Mechanism for Secure Content Publishing for Reporting Platform Hosted on Public Could Infrastructure
Cloud computing works on various service models like SaaS, PaaS, IaaS. The enterprises can outsource data and computation to cloud and benefit from cloud computing unique attributes. This paradigm also brings forth many challenges for data security and access control. A reporting platform is software which allows users to access content within it. The content hosted on reporting platform is developed by content publishers who are worried about intellectual property rights and content protection. The content contains data configuration information as well as database access query (sql-query) that needs to be run against a database. Upon request from user, the reporting platform connects to a database and executes the content and returns the transformed output. Later the outcome is formatted to user understandable format and delivered to user. When the reporting platform is deployed on public cloud environment one needs to provide stringent security for data in rest and in motion. The different entities accessing the content may reside in an untrusted domain and some of the parties (viz. database provider) may reside in a different enterprise cloud and needs to be accessed while serving the user request. In this work, we propose a generic scheme to enable content protection and fine-grained access control of the published data and protecting the data even from cloud providers. One unique problem for which we provide a solution is that the data confidentiality is ensured even when some computation is required on the content in cloud environment.
KeywordsCloud Computing Access Structure Cloud Provider Public Cloud Homomorphic Encryption
Unable to display preview. Download preview PDF.
- 1.Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)Google Scholar
- 2.Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)Google Scholar
- 3.Yu, S., Wang, C., Ren, K., Lou, W.: Achieving Secure, Scalable and Fine-grained Data Access Control in Cloud Computing. In: IEEE INFOCOM 2010 (2010)Google Scholar
- 4.Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In: ACM Conference on Computer and Communications Security (2006)Google Scholar
- 5.Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010)Google Scholar
- 6.Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proc. ACM Conference on Computer and Communications SecurityGoogle Scholar
- 7.Gentry, C.: A fully Homomorphic encryption scheme. Stanford University (September 2009)Google Scholar
- 8.Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Proc. of IEEE Symposium on S&P (2007)Google Scholar
- 9.Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: Protecting Confidentiality with Encrypted Query Processing. In: MIT CSAILGoogle Scholar
- 10.Wang, C., Liu, Y.: A Secure and Efficient Key-Policy Attribute Based Key Encryption Scheme. In: 1st International Conference on Information Science and Engineering (ICISE26)Google Scholar