A robust and secure multi-authority access control system for cloud storage

Abstract

Ciphertext-Policy Attribute-based Encryption (CP-ABE) is regarded as an ideal technique for data access control in cloud storage platform. The traditional CP-ABE requires only one trusted authority to manage the whole attribute set and issue associated keys. However, it makes the only-one-authority become a high-risk entity of the system: When the authority is compromised or crashed, the system will break down. In this paper, we propose a robust multi-authority based CP-ABE scheme for cloud storage, in which multiple authorities jointly manage the whole attribute set. In our proposed scheme, attribute associated keys can be distributed if and only if the active authorities involved in the procedure exceed a specified threshold (t). We further prove that our proposed scheme is secure and robust, which can tolerate less than t authorities being compromised or no more than nt authorities being crashed, where n denotes the total number of authorities.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

References

  1. 1.

    Mansouri Y, Toosi AN, Buyya R (2017) Data storage management in cloud environments: Taxonomy, survey, and future directions. ACM Comput Surv 50(6):91

    Google Scholar 

  2. 2.

    Hong J, Xue K, Gai N, et al. (2020) Service outsourcing in F2C architecture with attribute-based anonymous access control and bounded service number. IEEE Trans Depend Secure Comput 17(5):1051–1062

    Article  Google Scholar 

  3. 3.

    Mushtaq MF, Akram U, Khan I, Khan SN, Shahzad A, Ullah A (2017) Cloud computing environment and security challenges: A review. Int J Adv Comput Sci Appli 8(10)

  4. 4.

    Yu T, Winslett M (2003) A unified scheme for resource protection in automated trust negotiation. In: Proceedings of the 24th IEEE symposium on security and privacy(S&P’03). IEEE, pp 110–122

  5. 5.

    Harney H, Colgrove A, McDaniel P (2001) Principles of policy in secure groups. In: Proceedings of the 18th network & distributed system security symposium(NDSS2011). Internet society, pp 125–135

  6. 6.

    Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Futur Gener Comput Syst 28(3):583–592

    Article  Google Scholar 

  7. 7.

    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Proceedings of the 24th annual international conference on the theory and applications of cryptographic techniques(Eurocrypt2005). Springer, pp 457–473

  8. 8.

    Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: Proceedings of the 29th annual international conference on the theory and applications of cryptographic techniques(Eurocrypt2013). Springer, pp 62–91

  9. 9.

    Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM conference on computer and communications security(CCS07). ACM, pp 195–203

  10. 10.

    Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security(CCS2006). ACM, pp 89–98

  11. 11.

    Attrapadung N, Libert B, Panafieu E (2011) Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Proceedings of the 14th IACR international conference on practice and theory in public key cryptography(PKC2011). Springer, pp 90–108

  12. 12.

    Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Proceedings of the 14th international conference on practice and theory in public key cryptography(PKC2011). Springer, pp 53–70

  13. 13.

    Gudeme JR, Pasupuleti SK, Kandukuri R (2020) Attribute-based public integrity auditing for shared data with efficient user revocation in cloud storage. J Ambient Intell Human Comput (2)

  14. 14.

    Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th IEEE international conference on computer communications(INFOCOM2010). IEEE, pp 1–9

  15. 15.

    Zarandioon S, Yao D, Ganapathy V (2012) K2c: Cryptographic cloud storage with lazy revocation and anonymous access. In: Proceedings of the 8th international ICST conference on security and privacy in communication networks(secureCOMM2012). Springer, pp 59–76

  16. 16.

    Xue K, Hong J, Xue Y, et al. (2017) CABE: A new comparable attribute-based encryption construction with 0-encoding and 1-encoding. IEEE Trans Comput 66(9):1491–1503

    MathSciNet  Article  Google Scholar 

  17. 17.

    Xue Y, Xue K, Gai N, et al. (2019) An attribute-based controlled collaborative access control scheme for public cloud storage. IEEE Trans Inform Forens Secur 14(11):2927–2942

    Article  Google Scholar 

  18. 18.

