Abstract
The exponential growth of data storage and sharing in cloud demands an efficient access control mechanism for flexible data sharing. Attribute-Based Encryption (ABE) is a promising cryptographic solution to share data among users in the cloud. But it suffers from user revocation, attribute revocation, forward secrecy and backward secrecy issues. Communication and computation overhead is more due to the linear variation in the size of ciphertext and the secret key with respect to the number of attributes. In this paper, we investigate an on-demand access control for flexible sharing of secure data among randomly selected users. It is a tunable access control mechanism for the flexible sharing of ciphertext classes in the cloud. It delegates the decryption rights of any set of ciphertext classes among the users only if their attributes are satisfied with the access policy associated with ciphertext and if they should possess a compact key corresponding to the intended set of ciphertext classes. It produces a constant size ciphertext and a compact secret key to efficiently utilize the storage space and reduce the communication cost. The compact key aggregates the power of secret keys used to encrypt the outsourced data. This method flexibly shares the ciphertext classes among the randomly selected users with a specific set of attributes. All other ciphertext classes outside the set remain confidential. It allows dynamic data updates by verifying the data manipulation privilege of users with the help of claim policy. The proposed scheme provides access control of varying granularity, at user-level, at file-level, and attribute-level. Granularity levels can be chosen based on applications and user demands. Hence, it is a multi-level, tunable access control over the shared data. It is very useful for secure data storage. This scheme tackles user revocation and attribute revocation problems so that, it allows the data owner to revoke a specific user or a group of users. It prevents forward and backward secrecy issues.
Similar content being viewed by others
References
Ciphertext-policy attribute-based encryption toolkit. (2014). http://acsc.csl.sri.com/cpabe/
Cai, F., Zhu, N., He, J., Mu, P., Li, W., Yu, Y.: Survey of access control models and technologies for cloud computing. Cluster Comput. 22(3), 6111–6122 (2019)
Challagidad, P.S., Birje, M.N.: Efficient multi-authority access control using attribute-based encryption in cloud storage. Proc. Comput. Sci. 167, 840–849 (2020)
Chen, X., Li, J., Huang, X., Li, J., Xiang, Y., Wong, D.: Secure outsourced attribute-based signatures. IEEE Trans. Parallel Distrib. Syst. 25(12), 3285–3294 (2014)
Chu, C.K., Chow, S.S., Tzeng, W.G., Zhou, J., Deng, R.H.: Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(2), 468–477 (2014)
Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L., Liu, J., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)
Dong, X., Yu, J., Zhu, Y., Chen, Y., Luo, Y., Li, M.: Seco: secure and scalable data collaboration services in cloud computing. Comput. Secur. 50, 91–105 (2015)
Florence, M.L., Suresh, D.: Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search. Cluster Comput. 22(6), 13119–13130 (2019)
Gadouche, H., Farah, Z., Tari, A.: A correct-by-construction model for attribute-based access control. Cluster Comput. 23, 1517–1528 (2020)
Ge, A., Zhang, R., Chen, C.: Threshold ciphertext policy attribute-based encryption with constant size ciphertexts. In: Public Key Cryptography: 13th International Conference on Practice and Theory in Public Key Cryptography (PKC 2010). LNCS, pp. 336–349. Springer, New York (2012)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conf. Computer and Commun. Security pp. 89–98 (2006)
He, H., Zhang, J., Gu, J., Hu, Y., Xu, F.: A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing. Cluster Comput. 20(2), 1457–1472 (2017)
Huang, Q., Yang, Y., Shen, M.: Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing. Future Gener. Comput. Syst. 72, 239–249 (2017)
Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Trans. Parallel Distrib. Syst. 24(11), 2171–2180 (2013)
Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)
Jahid, S., Mittal, P., Borisov, N.: Easier: encryption-based access control in social networks with efficient revocation. In: Proc. 6th ACM Symp. Information, Computer and Commun. Security (ASIACCS’11) pp. 411–415 (2011)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. IEEE Symp. Security and Privacy, pp. 321–334 (2007)
Jiang Yinhao, W.S.Y.M., Guo, F.: Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener. Comput. Syst. 78, 720–729 (2018)
