×

Oblivious access control policies for cloud based data sharing systems. (English) Zbl 1253.68061

Summary: Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01-0.30 dollar per 1,000 requests.

MSC:

68M14 Distributed systems
68P20 Information storage and retrieval of data
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Amazon cloud drive–anything digital, securely stored, available anywhere. https://www.amazon.com/clouddrive/
[2] Dropbox–simplify your life. https://www.dropbox.com/
[3] Google app engine–run your web applications on google’s infrastructure. http://code.google.com/appengine/
[4] Google docs–create and share uour work online. http://www.google.com/google-d-s/b1.html
[5] The legion of the bouncy castle. http://www.bouncycastle.org/
[6] Microsoft office live–access, edit, and share documents from anywhere. http://www.officelive.com
[7] Windows live skydrive–online document storage and file sharing. http://www.windowslive.co.uk/skydrive
[8] Zoho–suite of online web applications. https://www.zoho.com/
[9] Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53:50–58. doi: 10.1145/1721654.1721672
[10] Brunette G, Mogull R, et al (2009) Security guidance for critical areas of focus in cloud computing. http://www.cloudsecurityalliance.org/csaguide.pdf
[11] Buyya R, Yeo CS, Venugopal S (2008) Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. In: Department of Computer Science and Software Engineering (CSSE), The University of Melbourne, Australia, pp 10–1016
[12] Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: vision, hype, and reality for delivering computing as the 5th utility. Elsevier Science Publishers B. V., Amsterdam, pp 599–616. doi: 10.1016/j.future.2008.12.001
[13] Cantor S, Kemp J, Philpott R, Maler E (2005) Assertions and protocols for the oasis security assertion markup language (saml) v2.0. http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
[14] Coull SE, Green M, Hohenberger S (2011) Access controls for oblivious and anonymous systems. ACM Trans Inf Syst Secur 14:10:1–10:28. doi: 10.1145/1952982.1952992
[15] Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T (1999) Spki certificate theory
[16] Freedman M, Nissim K, Pinkas B (2004) Efficient private matching and set intersection. Springer, New York, pp 1–19 · Zbl 1122.94416
[17] Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55(10):1259–1270 · doi:10.1109/TC.2006.158
[18] Geron E, Wool A (2007) Crust: cryptographic remote untrusted storage without public keys. In: Fourth international IEEE security in storage workshop, 2007. SISW ’07, pp 3–14. doi: 10.1109/SISW.2007.9
[19] Goh EJ, Shacham H, Modadugu N, Boneh D (2003) Sirius: securing remote untrusted storage. In: Proceedings of network and distributed systems security (NDSS) symposium 2003, pp 131–145. doi: 10.1.1.104.6458
[20] Goldreich O, Israel R, Dana T (1995) Foundations of cryptography
[21] Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06, ACM, New York, pp 89–98. doi: 10.1145/1180405.1180418
[22] Holt JE, Bradshaw RW, Seamons KE, Orman H (2003) Hidden credentials. In: Proceedings of the 2003 ACM workshop on privacy in the electronic society, WPES ’03. ACM, New York, pp 1–8. doi: 10.1145/1005140.1005142
[23] Housley R, Polk W, Ford W, Solo D (2002) Internet x.509 public key infrastructure. http://www.ietf.org/rfc/rfc3280.txt
[24] Kallahalla M, Riedel E, Swaminathan R, Wang Q, Fu K (2003) Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX conference on file and storage technologies. USENIX Association, Berkeley, pp 29–42. http://dl.acm.org/citation.cfm?id=1090694.1090698
[25] Kamara S, Lauter K (2010) Cryptographic cloud storage. In: Proceedings of the 14th international conference on financial cryptograpy and data security, FC’10. Springer, Berlin, pp 136–149. http://dl.acm.org/citation.cfm?id=1894863.1894876
[26] Kamara S, Papamanthou C, Roeder T (2011) Cs2: a searchable cryptographic cloud storage system. TechReport MSR-TR-2011-58, Microsoft Research
[27] Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Privacy 7:61–64. doi: 10.1109/MSP.2009.87
[28] Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Privacy 7:61–64. doi: 10.1109/MSP.2009.87
[29] Li J, Li N (2006) Oacerts: oblivious attribute certificates. IEEE Trans Dependable Secur Comput 3:340–352. doi: 10.1109/TDSC.2006.54 · Zbl 1126.68403
[30] Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy. IEEE Computer Society, Washington, p 114. http://dl.acm.org/citation.cfm?id=829514.830539
[31] Paillier P (1999) Public key cryptosystems based on composite degree residuosity classes. In: Proceedings of the 17th international conference on theory and application of cryptographic techniques, EUROCRYPT’99. Springer, Berlin, pp 223–238. http://dl.acm.org/citation.cfm?id=1756123.1756146 · Zbl 0933.94027
[32] Paillier P (2000) Trapdooring discrete logarithms on elliptic curves over rings. In: Proceedings of the 6th international conference on the theory and application of cryptology and information security: advances in cryptology, ASIACRYPT’00. Springer, London, pp 573–584. http://dl.acm.org/citation.cfm?id=647096.716885 · Zbl 0974.94022
[33] Pearson S (2009) Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, CLOUD ’09. IEEE Computer Society, Washington, DC, pp 44–52. doi: 10.1109/CLOUD.2009.5071532
[34] Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security, CCS ’09. ACM, New York, pp 199–212. doi: 10.1145/1653662.1653687
[35] Vimercati SDCd, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007) Over-encryption: management of access control evolution on outsourced data. In: VLDB, pp 123–134 (2007)
[36] Samarati P, Vimercati SDCd (2001) Access control: policies, models, and mechanisms. In: Revised versions of lectures given during the IFIP WG 1.7. International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures, FOSAD’00. Springer, London, pp 137–196 (2001). http://dl.acm.org/citation.cfm?id=646206.683112
[37] Singh A, Liu L (2008) Sharoes: a data sharing platform for outsourced enterprise storage environments. In: IEEE 24th international conference on data engineering, 2008, ICDE 2008, pp 993–1002. doi: 10.1109/ICDE.2008.4497508
[38] Sun J, Zhu X, Fang Y (2010) A privacy-preserving scheme for online social networks with efficient revocation. In: 2010 Proceedings IEEE, INFOCOM, pp 1–9 (2010). doi: 10.1109/INFCOM.2010.5462080
[39] Tang Y, Lee PPC, Lui JCS, Perlman R (2010) Fade: secure overlay cloud storage with file assured deletion. In: SecureComm, pp 380–397
[40] Wang W, Li Z, Owens R, Bhargava B (2009) Secure and efficient access to outsourced data. In: Proceedings of the 2009 ACM workshop on cloud computing security, CCSW’09. ACM, New York, pp 55–66. doi: 10.1145/1655008.1655016
[41] Yao J, Chen S, Nepal S, Levy D, Zic J (2010) Truststore: making amazon s3 trustworthy with services composition. In: 2010 10th IEEE/ACM international conference on cluster, cloud and grid computing (CCGrid), pp 600–605 (2010). doi: 10.1109/CCGRID.2010.17
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.