TAFC: TIME AND ATTRIBUTE FACTORS COMBINED ACCESS CONTROL FOR TIME-SENSITIVE DATA IN PUBLIC CLOUD
ABSTRACT
The new paradigm of outsourcing data to the cloudis a double-edged sword. On the one hand, it frees data ownersfrom the technical management, and is easier for data owners toshare their data with intended users. On the other hand, it posesnew challenges on privacy and security protection. To protectdata confidentiality against the honest-but-curious cloud serviceprovider, numerous works have been proposed to support finegraineddata access control. However, till now, no schemes cansupport both fine-grained access control and time-sensitive datapublishing. In this paper, by embedding timed-release encryptioninto CP-ABE (Ciphertext-Policy Attribute-based Encryption),we propose a new time and attribute factors combined accesscontrol on time-sensitive data for public cloud storage (namedTAFC). Based on the proposed scheme, we further propose anefficient approach to design access policies faced with diverseaccess requirements for time-sensitive data. Extensive securityand performance analysis shows that our proposed scheme ishighly efficient and satisfies the security requirements for timesensitivedata storage in public cloud.
EXISTING SYSTEM:
Based on various cryptographic primitives, there have beennumerous works on secure data sharing in cloud storage.A these schemes, some aimed at protecting the integrityof the shared data, and some aimed at protectingthe confidentiality and access control of the data. In the area of data access control, attribute-basedencryption (ABE) is utilized as a basic cryptographictechnique. These ABE-based access control schemes, ingeneral, can be divided into two main categories: key-policyABE (KP-ABE) based schemes, such as ; andciphertext-policy ABE (CP-ABE) based schemes , such as. The latter one is more suitable for achieving flexibleand fine-grained access control for the public cloud, in whicheach file is labelled with an access structure, and each userowes a security key embedded with a set of attributes.However, the existing ABE based schemes do not supportthe scenario where the access privilege of one file is required tobe respectively released to different sets of users after differenttime points, but needs only one time of the ciphertext upload.A trivial solution is to let the data owner him/herself retrievethe file, re-encrypt it under the new policy, and upload it againwhen the releasing time arrives. However, such solution bringsabout heavy burden of both communication and computationoverhead on the data owner. Goyal et al. and Yang
PROPOSED SYSTEM:
The main contributions of this paper can be summarized asfollows:1) By integrating TRE and CP-ABE in public cloud storage,we propose an efficient scheme to realize secure finegrainedaccess control for time-sensitive data. In theproposed scheme, the data owner can autonomously designateintended users and their relevant access privilegereleasing time points. Besides realizing the function, it isproved that the negligible burden is upon owners, usersand the trusted CA.2) We present how to design access structure for any potentialtimed release access policy, especially embeddingmultiple releasing time points for different intended users.To the best of our knowledge, we are the first to study theapproach to design structures for general time-sensitiveaccess requirements.3) Furthermore, a rigorous security proof is given to validatethat the proposed scheme is secure and effective.
CONCLUSION
This paper aims at fine-grained access control for timesensitivedata in cloud storage. One challenge is to simultaneouslyachieve both flexible timed release and fine granularitywith lightweight overhead, which was not explored in existingworks. In this paper, we proposed a scheme to achieve thisgoal. Our scheme seamlessly incorporates the concept oftimed-release encryption to the architecture of ciphertextpolicyattribute-based encryption. With a suit of proposedmechanisms, this scheme provides data owners with the capabilityto flexibly release the access privilege to different usersat different time, according to a well-defined access policyover attributes and release time. We further studied accesspolicy design for all potential access requirements of timesensitive,through suitable placement of time trapdoors. Theanalysis shows that our scheme can preserve the confidentialityof time-sensitive data, with a lightweight overhead on both CAand data owners. It thus well suits the practical large-scaleaccess control system for cloud storage.
REFERENCES
[1] Z. Qin, H. Xiong, S. Wu, and J. Batamuliza, “A surveyof proxy re-encryption for secure data sharing in cloudcomputing,” IEEE Transactions on Services Computing,Avaliable online, 2016.
[2] F. Armknecht, J.-M. Bohli, G. O. Karame, and F. Youssef,“Transparent data deduplication in the cloud,” inProceedings of the 22nd ACM SIGSAC Conference onComputer and Communications Security, pp. 886–900,ACM, 2015.
[3] R. Masood, M. A. Shibli, Y. Ghazi, A. Kanwal, andA. Ali, “Cloud authorization: exploring techniques andapproach towards effective access control framework,”Frontiers of Computer Science, vol. 9, no. 2, pp. 297–321, 2015.
[4] K. Ren, C. Wang, and Q. Wang, “Security challengesfor the public cloud,” IEEE Internet Computing, vol. 16,no. 1, pp. 69–73, 2012.
[5] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertextpolicyattribute-based encryption,” in Proceedings of the28th IEEE Symposium on Security and Privacy (S&P’07), pp. 321–334, IEEE, 2007.
[6] Z. Wan, J. Liu, and R. H. Deng, “HASBE: A hierarchicalattribute-based solution for flexible and scalable accesscontrol in cloud computing,” IEEE Transactions on InformationForensics and Security, vol. 7, no. 2, pp. 743–754,2012.