Key-aggregate based access control encryption for flexible cloud data sharing

IF 4.1 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Jinlu Liu , Jing Qin , Wenchao Wang , Lin Mei , Huaxiong Wang
{"title":"Key-aggregate based access control encryption for flexible cloud data sharing","authors":"Jinlu Liu ,&nbsp;Jing Qin ,&nbsp;Wenchao Wang ,&nbsp;Lin Mei ,&nbsp;Huaxiong Wang","doi":"10.1016/j.csi.2023.103800","DOIUrl":null,"url":null,"abstract":"<div><p>Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The “encryption-before-outsourcing” mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.’s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"88 ","pages":"Article 103800"},"PeriodicalIF":4.1000,"publicationDate":"2023-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548923000818","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The “encryption-before-outsourcing” mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.’s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.

基于密钥聚合的访问控制加密,实现灵活的云数据共享
云计算由于其众多诱人的优势,已成为用户存储和共享数据的首选。“外包前加密”机制是保护数据隐私免受半信任云服务器攻击所必需的。密钥聚合密码系统(KAC)是一种用于云数据共享的新型加密模式。它使用户能够使用恒定大小的聚合密钥解密使用不同密钥加密的多个数据。当选择性地共享数据时,KAC有效地解决了对称加密(SE)中昂贵的密钥管理的挑战,并消除了在公钥加密(PKE)中对密文的多个副本的需要。然而,以前的KAC方案只能通过分发聚合密钥来控制允许用户接收哪些数据,而不能控制用户可以发送哪些数据。这种限制可能允许恶意数据所有者通过向未经授权的用户分发聚合密钥来泄露敏感信息。因此,本文旨在设计一种具有双向访问控制的密钥聚合密码系统,它既可以控制用户可以接收什么,也可以控制数据所有者可以发送什么。受访问控制加密(ACE)的启发,我们首先提出了一种基于密钥聚合的用户级访问控制加密系统(KA-ACE-UL),该系统可以控制发送者是否可以与接收者共享他的数据。然后,我们研究了一种更细粒度的访问控制策略,并提出了一种基于密钥聚合的用户数据级访问控制加密(KA-ACE-UDL)系统,该系统可以控制发送方可以与接收方共享的数据类。我们在Chu等人的KAC方案的基础上实例化了KA-ACE-UL和KA-ACE-UDL方案。我们证明了我们提出的方案可以实现安全的数据存储和受控的数据共享,确保对未经授权的接收者和恶意发送者的安全。最后,通过理论性能分析和实际实验验证了所提方案的有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Computer Standards & Interfaces
Computer Standards & Interfaces 工程技术-计算机:软件工程
CiteScore
11.90
自引率
16.00%
发文量
67
审稿时长
6 months
期刊介绍: The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信