research-article

Privacy aware access control for data sharing in cloud computing environments

Author:

Hassan TakabiAuthors Info & Claims

SCC '14: Proceedings of the 2nd international workshop on Security in cloud computing

Pages 27 - 34

https://doi.org/10.1145/2600075.2600076

Published: 03 June 2014 Publication History

Abstract

In cloud computing environments, data protection is usually limited to access control policies that are enforced by cloud service providers (CSPs). However, there are many cases where the CSPs are not trusted and pose a risk to their users' privacy. Several approaches have been proposed to prevent CSPs from accessing the data where the cryptographic mechanisms are used to enforce access control policies. However, most of these approaches incur a huge communication overhead, involve users in a complex and expensive key management process and are burdensome for users. In this paper, we propose a privacy aware access control system for data sharing that provides two levels of protection for user's data stored on a CSP. The users' data is protected from unauthorized users using a CSP-enforced access control mechanism, while protection from the CSP is achieved through multiple layers of commutative encryption with the help of a third-party service provider. We present the proposed framework and describe its components and various cryptographic operations. Furthermore, we provide a security analysis to discuss potential threats against the proposed system and provide some solutions for those threats.

References

[1]

D. Wei, "Commutative-like Encryption: A New Characterization of ElGamal," The Computing Research Repository, vol. 1011, 2010.

[2]

RSA Laboratories, "Public-Key Cryptography Standards (PKCS)," http://www.rsa.com/rsalabs/node.asp?id=2124

[3]

S. Garfinkel, "Email-based Identification And Authentication: An Alternative to PKI?", IEEE Security and Privacy, Vol. 1, No. 6, pp. 20--26, Nov. 2003.

Digital Library

[4]

R. Zhang, L. Liu, J. Li and Z. Han, "RBTBAC: Secure Access and Management of EHR Data," In Proc. of the 3rd International Workshop on e-Healthcare Information Security (e-HISec 2011), June 27--29, 2011, London, UK.

[5]

R. Zhang, L. Liu, and X. Rui. "Role-Based and Time-Bound Access and Management of EHR Data," International Journal of Security and Communication Networks, 2012.

[6]

M. Nabeel, E. Bertino, B. Thuraisingham, and M. Kantarcioglu, "Towards Privacy Preserving Access Control in the Cloud," In Proc. of the International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 172--180, Orlando, Florida, USA, October 15--18, 2011.

[7]

M. Nabeel and E. Bertino, "Privacy Preserving Delegated Access Control in the Storage-as-a-Service Model," In Proc. of the 13th IEEE International Conference on Information Reuse and Integration (IRI), pp. 645--652, Las Vegas, Nevada, USA, 2012.

[8]

M. Nabeel and E. Bertino, "Privacy Preserving Delegated Access Control in Public Clouds," CERIAS Tech Report, Purdue University, 2012.

[9]

M. Nabeel, N.Shang, and E.Bertino, "Privacy preserving policy based content sharing in public clouds," IEEE Transactions on Knowledge and Data Engineering, 2012.

Digital Library

[10]

M. Raykova, H. Zhao, and S. M. Bellovin, "Privacy Enhanced Access Control for Outsourced Data Sharing," In Proc. of the Financial Cryptography and Data Security, March 2012.

[11]

Y. Zhu, H.X. Hu, G.J. Ahn, M. Yu, and H. Zhao, "Comparison-based encryption for fine-grained access control in clouds", In Proc. of the second ACM conference on Data and Application Security and Privacy (CODASPY '12), pp. 105--116, Feb 7--9, San Antonio, TX, USA, 2012.

Digital Library

[12]

Y. Zhu, H.X. Hu, G.J. Ahn, H.X. Wang, and S.B. Wang, "Provably Secure Role-Based Encryption with Revocation Mechanism", Journal of Computer Science and Technology, Vol. 26, No. 4, pp. 697--710, 2011.

[13]

S. Fahl, M. Harbach, T. Muders, and M. Smith, "Confidentiality as a Service - Usable Security for the Cloud," In Proc. of the IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 153--162, Liverpool, United Kingdom, June 25--27, 2012.

Digital Library

[14]

M. Harbach, "Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions," In Proc. of the 10th Annual International Conference on Privacy, Security and Trust (PST), Paris, France, 16--18 July 2012.

Digital Library

[15]

P. Rogaway and D. Wagner, "Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption," National Institute of Standards and Technologies, pp. 2--5, 2000.

[16]

Y. Desmedt and Y. Frankel, "Threshold Cryptosystems," In Proc. of the 9th Annual International Cryptology Conference on Advances in Cryptology, pp. 307--315, Springer, 1990.

