Server-aided access control for cloud computing

doi:10.11959/j.issn.2096-109x.2016.00104

网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (10): 58-76.doi: 10.11959/j.issn.2096-109x.2016.00104

• 学术论文 • 上一篇

Server-aided access control for cloud computing

WENG Jian(),WENG Jia-si,LIUJia-nan,HOU Lin

College of Information Science and Technology,Jinan University,Guangzhou 510632,China

修回日期:2016-08-23 出版日期:2016-10-01 发布日期:2020-03-17
作者简介:WENG Jian(1976-),born in Guangdong.In 2008,he received his Ph.D.degree in Computer Science and Engineering from Shanghai Jiaotong University.Currently,he is a professor and vice dean with the School of Information Technology,Jinan University.His research interests include cryptography and information security.|WENG Jiasi(1994-),born in Guangdong.She is a master in Jinan University.Her research interests include cryptography and information security.|LIU Jianan(1992-),born in Henan.He is a Ph.D student in Jinan University.His research interests include cryptography and information security.|HOU Lin (1991-),born in Hubei.She is a Ph.D student in Jinnan University.Her research interests include cryptography and information security.
基金资助:
The National Natural Science Foundation of China(61272413);The National Natural Science Foundation of China(61472165)

Revised:2016-08-23 Online:2016-10-01 Published:2020-03-17

摘要/Abstract

摘要：

With the massive diffusion of cloud computing,more and more sensitive data is being centralized into the cloud for sharing,which brings forth new challenges for the security and privacy of outsourced data.To address these challenges,the server-aided access control (SAAC) system was proposed.The SAAC system builds upon a variant of conditional proxy re-encryption (CPRE) named threshold conditional proxy re-encryption (TCPRE).In TCPRE,t out of n proxies can re-encrypt ciphertexts (satisfying some specified conditions) for the delegator (while up to t?1 proxies cannot),and the correctness of the re-encrypted ciphertexts can be publicly verified.Both features guarantee the trust and reliability on the proxies deployed in the SAAC system.The security models for TCPRE were formalized,several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.

关键词: threshold conditional proxy re-encryption, server-aided access control, cloud computing, chosen-ciphertext attack

WENG Jian,WENG Jia-si,LIUJia-nan,HOU Lin. Server-aided access control for cloud computing[J]. 网络与信息安全学报, 2016, 2(10): 58-76.

图/表 5

Table1

Figure1

Figure2

Table2

Computational overhead in SAAC"

Phase	Computational overhead
System step	sE _G
File storage	3 P+ $E_{G_{T}}$ ₁\| \|T E_G+G +ξ f
File access	5 _G nE (file owner)
	3 _G E (access controller server)
	2 ( 1) ₂\| \| $E_{G_{T}}$ tP+ t++ξ f (file user)