Kalaivani, A., Ananthi, B., Sangeetha, S.: Enhanced hierarchical attribute based encryption with modular padding for improved public auditing in cloud computing using semantic ontology. Cluster Comput. 22(2), 3783–3790 (2019)
Keita, E., Atsuko, M., Akito, N., Kazumasa, O., Masakazu, S.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. Lecture Notes Comput. Sci. 5451, 13–23 (2009)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)
Liu, M., Wu, Y., Xue, R., Zhang, R.: Verifiable outsourcing computation for modular exponentiation from shareable functions. Cluster Comput. 23(1), 43–55 (2020)
Lynn, B.: The pairing-based cryptography (pbc) library. (2012). http://crypto.stanford.edu/pbc
Maji, H., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. Topics Cryptol. CT-RSA 6558, 376–392 (2011)
Malluhi, Q.M., Shikfa, A., Tran, V.D., Trinh, V.C.: Decentralized ciphertext-policy attribute-based encryption schemes for lightweight devices. Comput. Commun. 145, 113–125 (2019)
Manasrah, A.M., Gupta, B., et al.: An optimized service broker routing policy based on differential evolution algorithm in fog/cloud environment. Cluster Comput. 22(1), 1639–1653 (2019)
Olakanmi, O.O., Dada, A.: An efficient privacy-preserving approach for secure verifiable outsourced computing on untrusted platforms. Int. J. Cloud Appl. Comput. (IJCAC) 9(2), 79–98 (2019)
Phuong, T.V.X., Yang, G., Susilo, W.: Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. Inf. Foren. Secur. 11(1), 35–45 (2016)
Rabaninejad, R., Asaar, M.R., Attari, M.A., Aref, M.R.: An identity-based online/offline secure cloud storage auditing scheme. Cluster Comput. 23, 1455–1468 (2019)
Ramachandran, B., Subramaniam, K.: Secure and efficient data forwarding in untrusted cloud environment. Cluster Comput. 22(2), 3727–3735 (2019)
Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: IEEE 10th Int’l Conf. Trust, Security and Privacy in Computing and Communications (TrustCom) pp. 91–98 (2011)
Ruj, S., Stojmenovic, M., Nayak, A.: Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans. Parallel Distrib. Syst. 25(2), 384–394 (2014)
Sethi Kamalakanta, A.P., Bera, P.: Practical traceable multi-authority cp-abe with outsourcing decryption and access policy updation. J. Inf. Secur. Appl. 51, 102435 (2020)
Tchernykh, A., Miranda-López, V., Babenko, M., Armenta-Cano, F., Radchenko, G., Drozdov, A.Y., Avetisyan, A.: Performance evaluation of secret sharing schemes with data recovery in secured and reliable heterogeneous multi-cloud storage. Cluster Comput. 22(4), 1173–1185 (2019)
Teng, W., Yang, G., Xiang, Y., Zhang, T., Wang, D.: Attribute-based access control with constant-size ciphertext in cloud computing. IEEE Trans. Cloud Comput. 99, 1–11 (2015)
Teng, W., Yang, G., Xiang, Y., Zhang, T., Wang, D.: Attribute-based access control with constant-size ciphertext in cloud computing. IEEE Trans. Cloud Comput. 99, 1–1 (2016)
Wang, G., Liu, Q., Wu, J., Guo, M.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput. Secur. 30, 320–331 (2011)
Xiong Hu, Y.Z.L.P.H.Z., Yeh, K.H.: Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Gener. Comput. Syst. 97, 453–461 (2019)
Xu Qian, C.T.W.Z.Y.X.Z.F., Cheng, F.: Decentralized attribute-based conjunctive keyword search scheme with online/offline encryption and outsource decryption for cloud computing. Future Gener. Comput. Syst. 97, 306–326 (2019)
Xu, S., Yang, G., Mu, Y., Deng, R.H.: Secure fine-grained access control and data sharing for dynamic groups in cloud. IEEE Trans. Inf. Forens. Secur. 13, 2101–2113 (2018)
Xu, S., Yuan, J., Xu, G., Li, Y., Liu, X., Zhang, Y., Ying, Z.: Efficient ciphertext-policy attribute-based encryption with blackbox traceability. Inf. Sci. (2020). https://doi.org/10.1016/j.ins.2020.05.115
Xue, K., Chen, W., Li, W., Hong, J., Hong, P.: Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Trans. Inf. Forens. Secur. 13, 2062–2074 (2018)
Yang, K., Jia, X., Ren, K.: Dac-macs: Effective data access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive pp. 419–429 (2012)
Zhou, Z., Huang, D.: Efficient and secure data storage operations for mobile cloud computing. In: Proceedings of the 8th International Conference on Network and Service Management, pp. 37–45. International Federation for Information Processing (2012)
Zuo, C., Shao, J., Liu, J.K., Wei, G., Ling, Y.: Fine-grained two-factor protection mechanism for data sharing in cloud storage. IEEE Trans. Inf. Forens. Secur. 13(1), 186–196 (2018)
Wan, Z., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 7(2), 743–754 (2012)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sabitha, S., Rajasree, M.S. Multi-level on-demand access control for flexible data sharing in cloud. Cluster Comput 24, 1455–1478 (2021). https://doi.org/10.1007/s10586-020-03195-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-020-03195-y