RAAC: ROBUST AND AUDITABLE ACCESS CONTROL WITH MULTIPLE ATTRIBUTE AUTHORITIES FOR PUBLIC CLOUD STORAGE

 

ABSTRACT

Data access control is a challenging issue in publiccloud storage systems. Ciphertext-Policy Attribute-Based Encryption(CP-ABE) has been adopted as a promising techniqueto provide flexible, fine-grained and secure data access controlfor cloud storage with honest-but-curious cloud servers. However,in the existing CP-ABE schemes, the single attribute authoritymust execute the time-consuming user legitimacy verification andsecret key distribution, and hence it results in a single-pointperformance bottleneck when a CP-ABE scheme is adopted ina large-scale cloud storage system. Users may be stuck in thewaiting queue for a long period to obtain their secret keys,thereby resulting in low-efficiency of the system. Although multiauthorityaccess control schemes have been proposed, theseschemes still cannot overcome the drawbacks of single-pointbottleneck and low efficiency, due to the fact that each of theauthorities still independently manages a disjoint attribute set.In this paper, we propose a novel heterogeneous framework toremove the problem of single-point performance bottleneck andprovide a more efficient access control scheme with an auditingmechanism. Our framework employs multiple attribute authoritiesto share the load of user legitimacy verification. Meanwhile,in our scheme, a CA (Central Authority) is introduced to generatesecret keys for legitimacy verified users. Unlike other multiauthorityaccess control schemes, each of the authorities in ourscheme manages the whole attribute set individually. To enhancesecurity, we also propose an auditing mechanism to detectwhich AA (Attribute Authority) has incorrectly or maliciouslyperformed the legitimacy verification procedure. Analysis showsthat our system not only guarantees the security requirements butalso makes great performance improvement on key generation.

PROPOSED SYSTEM:

The main contributions of this work can be summarized asfollows.1) To address the single-point performance bottleneck of keydistribution existed in the existing schemes, we propose arobust and efficient heterogeneous framework with singleCA(Central Authority) and multiple AAs (Attribute Authorities)for public cloud storage. The heavy load of userlegitimacy verification is shared by multiple AAs, each ofwhich manages the universal attribute set and is able toindependently complete the user legitimacy verification,while CA is only responsible for computational tasks.To the best of our knowledge, this is the first work thatproposes the heterogeneous access control framework toaddress the low efficiency and single-point performancebottleneck for cloud storage.2) We reconstruct the CP-ABE scheme to fit our proposedframework and propose a robust and high-efficient accesscontrol scheme, meanwhile the scheme still preserves thefine granularity, flexibility and security features of CPABE.3) Our scheme includes an auditing mechanism that helpsthe system trace an AA’s misbehavior on user’s legitimacyverification.

EXISTING SYSTEM:

Ciphertext-Policy Attribute-Based Encryption (CP-ABE)has so far been regarded as one of the most promisingtechniques for data access control in cloud storage systems.This technology offers users flexible, fine-grained and secureaccess control of outsourced data. It was first formulated byGoyal et al. in. Then the first CP-ABE scheme wasproposed by Benthencourt et al. in , but this scheme wasproved secure only in the generic group model. Subsequently,some cryptographically stronger CP-ABE constructions were proposed, but these schemes imposed some restrictionsthat the original CP-ABE does not have. In , Watersproposed three efficient and practical CP-ABE schemes understronger cryptographic assumptions as expressive as. Toimprove efficiency of this encryption technique, Emura et al proposed a CP-ABE scheme with a constant ciphertextlength. Unlike the above schemes which are only limited toexpress monotonic access structures, Obtrovsky et al. [24] proposeda more expressive CP-ABE scheme which can supportnon-monotonic access structures. Recently, Hohenberger andWaters  proposed an online/offline ABE technique for CPABEwhich enables the user to do as much pre-computation aspossible to save online computation. It’s a promising techniquefor resource-limited devices

 

 

CONCLUSION

In this paper, we proposed a new framework, named RAAC,to eliminate the single-point performance bottleneck of theexisting CP-ABE schemes. By effectively reformulating CPABEcryptographic technique into our novel framework, ourproposed scheme provides a fine-grained, robust and efficientaccess control with one-CA/multi-AAs for public cloud storage.Our scheme employs multiple AAs to share the load ofthe time-consuming legitimacy verification and standby forserving new arrivals of users’ requests.We also proposed an auditing method to trace an attributeauthority’s potential misbehavior. We conducted detailed securityand performance analysis to verify that our scheme is secureand efficient. The security analysis shows that our schemecould effectively resist to individual and colluded malicioususers, as well as the honest-but-curious cloud servers. Besides,with the proposed auditing & tracing scheme, no AA coulddeny its misbehaved key distribution. Further performanceanalysis based on queuing theory showed the superiority ofour scheme over the traditional CP-ABE based access controlschemes for public cloud storage.

REFERENCES

[1] P. Mell and T. Grance, “The NIST definition of cloudcomputing,” National Institute of Standards and TechnologyGaithersburg, 2011.

[2] Z. Fu, K. Ren, J. Shu, X. Sun, and F. Huang, “Enablingpersonalized search over encrypted outsourced data withefficiency improvement,” IEEE Transactions on Parallel& Distributed Systems, vol. 27, no. 9, pp. 2546–2559,2016.

[3] Z. Fu, X. Sun, S. Ji, and G. Xie, “Towards efficientcontent-aware search over encrypted outsourced data incloud,” in in Proceedings of 2016 IEEE Conference onComputer Communications (INFOCOM 2016). IEEE,2016, pp. 1–9.

[4] K. Xue and P. Hong, “A dynamic secure group sharingframework in public cloud computing,” IEEE Transactionson Cloud Computing, vol. 2, no. 4, pp. 459–470,2014.

[5] Y. Wu, Z. Wei, and H. Deng, “Attribute-based access toscalable media in cloud-assisted content sharing,” IEEETransactions on Multimedia, vol. 15, no. 4, pp. 778–788,2013.

[6] J. Hur, “Improving security and efficiency in attributebaseddata sharing,” IEEE Transactions on Knowledgeand Data Engineering, vol. 25, no. 10, pp. 2271–2282,2013.

[7] J. Hur and D. K. Noh, “Attribute-based access controlwith efficient revocation in data outsourcing systems,”IEEE Transactions on Parallel and Distributed Systems,vol. 22, no. 7, pp. 1214–1221, 2011.

[8] J. Hong, K. Xue, W. Li, and Y. Xue, “TAFC: Timeand attribute factors combined access control on timesensitivedata in public cloud,” in Proceedings of 2015IEEE Global Communications Conference (GLOBECOM2015). IEEE, 2015, pp. 1–6.

[9] Y. Xue, J. Hong, W. Li, K. Xue, and P. Hong, “LABAC:A location-aware attribute-based access control schemefor cloud storage,” in Proceedings of 2016 IEEE GlobalCommunications Conference (GLOBECOM 2016).IEEE, 2016, pp. 1–6.

[10] A. Lewko and B. Waters, “Decentralizing attribute-basedencryption,” in Advances in Cryptology–EUROCRYPT2011. Springer, 2011, pp. 568–588.