TAFC: TIME AND ATTRIBUTE FACTORS COMBINED ACCESS CONTROL FOR TIME-SENSITIVE DATA IN PUBLIC CLOUD
ABSTRACT
The new paradigm of outsourcing data to the cloudis a double-edged sword. On the one hand, it frees data ownersfrom the technical management, and is easier for data owners toshare their data with intended users. On the other hand, it posesnew challenges on privacy and security protection. To protectdata confidentiality against the honest-but-curious cloud serviceprovider, numerous works have been proposed to support finegraineddata access control. However, till now, no schemes cansupport both fine-grained access control and time-sensitive datapublishing. In this paper, by embedding timed-release encryptioninto CP-ABE (Ciphertext-Policy Attribute-based Encryption),we propose a new time and attribute factors combined accesscontrol on time-sensitive data for public cloud storage (namedTAFC). Based on the proposed scheme, we further propose anefficient approach to design access policies faced with diverseaccess requirements for time-sensitive data. Extensive securityand performance analysis shows that our proposed scheme ishighly efficient and satisfies the security requirements for timesensitivedata storage in public cloud.
EXISTING SYSTEM:
Based on various cryptographic primitives, there have beennumerous works on secure data sharing in cloud storage.A these schemes, some aimed at protecting the integrityof the shared data, and some aimed at protectingthe confidentiality and access control of the data. In the area of data access control, attribute-basedencryption (ABE is utilized as a basic cryptographictechnique. These ABE-based access control schemes, ingeneral, can be divided into two main categories: key-policyABE (KP-ABE) based schemes, such as andciphertext-policy ABE (CP-ABE) based schemes, such as. The latter one is more suitable for achieving flexibleand fine-grained access control for the public cloud, in whicheach file is labelled with an access structure, and each userowes a security key embedded with a set of attributes.However, the existing ABE based schemes do not supportthe scenario where the access privilege of one file is required tobe respectively released to different sets of users after differenttime points, but needs only one time of the ciphertextupload.A trivial solution is to let the data owner him/herself retrievethe file, re-encrypt it under the new policy, and upload it againwhen the releasing time arrives. However, such solution bringsabout heavy burden of both communication and computationoverhead on the data owner. Goyal et al. and Yangetal.have proposed policy update methods forKP-ABE based and CP-ABE based schemes respectively. In if the data owner wants to release the accessprivilege to new sets of users, he/she does not need to reencryptand upload the whole file. Taking Yang’s scheme as an example, the data owner generates and sends apolicy update key to the cloud, and the cloud can re-encryptthe stored file. With the modification of access policy, newsets of users are able to access the file. However, Yang’sscheme have just discussed how to update the access structure,but not embedded the time factor into the access structure,which requires that the data owner must be online whenimplementing policy updating. Therefore, it is desperatelyneeded to devise an efficient scheme, in which the data ownercan designate all of the file’s future access policies when it isfirstencrypted.Towards this challenge, Timed-Release Encryption (TRE)becomes a promising primitive, in which, a trusted timeagent, instead of data owners, uniformly executes the timedreleasefunction. Such notion has been widely intergratedtomany scenarios. Yuan et al. [13] makes TRE be integratedto the searchable encryption scheme, in which the intendeduser is constrained to wait for a particular time to searchthe outsourced data. The combination of TRE and proxyencryptionwere proposed in cloud environment. TREalso helps achieve a conditional oblivious transfer scheme suchthat the access pattern is exposed after a specific time.In the scenario of data access control for public cloudstorage, some schemes that adopt the basic idea of TRE havebeenproposed .a proxy-encryption scheme for data sharing, where the data access privilegecan be accurately distributed to intended users who own acertain attribute set during a specific time period. The proposedscheme can well preserve data confidentiality. However, itcannot satisfy the requirement that users are constrained toaccess data after particular designated time. Androulakietal. [16] designed an approach to realize time-sensitive data
PROPOSED SYSTEM:
