Skip to main content
SpringerLink
Log in

Access control aware data retrieval for secret sharing based database outsourcing

  • Published:
Distributed and Parallel Databases Aims and scope Submit manuscript

Abstract

Enforcing dynamic and confidential access control policies is a challenging issue of data outsourcing to external servers due to the lack of trust towards the servers. In this paper, we propose a scalable yet flexible access control enforcement mechanism when the underlying relational data, on which access policies are defined, has been shared through a secret sharing scheme. For sharing values of an attribute in a relation, the attribute is assigned a secret distribution key and its values are split and distributed among data servers according to a Shamir based secret sharing scheme. Given access control policies over attributes of the relation schema, access to distribution keys, used further for reconstructing original values, is managed using the Chinese remainder theorem. Our solution, in addition to preserving the confidentiality of access control policies, is flexible to efficiently adopt grant and revoke of authorizations. Moreover, it prevents the possibility of information leakage caused by query processing through an access control aware retrieval of data shares. That is, our solution not only enforces access control policies for reconstructing shares and obtaining original values, but also for retrieving shares in query processing scenario. We implemented our mechanism and performed extensive experiments, whose results confirm its efficiency and considerable scalability in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. A function with both one-to-one and onto properties.

References

  1. Agrawal, D., Abbadi, A., Emekci, F., Metwally, A.: Database management as a service: challenges and opportunities. In: IEEE 25th International Conference on Data Engineering, 2009 (ICDE’09), pp. 1709–1716 (2009)

  2. Agrawal, D., Abbadi, A., Emekci, F., Metwally, A., Wang, S.: Secure data management service on cloud computing infrastructures. In: New Frontiers in Information and Software as Services. Lecture Notes in Business Information Processing, vol. 74, pp. 57–80. Springer, Heidelberg (2011)

  3. Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1–30 (2006)

    Article  MATH  Google Scholar 

  4. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)

  5. Bohli, J., Gruschka, N., Jensen, M., Iacono, L.L., Marnau, N.: Security and privacy-enhancing multicloud architectures. IEEE Trans. Dependable Secur. Comput. 10(4), 212–224 (2013)

    Article  Google Scholar 

  6. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 74–83 (2005)

  7. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. Electron. Notes Theor. Comput. Sci. 168, 127–142 (2007)

    Article  Google Scholar 

  8. Dautrich, J.L., Ravishankar, C.V.: Security limitations of using secret sharing for data outsourcing. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’12), pp. 145–160. Springer-Verlag, Berlin (2012)

  9. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control revolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Databases, pp. 123 –134 (2007)

  10. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Preserving confidentiality of security policies in data outsourcing. In: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, pp. 75–84. ACM, New York (2008)

  11. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. 35(2), 1–46 (2010)

    Article  Google Scholar 

  12. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Private data indexes for selective access to outsourced data. In: Proceedings of WPES, pp. 69–80 (2011)

  13. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Support for write privileges on outsourced data. In: Information Security and Privacy Research, pp. 199–210. Springer, Berlin (2012)

  14. Emekci, F., Methwally, A., Agrawal, D., Abbadi, A.E.: Dividing secrets to secure data outsourcing. Inf. Sci. 263, 198–210 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  15. Ermakova, T., Fabian, B.: Secret sharing for health data in multi-provider clouds. In: 2013 IEEE 15th Conference on Business Informatics (CBI), pp. 93–100 (2013). doi:10.1109/CBI.2013.22

  16. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 89–98. ACM, New York (2006)

  17. Hadavi, M.A., Jalili, R.: Secure data outsourcing based on threshold secret sharing; towards a more practical solution. In: Proceeding of VLDB PhD Workshop, pp. 54–59. VLDB Endowment, Singapore (2010)

  18. Hadavi, M.A., Noferesti, M., Jalili, R., Damiani, E.: Database as a service: towards a unified solution for security requirement. In: 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 415–420. IEEE Computer Society, Izmir (2012)

  19. Hadavi, M.A., Damiani, E., Jalili, R., Cimato, S., Ganjei, Z.: AS5: a secure searchable secret sharing scheme for privacy preserving database outsourcing. In: Data Privacy Management and Autonomous Spontaneous Security, pp. 201–216. Springer, Heidelberg (2013)

  20. Hadavi, M.A., Jalili, R., Damiani, E., Cimato, S.: Security and searchability in secret sharing-based data outsourcing. Int. J. Inf. Secur. 1–17 (2015). doi:10.1007/s10207-015-0277-x

  21. Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)

