Comput. 22(6), 13119–13130 (2019)

    Article  Google Scholar 

  9. Gadouche, H., Farah, Z., Tari, A.: A correct-by-construction model for attribute-based access control. Cluster Comput. 23, 1517–1528 (2020)

    Article  Google Scholar 

  10. Ge, A., Zhang, R., Chen, C.: Threshold ciphertext policy attribute-based encryption with constant size ciphertexts. In: Public Key Cryptography: 13th International Conference on Practice and Theory in Public Key Cryptography (PKC 2010). LNCS, pp. 336–349. Springer, New York (2012)

  11. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conf. Computer and Commun. Security pp. 89–98 (2006)

  12. He, H., Zhang, J., Gu, J., Hu, Y., Xu, F.: A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing. Cluster Comput. 20(2), 1457–1472 (2017)

    Article  Google Scholar 

  13. Huang, Q., Yang, Y., Shen, M.: Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing. Future Gener. Comput. Syst. 72, 239–249 (2017)

    Article  Google Scholar 

  14. Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Trans. Parallel Distrib. Syst. 24(11), 2171–2180 (2013)

    Article  Google Scholar 

  15. Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)

    Article  Google Scholar 

  16. Jahid, S., Mittal, P., Borisov, N.: Easier: encryption-based access control in social networks with efficient revocation. In: Proc. 6th ACM Symp. Information, Computer and Commun. Security (ASIACCS’11) pp. 411–415 (2011)

  17. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. IEEE Symp. Security and Privacy, pp. 321–334 (2007)

  18. Jiang Yinhao, W.S.Y.M., Guo, F.: Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener. Comput. Syst. 78, 720–729 (2018)

    Article  Google Scholar 

  19. Kalaivani, A., Ananthi, B., Sangeetha, S.: Enhanced hierarchical attribute based encryption with modular padding for improved public auditing in cloud computing using semantic ontology. Cluster Comput. 22(2), 3783–3790 (2019)

    Article  Google Scholar 

  20. Keita, E., Atsuko, M., Akito, N., Kazumasa, O., Masakazu, S.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. Lecture Notes Comput. Sci. 5451, 13–23 (2009)

    Article  MATH  Google Scholar 

  21. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)

    Article  Google Scholar 

  22. Liu, M., Wu, Y., Xue, R., Zhang, R.: Verifiable outsourcing computation for modular exponentiation from shareable functions. Cluster Comput. 23(1), 43–55 (2020)

    Article  Google Scholar 

  23. Lynn, B.: The pairing-based cryptography (pbc) library. (2012). http://crypto.stanford.edu/pbc

  24. Maji, H., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. Topics Cryptol. CT-RSA 6558, 376–392 (2011)

    MathSciNet  MATH  Google Scholar 

  25. Malluhi, Q.M., Shikfa, A., Tran, V.D., Trinh, V.C.: Decentralized ciphertext-policy attribute-based encryption schemes for lightweight devices. Comput. Commun. 145, 113–125 (2019)

    Article  Google Scholar 

  26. Manasrah, A.M., Gupta, B., et al.: An optimized service broker routing policy based on differential evolution algorithm in fog/cloud environment. Cluster Comput. 22(1), 1639–1653 (2019)

    Article  Google Scholar 

  27. Olakanmi, O.O., Dada, A.: An efficient privacy-preserving approach for secure verifiable outsourced computing on untrusted platforms. Int. J. Cloud Appl. Comput. (IJCAC) 9(2), 79–98 (2019)

    Google Scholar 

  28. Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Foren. Secur. 11(1), 35–45 (2016)

    Article  Google Scholar 

  29. Rabaninejad, R., Asaar, M.R., Attari, M.A., Aref, M.R.: An identity-based online/offline secure cloud storage auditing scheme. Cluster Comput. 23, 1455–1468 (2019)

    Article  Google Scholar 

  30. Ramachandran, B., Subramaniam, K.: Secure and efficient data forwarding in untrusted cloud environment. Cluster Comput. 22(2), 3727–3735 (2019)

