A LIGHTWEIGHT SECURE DATA SHARING SCHEME FOR MOBILE CLOUD COMPUTING
ABSTRACT
With the popularity of cloud computing, mobile devices can store/retrieve personal data from anywhere at any time.Consequently, the data security problem in mobile cloud becomes more and more severe and prevents further development ofmobile cloud. There are substantial studies that have been conducted to improve the cloud security. However, most of them arenot applicable for mobile cloud since mobile devices only have limited computing resources and power. Solutions with low computational overhead are in great need for mobile cloud applications. In this paper, we propose a lightweight data sharingscheme (LDSS) for mobile cloud computing. It adopts CP-ABE, an access control technology used in normal cloud environment,but changes the structure of access control tree to make it suitable for mobile cloud environments. LDSS moves a large portionof the computational intensive access control tree transformation in CP-ABE from mobile devices to external proxy servers.Furthermore, to reduce the user revocation cost, it introduces attribute description fields to implement lazy-revocation, which isa thorny issue in program based CP-ABE systems. The experimental results show that LDSS can effectively reduce theoverhead on the mobile device side when users are sharing data in mobile cloud environments.
PROPOSED SYSTEM:
The main contributions of LDSS are as follows:(1) We design an algorithm called LDSS-CP-ABE based on Attribute-Based Encryption (ABE) method to offerefficient access control over ciphertext. (2) We use proxy servers for encryption anddecryption operations. In our approach, computationalintensive operations in ABE are conducted on proxyservers, which greatly reduce the computationaloverhead on client side mobile devices. Meanwhile, inLDSS-CP-ABE, in order to maintain data privacy, aversion attribute is also added to the access structure. Thedecryption key format is modified so that it can be sent tothe proxy servers in a secure way. (3) We introduce lazy re-encryption and descriptionfield of attributes to reduce the revocation overhead whendealing with the user revocation problem. (4) Finally, we implement a data sharing prototypeframework based on LDSS. The experiments show thatLDSS can greatly reduce the overhead on the client side,which only introduces a minimal additional cost on theserver side. Such an approach is beneficial to implement arealistic data sharing security scheme on mobile devices.The results also show that LDSS has better performancecompared to the existing ABE based access controlschemes over ciphertext.
EXISTING SYSTEM:
In this section, we focus on the works of ciphertext accesscontrol schemes which are closely related to our research. Access control is an important mechanism of dataprivacy protection to ensure that data can only beacquired by legitimate users. There has been substantialresearch on the issues of data access control in the cloud, mostly focusing on access control over ciphertext. Typically, the cloud is considered honest and curious.Sensitive data has to be encrypted before sending to thecloud. User authorization is achieved through keydistribution. The research can be generally divided intofour areas: simple ciphertext access control, hierarchicalaccess control, access control based on fullyhomomorphic encryption and access control basedon attribute-based encryption (ABE). Simple ciphertext access control refers to that after datafile encryption, the encryption keys are distributed in asecure way to achieve authorization for trusted users.To reduce the overhead of massive user key distribution,Skillen and Mannan designed a system calledMobiflage that enables PDE (plausibly deniableencryption) on mobile devices by hiding encryptedvolumes via random data on a device’s external storage.However, the system needs to obtain large amount ofinformation of keys.borrows the access controlmethod used in conventional distributed storage, separating users into different groupsaccording to access rights and assign different keys togroups. This reduces the overhead of key management,but it cannot satisfy the demand for fine-grained accesscontrol. Hierarchical access control has good performance inreducing the overhead of key distribution in ciphertextaccess control. As a result, there are substantialresearch on ciphertext access control basedon hierarchical access control method. In hierarchicalaccess control method, keys can be derived from privatekeys and a public token table. However, the operation ontoken table is complicated and generates high cost.Besides, the token table is stored in the cloud. Its privacyand security cannot be guaranteed .
CONCLUSION AND FUTURE WORK
In recent years, many studies on access control in cloudare based on attribute-based encryption algorithm (ABE).However, traditional ABE is not suitable for mobile cloudbecause it is computationally intensive and mobiledevices only have limited resources. In this paper, wepropose LDSS to address this issue. It introduces a novelLDSS-CP-ABE algorithm to migrate major computationoverhead from mobile devices onto proxy servers, thus itcan solve the secure data sharing problem in mobile cloud.The experimental results show that LDSS can ensure dataprivacy in mobile cloud and reduce the overhead onusers’ side in mobile cloud. In the future work, we willdesign new approaches to ensure data integrity. Tofurther tap the potential of mobile cloud, we will alsostudy how to do ciphertext retrieval over existing datasharing schemes.
REFERENCES
[1] Gentry C, Halevi S. Implementing gentry’s fully-homomorphicencryption scheme. in: Advances in Cryptology–EUROCRYPT2011. Berlin, Heidelberg: Springer press, pp. 129-148, 2011.
[2] Brakerski Z, Vaikuntanathan V. Efficient fully homomorphicencryption from (standard) LWE. in: Proceeding of IEEESymposium on Foundations of Computer Science. California,USA: IEEE press, pp. 97-106, Oct. 2011.
[3] Qihua Wang, Hongxia Jin. “Data leakage mitigation fordiscertionary access control in collaboration clouds”. the 16thACM Symposium on Access Control Models and Technologies(SACMAT), pp.103-122, Jun. 2011.
[4] Adam Skillen and Mohammad Mannan. On ImplementingDeniable Storage Encryption for Mobile Devices. the 20thAnnual Network and Distributed System Security Symposium(NDSS), Feb. 2013.
[5] Wang W, Li Z, Owens R, et al. Secure and efficient access tooutsourced data. in: Proceedings of the 2009 ACM workshop onCloud computing security. Chicago, USA: ACM pp. 55-66, 2009.
[6] Maheshwari U, Vingralek R, Shapiro W. How to build a trusteddatabase system on untrusted storage. in: Proceedings of the4th conference on Symposium on Operating System Design &Implementation-Volume 4. USENIX Association, pp. 10-12,2000.
[7] Kan Yang, Xiaohua Jia, Kui Ren: Attribute-based fine-grainedaccess control with efficient revocation in cloud storage systems.ASIACCS 2013, pp. 523-528, 2013.
[8] Crampton J, Martin K, Wild P. On key assignment forhierarchical access control. in: Computer Security FoundationsWorkshop. IEEE press, pp. 14-111, 2006.
[9] Shi E, Bethencourt J, Chan T H H, et al. Multi-dimensionalrange query over encrypted data. in: Proceedings ofSymposium on Security and Privacy (SP), IEEE press, 2007. 350364
[10] Cong Wang, Kui Ren, Shucheng Yu, and Karthik MahendraRaje Urs. Achieving Usable and Privacy-assured SimilaritySearch over Outsourced Cloud Data. IEEE INFOCOM 2012,Orlando, Florida, March 25-30, 2012