    Yao X, Lin Y, Liu Q, Zhang J (2018) Privacy-preserving search over encryted personal health record in multi-source cloud. IEEE Access 6:3809–3823

    Article  Google Scholar 

  19. 19.

    Ahuja R, Mohanty SK (2020) A scalable attribute-based access control scheme with flexible delegation cum sharing of access privileges for cloud storage. IEEE Trans Cloud Comput 8(1):32–44

    Article  Google Scholar 

  20. 20.

    Xue K, Chen W, Li W, et al. (2018) Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Trans Inform Forens Secur 13(8):2062–2074

    Article  Google Scholar 

  21. 21.

    Hong J, Xue K, Xue Y, et al. (2020) TAFC: Time And attribute factors combined access control for time-sensitive data in public cloud. IEEE Trans Serv Comput 13(1):158–171

    MathSciNet  Article  Google Scholar 

  22. 22.

    Shiraishi TNM (2015) Attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating. Human-centric Comput Inform Sci

  23. 23.

    Arfaoui A, Cherkaoui S, Kribeche A (2019) Senouci Context-aware adaptive authentication and authorization in internet of things. In: ICC 2019-2019 IEEE international conference and communications (ICC). IEEE

  24. 24.

    Yang K, Jia X, Ren K, Zhang B, Xie R (2013) DAC-MACS: Effective Data access control for multi-authority cloud storage systems. IEEE Trans Inform Forens Secur 8(11):1790–1801

    Article  Google Scholar 

  25. 25.

    Wan Z, Liu J, Deng RH (2012) HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inform Forens Secur 7(2):743–754

    Article  Google Scholar 

  26. 26.

    Jung T, Li X-Y, Wan Z, Wan M (2013) Privacy preserving cloud data access with multi-authorities. In: Proceedings of the 32nd IEEE international conference on computer communications(INFOCOM2013). IEEE, pp 2625–2633

  27. 27.

    Li W, Xue K, Xue Y, Hong J (2016) TMACS: A robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parall Distribut Syst 27(5):1484–1496

    Article  Google Scholar 

  28. 28.

    Zhong H, Zhu W, Xu Y, Cui J (2016) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22:1–9, 09

    MATH  Google Scholar 

  29. 29.

    Xue K, Xue Y, Hong J, et al. (2017) RAAC: Robust and auditable access control with multiple attribute authorities for public cloud storage. IEEE Trans Inform Forens Secur 12(4):953–967

    Article  Google Scholar 

  30. 30.

    Harn L, Lin C (2010) Strong (n, t, n) verifiable secret sharing scheme. Inf Sci 180(16):3059–3064

    MathSciNet  Article  Google Scholar 

  31. 31.

    Pedersen TP (1991) A threshold cryptosystem without a trusted party. In: Proceedings of the 10th annual international conference on the theory and applications of cryptographic techniques(Eurocrypt1991). Springer, pp 522–526

  32. 32.

    Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613

    MathSciNet  Article  Google Scholar 

  33. 33.

    Damgård I, Jurik M (2003) A length-flexible threshold cryptosystem with applications. In: Proceedings of the 8th Australasian conference on information security and privacy(ACISP’03). Springer, pp 350–364

  34. 34.

    Liu Z, Cao Z (2010) On efficiently transferring the linear secret-sharing scheme matrix in ciphertext-policy attribute-based encryption. IACR Cryptology ePrint Archive 2010:374

    Google Scholar 

Download references

Funding

This work is supported in part by National Natural Science Foundation of China under Grant No. U1636115 and No. 61672534.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Jin Gu.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article belongs to the Topical Collection: Special Issue on Privacy-Preserving Computing

Guest Editors: Kaiping Xue, Zhe Liu, Haojin Zhu, Miao Pan and David S.L. Wei

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Gu, J., Shen, J. & Wang, B. A robust and secure multi-authority access control system for cloud storage. Peer-to-Peer Netw. Appl. (2021). https://doi.org/10.1007/s12083-020-01055-5

Download citation

Keywords

  • Cloud Storage
  • Multi-Authority Access Control
  • Cloud Security