    Article  Google Scholar 

  31. Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: IEEE 10th Int’l Conf. Trust, Security and Privacy in Computing and Communications (TrustCom) pp. 91–98 (2011)

  32. Ruj, S., Stojmenovic, M., Nayak, A.: Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans. Parallel Distrib. Syst. 25(2), 384–394 (2014)

    Article  Google Scholar 

  33. Sethi Kamalakanta, A.P., Bera, P.: Practical traceable multi-authority cp-abe with outsourcing decryption and access policy updation. J. Inf. Secur. Appl. 51, 102435 (2020)

    Google Scholar 

  34. Tchernykh, A., Miranda-López, V., Babenko, M., Armenta-Cano, F., Radchenko, G., Drozdov, A.Y., Avetisyan, A.: Performance evaluation of secret sharing schemes with data recovery in secured and reliable heterogeneous multi-cloud storage. Cluster Comput. 22(4), 1173–1185 (2019)

    Article  Google Scholar 

  35. Teng, W., Yang, G., Xiang, Y., Zhang, T., Wang, D.: Attribute-based access control with constant-size ciphertext in cloud computing. IEEE Trans. Cloud Comput. 99, 1–11 (2015)

    Google Scholar 

  36. Teng, W., Yang, G., Xiang, Y., Zhang, T., Wang, D.: Attribute-based access control with constant-size ciphertext in cloud computing. IEEE Trans. Cloud Comput. 99, 1–1 (2016)

    Google Scholar 

  37. Wang, G., Liu, Q., Wu, J., Guo, M.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput. Secur. 30, 320–331 (2011)

    Article  Google Scholar 

  38. Xiong Hu, Y.Z.L.P.H.Z., Yeh, K.H.: Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Gener. Comput. Syst. 97, 453–461 (2019)

    Article  Google Scholar 

  39. Xu Qian, C.T.W.Z.Y.X.Z.F., Cheng, F.: Decentralized attribute-based conjunctive keyword search scheme with online/offline encryption and outsource decryption for cloud computing. Future Gener. Comput. Syst. 97, 306–326 (2019)

    Article  Google Scholar 

  40. Xu, S., Yang, G., Mu, Y., Deng, R.H.: Secure fine-grained access control and data sharing for dynamic groups in cloud. IEEE Trans. Inf. Forens. Secur. 13, 2101–2113 (2018)

    Article  Google Scholar 

  41. Xu, S., Yuan, J., Xu, G., Li, Y., Liu, X., Zhang, Y., Ying, Z.: Efficient ciphertext-policy attribute-based encryption with blackbox traceability. Inf. Sci. (2020). https://doi.org/10.1016/j.ins.2020.05.115

    Article  MathSciNet  Google Scholar 

  42. Xue, K., Chen, W., Li, W., Hong, J., Hong, P.: Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Trans. Inf. Forens. Secur. 13, 2062–2074 (2018)

    Article  Google Scholar 

  43. Yang, K., Jia, X., Ren, K.: Dac-macs: Effective data access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive pp. 419–429 (2012)

  44. Zhou, Z., Huang, D.: Efficient and secure data storage operations for mobile cloud computing. In: Proceedings of the 8th International Conference on Network and Service Management, pp. 37–45. International Federation for Information Processing (2012)

  45. Zuo, C., Shao, J., Liu, J.K., Wei, G., Ling, Y.: Fine-grained two-factor protection mechanism for data sharing in cloud storage. IEEE Trans. Inf. Forens. Secur. 13(1), 186–196 (2018)

    Article  Google Scholar 

  46. Wan, Z., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 7(2), 743–754 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering, College of Engineering Trivandrum, Thiruvananthapuram, India

    S. Sabitha

  2. APJ Abdul Kalam Technological University, Thiruvananthapuram, India

    M. S. Rajasree

Authors
  1. S. Sabitha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. S. Rajasree
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Sabitha.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sabitha, S., Rajasree, M.S. Multi-level on-demand access control for flexible data sharing in cloud. Cluster Comput 24, 1455–1478 (2021). https://doi.org/10.1007/s10586-020-03195-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03195-y

Keywords

Search

Navigation