A cloud storage access scheme with security proxy based on attribute mapping node

doi:10.3969/j.issn.0253-2778.2017.04.004

Abstract

Abstract: With the development of mobile technology, more and more people use cloud storage to back up their local data. The cloud platforms provide cheap and convenient data storage services while there are serious data security problems, especially the ciphertext data access control being totally dependent on the cloud provider. An advanced CP-ABE scheme based on mapping nodes was presented to prevent illegal access from unauthorized users or partially trusted cloud storage providers. In order to guarantee the security of cloud data in open environment, Key Generation Center and Security Proxy are introduced to separate the data service and security service in the access scheme. Experimental results show that the proposed attribute management scheme is capable of separating the secret key from data service at a low computational cost, showing great potential for applications.

Key words: cloud storage, security proxy, attribute encryption, CP-ABE, node mapping

CLC Number:

TP393

LI Huakang, LIU Pan, YANG Yitao, SUN Guozi. A cloud storage access scheme with security proxy based on attribute mapping node[J]. Journal of University of Science and Technology of China, 2017, 47(4): 304-310.

References

［1］
苏金树, 曹丹, 王小峰, 等. 属性基加密机制[J]. 软件学报, 2011, 22(6): 1299-1315.
SU Jinshu, CAO Dan, WANG Xiao, et al. Attribute-based encryption schemes[J]. Journal of Software, 2011, 22(6): 1299-1315.
[2] YAO J H, CHEN S P, NEPAL S, et al. TrustStore: Making Amazon s3 trustworthy with services composition[C]// Proceedings of the 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing. Melbourne, Australia: IEEE Computer Society, 2010: 600-605.
[3] SONG D X, WAGNER D, PERRIG A. Practical techniques for searches on encrypted data[C]// Proceedings of the IEEE Symposium on Security and Privacy. Berkeley, USA: IEEE Press, 2000: 44-55.
[4] SWAMINATHAN A, MAO Y N, SU G M, et al. Confidentiality-preserving rank-ordered search[C]// Proceedings of the ACM workshop on Storage Security and Survivability. Alexandria, USA: ACM Press, 2007: 7-12.
[5] 黄永峰, 张久岭, 李星. 云存储应用中的加密存储及其检索技术[J]. 中兴通讯技术, 2010, 16(4): 33-35.
HUANG Yongfeng, ZHANG Jiuling, LI Xing. Encrypted storage and its retrieval in cloud storage applications[J]. ZTE Communications, 2010, 16(4): 33-35.
[6] LIANG K T, SUSILO W. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(9): 1981-1992.
[7] AKL S G, TAYLOR P D. Cryptographic solution to a multilevel security problem[C]// Proceedings of CRYPTO’82. Santa Barbara, USA: Springer, 1983: 237-249.
[8] AKL S G, TAYLOR P D. Cryptographic solution to a problem of access control in a hierarchy[J]. ACM Transactions on Computer Systems, 2012, 20(3): 251-261.
[9] YANG K, JIA X H. Attributed-based access control for multi-authority systems in cloud storage[C]// Proceedings of the 32nd International Conference on Distributed Computing Systems. Macau, China: IEEE Press, 2012: 536-545.
[10] 刘占斌, 刘虹, 火一莽. 云计算中基于密文策略属性基加密的数据访问控制协议[J]. 信息网络安全, 2014, (7): 57-60.
LIU Zhanbin, LIU Hong, HUO Yi. Data access control protocol for the cloud computing based on ciphertext-policy attribute based encryption (CP-ABE)[J]. Netinfo Security, 2014, (7): 57-60.
[11] SAHAI A, WATERS B. Fuzzy identity-based encryption[A]// Advances in Cryptology–EUROCRYPT 2005[M]. Berlin Heidelberg: Springer, 2005: 457-473.
[12] YU S C, WANG C, REN K, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]// Proceedings of the 29th conference on Information communications. San Diego, USA: IEEE Press. 2010: 534-542.
[13] WAN Z, LIU J, DENG R H. HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(2): 743-754.
[14] LIU C W, HSIEN W F, YANG C C, et al. A survey of attribute-based access control with user revocation in cloud data storage[J]. International Journal of Network Security, 2016, 18(5): 900-916.
[15] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]// Proceedings of the IEEE Symposium on Security and Privacy. Berkeley, USA: IEEE Press, 2007: 321-334.
[16] Waters B. Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization[A]// Public Key Cryptography–PKC[M]. Berlin Heidelberg: Springer, 2011: 53-70.
[17] DAZA V, HERRANZ J, MORILLO P, et al. Extensions of access structures and their cryptographic applications[J]. Applicable Algebra in Engineering, Communication and Computing, 2010, 21(4): 257-284.
[18] Emura K, Miyaji A, Nomura A, et al. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[A]// Information Security Practice and Experience[M]. Berlin, Heidelberg: Springer, 2009: 13-23.
[19] 程思嘉, 张昌宏, 潘帅卿. 基于CP-ABE算法的云存储数据访问控制方案设计[J]. 信息网络安全, 2016, (2): 1-6.
CHENG Sijia, ZHANG Changhong, PAN Shuaiqing. Design on data access control scheme for cloud storage based on CP-ABE algorithm[J]. Netinfo Security, 2016, (2): 1-6.