为云计算中的安全数据访问控制提供统计隐私保护

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Yaser Baseri , Abdelhakim Hafid , Mahdi Daghmehchi Firoozjaei , Soumaya Cherkaoui , Indrakshi Ray
{"title":"为云计算中的安全数据访问控制提供统计隐私保护","authors":"Yaser Baseri ,&nbsp;Abdelhakim Hafid ,&nbsp;Mahdi Daghmehchi Firoozjaei ,&nbsp;Soumaya Cherkaoui ,&nbsp;Indrakshi Ray","doi":"10.1016/j.jisa.2024.103823","DOIUrl":null,"url":null,"abstract":"<div><p><em>Cloud Service Providers</em> (<em>CSP</em>s) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and <em>CSP</em>s cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. <em>Attribute-Based Encryption</em> (<em>ABE</em>) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in <em>ABE</em>, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of <em>ABE</em>. We analyze several existing anonymous <em>ABE</em> schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a <em>Privacy-Preserving Access Control Scheme (PACS)</em>, which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of <em>PACS</em>, called <em>Statistical Privacy-Preserving Access Control Scheme (SPACS)</em>, which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that <em>SPACS</em> can successfully protect against <em>Collision Attacks</em> and <em>Chosen Plaintext Attacks</em>.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103823"},"PeriodicalIF":3.8000,"publicationDate":"2024-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001261/pdfft?md5=a547f9409c23468b9558ba93b652bd43&pid=1-s2.0-S2214212624001261-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Statistical privacy protection for secure data access control in cloud\",\"authors\":\"Yaser Baseri ,&nbsp;Abdelhakim Hafid ,&nbsp;Mahdi Daghmehchi Firoozjaei ,&nbsp;Soumaya Cherkaoui ,&nbsp;Indrakshi Ray\",\"doi\":\"10.1016/j.jisa.2024.103823\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><em>Cloud Service Providers</em> (<em>CSP</em>s) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and <em>CSP</em>s cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. <em>Attribute-Based Encryption</em> (<em>ABE</em>) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in <em>ABE</em>, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of <em>ABE</em>. We analyze several existing anonymous <em>ABE</em> schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a <em>Privacy-Preserving Access Control Scheme (PACS)</em>, which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of <em>PACS</em>, called <em>Statistical Privacy-Preserving Access Control Scheme (SPACS)</em>, which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that <em>SPACS</em> can successfully protect against <em>Collision Attacks</em> and <em>Chosen Plaintext Attacks</em>.</p></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"84 \",\"pages\":\"Article 103823\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2024-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001261/pdfft?md5=a547f9409c23468b9558ba93b652bd43&pid=1-s2.0-S2214212624001261-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001261\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001261","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

云服务提供商(CSP)允许数据所有者将其数据迁移到资源丰富、功能强大的云服务器上,并允许个人用户访问这些数据。其中一些数据可能高度敏感和重要,因此不能总是相信云服务提供商能够提供安全访问。同样重要的是,终端用户在访问服务和数据时,要保护自己的身份不受恶意机构和提供商的攻击。基于属性的加密(ABE)是一种端到端公钥加密机制,它利用定义的策略和约束对加密数据提供安全可靠的细粒度访问控制。由于在 ABE 中,用户是通过属性而不是身份来识别的,因此收集和分析属性可能会泄露用户的身份并侵犯其匿名性。为此,我们在 ABE 中定义了一种新的匿名模型。我们分析了几种现有的匿名 ABE 方案,找出了它们在用户授权和用户匿名保护方面的漏洞。随后,我们提出了一种隐私保护访问控制方案(PACS),它支持多授权、用户身份匿名化,并能抵御用户串通攻击、机构串通攻击和选择明文攻击。我们还提出了 PACS 的扩展方案,称为统计隐私保护访问控制方案(SPACS),即使恶意机构和提供商对属性进行统计分析,该方案也能支持统计匿名性。最后,我们证明了我们方案的效率与其他现有方案相当。我们的分析表明,SPACS 可以成功抵御碰撞攻击和选择纯文本攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Statistical privacy protection for secure data access control in cloud

Cloud Service Providers (CSPs) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and CSPs cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. Attribute-Based Encryption (ABE) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in ABE, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of ABE. We analyze several existing anonymous ABE schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a Privacy-Preserving Access Control Scheme (PACS), which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of PACS, called Statistical Privacy-Preserving Access Control Scheme (SPACS), which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that SPACS can successfully protect against Collision Attacks and Chosen Plaintext Attacks.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信