Abstract
Ciphertext-Policy Attribute-based Encryption (CP-ABE) is regarded as an ideal technique for data access control in cloud storage platform. The traditional CP-ABE requires only one trusted authority to manage the whole attribute set and issue associated keys. However, it makes the only-one-authority become a high-risk entity of the system: When the authority is compromised or crashed, the system will break down. In this paper, we propose a robust multi-authority based CP-ABE scheme for cloud storage, in which multiple authorities jointly manage the whole attribute set. In our proposed scheme, attribute associated keys can be distributed if and only if the active authorities involved in the procedure exceed a specified threshold (t). We further prove that our proposed scheme is secure and robust, which can tolerate less than t authorities being compromised or no more than n − t authorities being crashed, where n denotes the total number of authorities.
Similar content being viewed by others
References
Mansouri Y, Toosi AN, Buyya R (2017) Data storage management in cloud environments: Taxonomy, survey, and future directions. ACM Comput Surv 50(6):91
Hong J, Xue K, Gai N, et al. (2020) Service outsourcing in F2C architecture with attribute-based anonymous access control and bounded service number. IEEE Trans Depend Secure Comput 17(5):1051–1062
Mushtaq MF, Akram U, Khan I, Khan SN, Shahzad A, Ullah A (2017) Cloud computing environment and security challenges: A review. Int J Adv Comput Sci Appli 8(10)
Yu T, Winslett M (2003) A unified scheme for resource protection in automated trust negotiation. In: Proceedings of the 24th IEEE symposium on security and privacy(S&P’03). IEEE, pp 110–122
Harney H, Colgrove A, McDaniel P (2001) Principles of policy in secure groups. In: Proceedings of the 18th network & distributed system security symposium(NDSS2011). Internet society, pp 125–135
Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Futur Gener Comput Syst 28(3):583–592
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Proceedings of the 24th annual international conference on the theory and applications of cryptographic techniques(Eurocrypt2005). Springer, pp 457–473
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: Proceedings of the 29th annual international conference on the theory and applications of cryptographic techniques(Eurocrypt2013). Springer, pp 62–91
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM conference on computer and communications security(CCS07). ACM, pp 195–203
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security(CCS2006). ACM, pp 89–98
Attrapadung N, Libert B, Panafieu E (2011) Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Proceedings of the 14th IACR international conference on practice and theory in public key cryptography(PKC2011). Springer, pp 90–108
Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Proceedings of the 14th international conference on practice and theory in public key cryptography(PKC2011). Springer, pp 53–70
Gudeme JR, Pasupuleti SK, Kandukuri R (2020) Attribute-based public integrity auditing for shared data with efficient user revocation in cloud storage. J Ambient Intell Human Comput (2)
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th IEEE international conference on computer communications(INFOCOM2010). IEEE, pp 1–9
Zarandioon S, Yao D, Ganapathy V (2012) K2c: Cryptographic cloud storage with lazy revocation and anonymous access. In: Proceedings of the 8th international ICST conference on security and privacy in communication networks(secureCOMM2012). Springer, pp 59–76
Xue K, Hong J, Xue Y, et al. (2017) CABE: A new comparable attribute-based encryption construction with 0-encoding and 1-encoding. IEEE Trans Comput 66(9):1491–1503
Xue Y, Xue K, Gai N, et al. (2019) An attribute-based controlled collaborative access control scheme for public cloud storage. IEEE Trans Inform Forens Secur 14(11):2927–2942
Yao X, Lin Y, Liu Q, Zhang J (2018) Privacy-preserving search over encryted personal health record in multi-source cloud. IEEE Access 6:3809–3823
Ahuja R, Mohanty SK (2020) A scalable attribute-based access control scheme with flexible delegation cum sharing of access privileges for cloud storage. IEEE Trans Cloud Comput 8(1):32–44
Xue K, Chen W, Li W, et al. (2018) Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Trans Inform Forens Secur 13(8):2062–2074
Hong J, Xue K, Xue Y, et al. (2020) TAFC: Time And attribute factors combined access control for time-sensitive data in public cloud. IEEE Trans Serv Comput 13(1):158–171
Shiraishi TNM (2015) Attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating. Human-centric Comput Inform Sci
Arfaoui A, Cherkaoui S, Kribeche A (2019) Senouci Context-aware adaptive authentication and authorization in internet of things. In: ICC 2019-2019 IEEE international conference and communications (ICC). IEEE
Yang K, Jia X, Ren K, Zhang B, Xie R (2013) DAC-MACS: Effective Data access control for multi-authority cloud storage systems. IEEE Trans Inform Forens Secur 8(11):1790–1801
Wan Z, Liu J, Deng RH (2012) HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inform Forens Secur 7(2):743–754
Jung T, Li X-Y, Wan Z, Wan M (2013) Privacy preserving cloud data access with multi-authorities. In: Proceedings of the 32nd IEEE international conference on computer communications(INFOCOM2013). IEEE, pp 2625–2633
Li W, Xue K, Xue Y, Hong J (2016) TMACS: A robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parall Distribut Syst 27(5):1484–1496
Zhong H, Zhu W, Xu Y, Cui J (2016) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22:1–9, 09
Xue K, Xue Y, Hong J, et al. (2017) RAAC: Robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans Inform Forens Secur 12(4):953–967
Harn L, Lin C (2010) Strong (n, t, n) verifiable secret sharing scheme. Inf Sci 180(16):3059–3064
Pedersen TP (1991) A threshold cryptosystem without a trusted party. In: Proceedings of the 10th annual international conference on the theory and applications of cryptographic techniques(Eurocrypt1991). Springer, pp 522–526
Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613
Damgård I, Jurik M (2003) A length-flexible threshold cryptosystem with applications. In: Proceedings of the 8th Australasian conference on information security and privacy(ACISP’03). Springer, pp 350–364
Liu Z, Cao Z (2010) On efficiently transferring the linear secret-sharing scheme matrix in ciphertext-policy attribute-based encryption. IACR Cryptology ePrint Archive 2010:374
Funding
This work is supported in part by National Natural Science Foundation of China under Grant No. U1636115 and No. 61672534.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Special Issue on Privacy-Preserving Computing
Guest Editors: Kaiping Xue, Zhe Liu, Haojin Zhu, Miao Pan and David S.L. Wei
Rights and permissions
About this article
Cite this article
Gu, J., Shen, J. & Wang, B. A robust and secure multi-authority access control system for cloud storage. Peer-to-Peer Netw. Appl. 14, 1488–1499 (2021). https://doi.org/10.1007/s12083-020-01055-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-01055-5