DRAC: A dynamic fine-grained access control scheme for cloud storage with censorship-coerced resistance

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-06-13 DOI:10.1016/j.jisa.2025.104123

Yuan Zhai , Haochen Yang , Jingyu Yao , Tao Wang , Yanwei Zhou , Feng Zhu , Bo Yang

{"title":"DRAC: A dynamic fine-grained access control scheme for cloud storage with censorship-coerced resistance","authors":"Yuan Zhai , Haochen Yang , Jingyu Yao , Tao Wang , Yanwei Zhou , Feng Zhu , Bo Yang","doi":"10.1016/j.jisa.2025.104123","DOIUrl":null,"url":null,"abstract":"<div><div>The increasing reliance on cloud storage for data outsourcing raises concerns regarding the security and access to sensitive information and private data. To ensure the security of cloud data, encryption technology is widely applied in cloud storage. However, most existing encryption schemes rely on the assumption that encryption keys remain private, which may become invalid under censorship by unauthorized authorities, potentially leading to data leaks in the cloud. Furthermore, accessing and sharing data in the cloud are crucial for its utilization, and enabling authorized users to achieve fine-grained access control during the dynamic sharing of cloud data poses a significant challenge. To address these issues, this paper proposes a novel fine-grained access control scheme, DRAC. By combining deniable encryption primitives with ciphertext-policy attribute-based encryption technology that supports revocation, the proposed scheme achieves: (1) provide privacy protection for cloud data; (2) resist censorship by unauthorized authorities; and (3) support dynamic fine-grained access control for cloud data. The security and correctness of DRAC are analyzed theoretically, while its performance is evaluated experimentally. The results demonstrate that the system is feasible and effective in practical applications.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104123"},"PeriodicalIF":3.8000,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001607","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The increasing reliance on cloud storage for data outsourcing raises concerns regarding the security and access to sensitive information and private data. To ensure the security of cloud data, encryption technology is widely applied in cloud storage. However, most existing encryption schemes rely on the assumption that encryption keys remain private, which may become invalid under censorship by unauthorized authorities, potentially leading to data leaks in the cloud. Furthermore, accessing and sharing data in the cloud are crucial for its utilization, and enabling authorized users to achieve fine-grained access control during the dynamic sharing of cloud data poses a significant challenge. To address these issues, this paper proposes a novel fine-grained access control scheme, DRAC. By combining deniable encryption primitives with ciphertext-policy attribute-based encryption technology that supports revocation, the proposed scheme achieves: (1) provide privacy protection for cloud data; (2) resist censorship by unauthorized authorities; and (3) support dynamic fine-grained access control for cloud data. The security and correctness of DRAC are analyzed theoretically, while its performance is evaluated experimentally. The results demonstrate that the system is feasible and effective in practical applications.

查看原文本刊更多论文

DRAC：一种动态的细粒度访问控制方案，用于具有审查强制阻力的云存储

数据外包越来越依赖云存储，这引起了人们对安全和获取敏感信息和私人数据的关切。为了保证云数据的安全，加密技术被广泛应用于云存储中。然而，大多数现有的加密方案依赖于加密密钥保持私有的假设，这可能会在未经授权的当局审查下失效，从而可能导致云中的数据泄露。此外，访问和共享云中的数据对其利用至关重要，在动态共享云数据期间，使授权用户能够实现细粒度访问控制是一个重大挑战。为了解决这些问题，本文提出了一种新的细粒度访问控制方案——DRAC。该方案将可否认的加密原语与支持撤销的基于密文策略属性的加密技术相结合，实现了：(1)为云数据提供隐私保护；（二）抵制未经授权机关的审查；(3)支持云数据的动态细粒度访问控制。从理论上分析了DRAC的安全性和正确性，并通过实验对其性能进行了评价。结果表明，该系统在实际应用中是可行和有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.