we propose an efficient time and attributefactors combined access control scheme, named TAFC, fortime-sensitive data in public cloud. Our scheme possessestwo important capabilities: 1) It inherits the property of finegranularity from CP-ABE; 2) By introducing the trapdoormechanism, it further retains the feature of timed release fromTRE. Note that in TAFC, the introduced trapdoor mechanismis only related to the time factor, and only one correspondingsecret needs to be published when exposing the related trapdoors.This makes our scheme highly efficient, which onlybrings about little overhead to the original CP-ABE basedscheme. We should address how to design an efficient accessstructure for arbitrary access privilege construction with bothtime and attribute factors, especially when an access policyembeds multiple access privilege releasing time points. As anextension of the previous conference version, we give thepotential sub-policies for time-sensitive data, and then presentan efficient and practical method to construct relevant accessstructures.The main contributions of this paper can be summarized asfollows:1) By integrating TRE and CP-ABE in public cloud storage,we propose an efficient scheme to realize secure finegrainedaccess control for time-sensitive data. In theproposed scheme, the data owner can autonomously designateintended users and their relevant access privilegereleasing time points. Besides realizing the function, it isproved that the negligible burden is upon owners, usersand the trusted CA.2) We present how to design access structure for any potentialtimed release access policy, especially embeddingmultiple releasing time points for different intended users.To the best of our knowledge, we are the first to study theapproach to design structures for general time-sensitiveaccess requirements.3) Furthermore, a rigorous security proof is given to validatethat the proposed scheme is secure and effective.
CONCLUSION
This paper aims at fine-grained access control for timesensitivedata in cloud storage. One challenge is to simultaneouslyachieve both flexible timed release and fine granularitywith lightweight overhead, which was not explored in existingworks. In this paper, we proposed a scheme to achieve thisgoal. Our scheme seamlessly incorporates the concept oftimed-release encryption to the architecture of ciphertextpolicyattribute-based encryption. With a suit of proposedmechanisms, this scheme provides data owners with the capabilityto flexibly release the access privilege to different usersat different time, according to a well-defined access policyover attributes and release time. We further studied accesspolicy design for all potential access requirements of timesensitive,through suitable placement of time trapdoors. Theanalysis shows that our scheme can preserve the confidentialityof time-sensitive data, with a lightweight overhead on both CAand data owners. It thus well suits the practical large-scaleaccess control system for cloud storage
REFERENCES
- Qin, H. Xiong, S. Wu, and J. Batamuliza, “A surveyof proxy re-encryption for secure data sharing in cloudcomputing,” IEEE Transactions on Services Computing,Avaliable online, 2016.
[2] F. Armknecht, J.-M.Bohli, G. O. Karame, and F. Youssef,“Transparent data deduplication in the cloud,” inProceedings of the 22nd ACM SIGSAC Conference onComputer and Communications Security, pp. 886–900,ACM, 2015.
[3] R. Masood, M. A. Shibli, Y. Ghazi, A. Kanwal, andA. Ali, “Cloud authorization: exploring techniques andapproach towards effective access control framework,”Frontiers of Computer Science, vol. 9, no. 2, pp. 297–321, 2015.
[4] K. Ren, C. Wang, and Q. Wang, “Security challengesfor the public cloud,” IEEE Internet Computing, vol. 16,no. 1, pp. 69–73, 2012.
[5] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertextpolicyattribute-based encryption,” in Proceedings of the28th IEEE Symposium on Security and Privacy (S&P’07), pp. 321–334, IEEE, 2007.
[6] Z. Wan, J. Liu, and R. H. Deng, “HASBE: A hierarchicalattribute-based solution for flexible and scalable accesscontrol in cloud computing,” IEEE Transactions on InformationForensics and Security, vol. 7, no. 2, pp. 743–754,2012.
[7] K. Yang, X. Jia, K. Ren, B. Zhang, and R. Xie, “DACMACS:Effective data access control for multi-authoritycloud storage systems,” IEEE Transactions on InformationForensics and Security, vol. 8, no. 11, pp. 1790–1801, 2013.
[8] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, “Scalableand secure sharing of personal health recordsin cloud computing using attribute-based encryption,”IEEE Transactions on Parallel and Distributed Systems,vol. 24, no. 1, pp. 131–143, 2013.
[9] E. Bertino, P. A. Bonatti, and E. Ferrari, “TRBAC: A