Digital Library

[17]

N. Borisov, I. Goldberg, and D. Wagner, "Intercepting Mobile Communications: The Insecurity of 802.11," In Proc. of the 7th Annual International Conference on Mobile Computing and Networking, 2001., pp. 180--189.

Digital Library

[18]

C. E. Shannon, "Communication Theory of Secrecy Systems," Bell Systems Technical Journal, Vol. 28, pp. 656--715, 1949.

Cited By

Gadad VSowmyarani C. N. (2023)A Comprehensive Review of Privacy Preserving Data Publishing (PPDP) Algorithms for Multiple Sensitive Attributes (MSA)Information Security and Privacy in Smart Devices10.4018/978-1-6684-5991-1.ch006(142-193)Online publication date: 31-Mar-2023
https://doi.org/10.4018/978-1-6684-5991-1.ch006
Kanwal TAnjum AKhan A(2020)Privacy preservation in e-health cloud: taxonomy, privacy requirements, feasibility analysis, and opportunitiesCluster Computing10.1007/s10586-020-03106-1Online publication date: 22-Apr-2020
https://doi.org/10.1007/s10586-020-03106-1
Sun P(2019)Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and SolutionsIEEE Access10.1109/ACCESS.2019.29461857(147420-147452)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2946185
Show More Cited By

Index Terms

Privacy aware access control for data sharing in cloud computing environments

Recommendations

An efficient signcryption for data access control in cloud computing

Data storage is one of main services in cloud computing. How to ensure the confidentiality and authorized access of data is the central issue of data storage. In this paper, we propose a novel data access control scheme that can simultaneously achieve ...
Privacy-preserving data sharing in cloud computing

Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Access control based privacy preserving secure data sharing with hidden access policies in cloud

Attribute-based encryption is a promising solution to the access control based data sharing in the cloud. In this scheme, access policies are being sent in plaintext form which discloses the user privacy and data privacy. Once the ciphertext has been ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SCC '14: Proceedings of the 2nd international workshop on Security in cloud computing

June 2014

76 pages

ISBN:9781450328050

DOI:10.1145/2600075

General Chair:
Robert Deng
Singapore Management University
,
Program Chairs:
Elaine Shi
University of Maryland, College Park
,
Kui Ren
State University of New York, Buffalo

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '14

Sponsor:

SIGSAC

ASIA CCS '14: 9th ACM Symposium on Information, Computer and Communications Security

June 3, 2014

Kyoto, Japan

Acceptance Rates

SCC '14 Paper Acceptance Rate 9 of 21 submissions, 43%;

Overall Acceptance Rate 64 of 159 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
617
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gadad VSowmyarani C. N. (2023)A Comprehensive Review of Privacy Preserving Data Publishing (PPDP) Algorithms for Multiple Sensitive Attributes (MSA)Information Security and Privacy in Smart Devices10.4018/978-1-6684-5991-1.ch006(142-193)Online publication date: 31-Mar-2023
https://doi.org/10.4018/978-1-6684-5991-1.ch006
Kanwal TAnjum AKhan A(2020)Privacy preservation in e-health cloud: taxonomy, privacy requirements, feasibility analysis, and opportunitiesCluster Computing10.1007/s10586-020-03106-1Online publication date: 22-Apr-2020
https://doi.org/10.1007/s10586-020-03106-1
Sun P(2019)Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and SolutionsIEEE Access10.1109/ACCESS.2019.29461857(147420-147452)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2946185
Manasrah AAbu Nasir MSalem M(2019)A privacy-preserving multi-keyword search approach in cloud computingSoft Computing10.1007/s00500-019-04033-zOnline publication date: 8-May-2019
https://doi.org/10.1007/s00500-019-04033-z
Pattaranantakul MHe RSong QZhang ZMeddahi A(2018)NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art CountermeasuresIEEE Communications Surveys & Tutorials10.1109/COMST.2018.285944920:4(3330-3368)Online publication date: Dec-2019
https://doi.org/10.1109/COMST.2018.2859449
Udoh EPatterson B(2016)Using the Balanced Scorecard Approach to Appraise the Performance of Cloud ComputingInternational Journal of Grid and High Performance Computing10.4018/IJGHPC.20160101048:1(50-57)Online publication date: Jan-2016
https://doi.org/10.4018/IJGHPC.2016010104
Ye X(2015)Access Control for Cloud Applications2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.183(970-977)Online publication date: Aug-2015
https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.183
Udoh EPatterson BCordle S(2014)A Performance Analysis of Cloud Computing Using the Balanced Scorecard ApproachProceedings of the 2014 Annual Global Online Conference on Information and Computer Technology10.1109/GOCICT.2014.8(11-16)Online publication date: 3-Dec-2014
https://dl.acm.org/doi/10.1109/GOCICT.2014.8

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten