Abstract
As the hype of the evolution of cloud computing has become a real possibility in the modern day outsourcing scenarios, users can benefit from cloud computing by uploading documents into the cloud servers for sharing it among a group of legitimate users. But, though cloud is a viable present day option for elastic storage facilities, its security is still a grave concern. Hence, in order to improve the secure communication among group members, Zhu and Jiang have proposed a protocol and claimed that key distribution to the group users can be done without any secure communication channels. They have claimed that their scheme is resistant to collusion attack and all the other attacks, thereby ensuring forward and backward secrecies as well. Firstly, in this research work, after extensive analysis, we have identified several issues in the protocol proposed by Zhu and Jiang which make it vulnerable to various attacks. Secondly, we have proved that an attacker can use the man-in-the-middle attack and break the protocol thereby getting the secret keys shared between the group manager and the group user. Thirdly, we have given enough proof that the scheme is vulnerable to message modification attack too. Finally, we claim that the earlier proposed protocol is not secure and a new protocol with improved security is the need of the hour.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26
Alzahrani, A., Alalwan, N., Sarrab, M.: Mobile cloud computing: advantage, disadvantage and open challenge. In: Proceedings of the 7th International Conference on Euro American Association on Telematics and Information Systems (EATIS 2014) (2014). https://doi.org/10.1145/2590651.2590670
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of USENIX Conference File and Storage Technologies, pp. 29–42 (2003)
Buyya, R., Ranjan, R., Calheiros, R.N.: InterCloud: utility-oriented federation of cloud computing environments for scaling of application services. In: Hsu, C.-H., Yang, L.T., Park, J.H., Yeo, S.-S. (eds.) ICA3PP 2010. LNCS, vol. 6081, pp. 13–31. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13119-6_2
Zhang, X., Kunjithapatham, A., Jeong, S., Gibbs, S.: Towards an elastic application model for augmenting the computing capabilities of mobile devices with cloud computing. Mob. Netw. Appl. 16(3), 270–284 (2011). https://doi.org/10.1007/s11036-011-0305-7
Giurgiu, I., Riva, O., Juric, D., Krivulev, I., Alonso, G.: Calling the cloud: enabling mobile phones as interfaces to cloud applications. In: Bacon, J.M., Cooper, B.F. (eds.) Middleware 2009. LNCS, vol. 5896, pp. 83–102. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10445-9_5
Zhang, X., Jeong, S., Kunjithapatham, A., Gibbs, S.: Towards an elastic application model for augmenting computing capabilities of mobile platforms. In: Cai, Y., Magedanz, T., Li, M., Xia, J., Giannelli, C. (eds.) MOBILWARE 2010. LNICSSITE, vol. 48, pp. 161–174. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17758-3_12
Rahimi, M.R., Ren, J., Liu, C.H., Vasilakos, A.V., Venkatasubramanian, N.: Mobile cloud computing: a survey, state of art and future direction 19(2), 133–143 (2014). https://doi.org/10.1007/s11036-013-0477-4
Bakshi, A., Yogesh, B.: Securing cloud from DDoS attacks using intrusion detection system in virtual machine. In: Second International Conference on Communication Software and Networks, ICCSN 2010, pp. 260–264 (2010). https://doi.org/10.1109/ICCSN.2010.56
Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On technical security issues in cloud computing. In: IEEE Conference on Cloud Computing, CLOUD 2009, pp. 109–116 (2006). https://doi.org/10.1109/CLOUD.2009.60
Zhu, Z., Jiang, R.: A secure anti-collusion data sharing scheme for dynamic groups in the public cloud. IEEE Trans. Parallel Distrib. Syst. 27(1), 40–50 (2016). https://doi.org/10.1109/TPDS.2015.2388446
Goh, E., Shacham, H., Modadugu, N., Boneh, D.: Sirius: securing remote untrusted storage. In: Proceedings of Network and Distributed Systems Security Symposium (NDSS), pp. 131–145 (2003)
Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_16
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM Conference Computer and Communications Security (CCS), pp. 89–98 (2006). https://doi.org/10.1145/1180405.1180418
Lu, R., Lin, X., Liang, X., Shen, X.: Secure provenance: the essential of bread and butter of data forensics in cloud computing. In: Proceedings of ACM Symposium Information, Computer and Communication Security, pp. 282–292 (2010). https://doi.org/10.1145/1755688.1755723
Vijayakumar, P., Bose, S., Kannan, A.: Chinese remainder theorem based centralized group key management for secure multicast communication. J. IET Inf. Secur. 1–9 (2013). https://doi.org/10.1049/iet-ifs.2012.0352
Liu, X., Zhang, Y., Wang, B., Yan, J.: Mona: secure multi-owner data sharing for dynamic groups in the cloud. IEEE Trans. Parallel Distrib. Syst. 24(6), 1182–1191 (2013). https://doi.org/10.1109/TPDS.2012.331
Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013). https://doi.org/10.1109/TIFS.2013.2286456
Zou, X., Dai, Y., Bertino, E.: A practical and flexible key management mechanism for trusted collaborative computing. In: The 27th IEEE Conference on Computer Communications, INFOCOM 2008, pp. 1211–1219 (2008). https://doi.org/10.1109/INFOCOM.2008.102
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Milton Ganesh, S., Pandi, V., Jegatha Deborah, L., Bhuiyan, M.Z.A. (2017). Attacks on the Anti-collusion Data Sharing Scheme for Dynamic Groups in the Cloud. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_42
Download citation
DOI: https://doi.org/10.1007/978-3-319-72395-2_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72394-5
Online ISBN: 978-3-319-72395-2
eBook Packages: Computer ScienceComputer Science (R0)