    Article  Google Scholar 

  22. Jameson, G.J.O.: The prime number theorem. In: London Mathematical Society Student Texts, vol. 53. Cambridge University Press, Cambridge (2003)

  23. Jung, T., Li, X.Y., Wan, Z., Wan, M.: Privacy preserving cloud data access with multi-authorities. In: Proceedings of IEEE on INFOCOM, 2013, pp. 2625–2633 (2013). doi:10.1109/INFCOM.2013.6567070

  24. Kong, Y., Seberry, J., Getta, J.R., Yu, P.: A cryptographic solution for general access control. In: Information Security, pp. 461–473. Springer, Berlin (2005)

  25. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)

    Article  Google Scholar 

  26. Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: ASIACCS’09, pp. 276–286. ACM, New York (2009)

  27. Liu, S., Li, W., Wang, L.: Towards efficient over-encryption in outsourced databases using secret sharing. In: New Technologies, Mobility and Security, 2008 (NTMS’08), pp. 1–5. IEEE, New York (2008)

  28. Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-Based Signatures (2010). Cryptology ePrint Archive, Report 2010/595. http://eprint.iacr.org/

  29. Nabeel, M., Bertino, E.: Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9), 2268–2280 (2013). doi:10.1109/TKDE.2013.68

  30. Nabeel, M., Shang, N., Bertino, E.: Privacy preserving policy based content sharing in public clouds. IEEE Trans. Knowl. Data Eng. 25(11), 2602–2614 (2013)

    Article  Google Scholar 

  31. Ruggles, S., Alexander, J.T., Genadek, K., Goeken, R., Schroeder, M.B., Sobek, M.: Integrated public use microdata series: Version 5.0 [machine-readable database]. Technical Report, University of Minnesota, Minneapolis (2010)

  32. Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 556–563 (2012). doi:10.1109/CCGrid.2012.92

  33. Sarfraz, M.I., Nabeel, M., Cao, J., Bertino, E.: DBMask: fine-grained access control on encrypted relational databases. In: Fifth ACM Conference on Data and Application Security and Privacy (CODASPY’15), pp. 1–11 (2015). doi:10.1145/2699026.2699101

  34. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  35. Tian, X., Wang, X., Zhou, A.: DSP re-encryption: a flexible mechanism for access control enforcement management in DaaS. In: 2009 IEEE International Conference on Cloud Computing, pp. 25–32 (2009)

  36. Tian, X., Sha, C., Wang, X., Zhou, A.: Privacy preserving query processing on secret share based data storage. In: Database Systems for Advanced Applications. Lecture Notes in Computer Science, vol. 6587, pp. 108–122. Springer, Berlin (2011)

  37. Tourani, P., Hadavi, M.A., Jalili, R.: Access control enforcement on outsourced data ensuring privacy of access control policies. In: 2011 International Conference on High Performance Computing and Simulation (HPCS), pp. 491–497. IEEE, Istanbul (2011)

  38. Yan, S.Y.: Number Theory for Computing, 2nd edn. Springer, Berlin (2002)

    Book  Google Scholar 

  39. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE on INFOCOM, pp. 1–9 (2010)

  40. Zhao, F., Nishide, T., Sakurai, K.: Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems. In: Bao, F., Weng, J. (eds.) Information Security Practice and Experience. Lecture Notes in Computer Science, vol. 6672, pp. 83–97. Springer, Berlin (2011)

  41. Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role-based access control for secure data storage in the cloud. Comput. J. 54(10), 1675–1687 (2011)

    Article  Google Scholar 

  42. Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013). doi:10.1109/TIFS.2013.2286456

    Article  Google Scholar 

  43. Zhu, Y., Huang, D., Hu, C., Wang, X.: From RBAC to ABAC: constructing flexible data access control for cloud storage services. IEEE Trans. Serv. Comput. (2014). doi:10.1109/TSC.2014.2363474

  44. Zych, A., Petkovic, M., Jonker, W.: A key management method for cryptographically enforced access control. In: WOSIS, pp. 9–22 (2007)

Download references

Acknowledgments

This research has been supported by a Grant from the Research Institute for ICT (ITRC), Tehran, Iran.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Sharif University of Technology, Tehran, Iran

    Mohammad Ali Hadavi, Rasool Jalili & Leila Karimi

Authors
  1. Mohammad Ali Hadavi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rasool Jalili
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Leila Karimi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rasool Jalili.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hadavi, M.A., Jalili, R. & Karimi, L. Access control aware data retrieval for secret sharing based database outsourcing. Distrib Parallel Databases 34, 505–534 (2016). https://doi.org/10.1007/s10619-015-7186-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10619-015-7186-x

Keywords

Search

Navigation