Table2

Figure3

参考文献 29

[1]	BLAZE M , BLEUMER G , STRAUSS M . Divertible protocols and atomic proxy cryptography[C]// The International Conference on the Theory and Applications of Cryptographic Techniques. Berlin Heidelberg, 1998: 127-144.
[2]	WENG J , DENG R H , DING X ,et al. Conditional proxy re-encryption secure against chosen-ciphertext attack[C]// The 4th International Symposium on Information,Computer,and Communications Security,ACM. 2009: 322-332.
[3]	TANG Q , . Type-based proxy re-encryption and its construction[C]// The International Conference on Cryptology in India. 2008: 130-144.
[4]	VRABLE M , SAVAGE S , VOELKER G M . Cumulus:filesystem backup to the cloud[J]. ACM Transactions on Storage (TOS), 2009,5(4):14.
[5]	ATENIESE G , FU K , GREEN M ,et al. Improved proxy re-encryption schemes with applications to secure distributed storage[J]. ACM Transactions on Information and System Security (TISSEC), 2006,9(1): 1-30.
[6]	LI J , CHEN X , LI J ,et al. Fine-grained access control system based on outsourced attribute-based encryption[C]// European Symposium on Research in Computer Security. 2013: 592-609.
[7]	SHAMIR A . How to share a secret[J]. Communications of the ACM, 1979,22(11): 612-613.
[8]	BONEH D , BOYEN X , GOH E J . Hierarchical identity based encryption with constant size ciphertext[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2005: 440-456.
[9]	Final report on main computational assumptions in cryptography[EB/OL]..2013
[10]	CORON J S , . On the exact security of full domain hash[C]// Annual International Cryptology Conference. 2000: 229-235.
[11]	Pairing-based cryptography library[EB/OL]..2013
[12]	MAMBO M , OKAMOTO E . Proxy cryptosystems:delegation of the power to decrypt ciphertexts[J]. IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences, 1997,80(1): 54-63.
[13]	CANETTI R , HOHENBERGER S . Chosen-ciphertext secure proxy re-encryption[C]// The 14th ACM conference on Computer and Communications Security. 2007: 185-194.
[14]	LIBERT B , VERGNAUD D . Unidirectional chosen-ciphertext secure proxy re-encryption[J]. IEEE Transactions on Information Theory, 2011,57(3): 1786-1802.
[15]	LIBERT B , VERGNAUD D . Unidirectional chosen-ciphertext secure proxy re-encryption[C]// International Workshop on Public Key Cryptography. 2008: 360-379.
[16]	WENG J , DENG R H , LIU S ,et al. Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings[J]. Information Sciences, 2010,180(24): 5077-5089.
[17]	DENG R H , WENG J , LIU S ,et al. Chosen-ciphertext secure proxy re-encryption without pairings[C]// International Conference on Cryptology and Network Security. 2008: 1-17.
[18]	SHAO J , CAO Z . CCA-secure proxy re-encryption without pairings[C]// International Workshop on Public Key Cryptography. 2009: 357-376.
[19]	CHOW S S M , WENG J , YANG Y ,et al. Efficient unidirectional proxy re-encryption[C]// International Conference on Cryptology in Africa. 2010: 316-332.
[20]	WENG J , ZHAO Y , HANAOKA G . On the security of a bidirectional proxy re-encryption scheme from PKC 2010[C]// International Workshop on Public Key Cryptography. 2011: 284-295.
[21]	HANAOKA G , KAWAI Y , KUNIHIRO N ,et al. Generic construction of chosen ciphertext secure proxy re-encryption[C]// Cryptographers’ Track at the RSA Conference. 2012: 349-364.
[22]	WENG J , CHEN M , YANG Y ,et al. CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles[J]. Science China Information Sciences, 2010,53(3): 593-606.
[23]	MATSUDA T , NISHIMAKI R , TANAKA K . CCA proxy re-encryption without bilinear maps in the standard model[C]// International Workshop on Public Key Cryptography. 2010: 261-278.
[24]	GREEN M , ATENIESE G . Identity-based proxy re-encryption[C]// Applied Cryptography and Network Security. 2007: 288-306.
[25]	MATSUO T , . Proxy re-encryption systems for identity-based encryption[C]// International Conference on Pairing-Based Cryptography. 2007: 247-267.
[26]	CHU C K , TZENG W G . Identity-based proxy re-encryption without random oracles[C]// International Conference on Information Security. 2007: 189-202.
[27]	LIBERT B , VERGNAUD D . Tracing malicious proxies in proxy re-encryption[C]// The International Conference on Pairing-Based Cryptography. 2008: 332-353.
[28]	ATENIESE G , BENSON K , HOHENBERGER S . Key-private proxy re-encryption[C]// Cryptographers’ Track at the RSA Conference. 2009: 279-294.
[29]	CHANDRAN N , CHASE M , VAIKUNTANATHAN V . Functional re-encryption and collusion-resistant obfuscation[C]// Theory of Cryptography Conference. 2012: 404-421

Notations	Descriptions
(pk_i ,sk_i )	i-th user’s public and secret key pair
w	Condition
rk _ij	Re-encryption key from i-th user to j -th user
ij vk	Verification key from i-th user to j -th user
θ_ij	Re-encryption share from i-th user to j -th user
?]_v	v-th share of a secret
L )(?	Polynomial implicitly defined in our system
ct	Original ciphertext
ct ′	Transformed ciphertext
f	File
k	File encryption/decryption key
(n,t)	Number of proxies and the threshold

Server-aided access control for cloud computing

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 29

相关文章 0

Metrics

推荐阅读 0