Abstract
The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption (NC-MACPABE). NC-MACPABE optimizes the weighted access structure (WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users’ information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user’s access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
XU Xiao-long, TU Qun, NIK B, YANG Geng, WANG Xin-heng. SATVPC: Secure-agent-based trustworthy virtual private cloud model in open computing environments [J]. Journal of Central South University, 2014, 21(8): 3186–3196.
ZHANG Jiang, ZHANG Zhen-feng. Secure and efficient datasharing in clouds [J]. Concurrency and Computation: Practice and Experience, 2015, 27(8): 2125–2143.
FENG Deng-guo, ZHANG Min, ZHANG Yan, XU Zhen. Study on cloud computing security [J]. Journal of Software, 2011, 22(1): 71–83. (in Chinese)
ZOU De-qing, JIN hai, QIANG Wei-zhong, XU Peng. Challenge and practice of cloud computing Security [J]. Communications of the China Computer Federation, 2011, 7(12): 55–61. (in Chinese)
YU Neng-hai, HAO Zhuo, XU Jia-jia. Review of cloud computing security [J]. Chinese Journal of Electronics, 2013, 41(2): 371–381. (in Chinese)
HU Fei, QIU Mei-kang, LI Jia-yin, GRANT T, TAYLOR D, MCCALEB S, BUTLER L, HAMNER R. A review on cloud computing: Design challenges in architecture and security [J]. Journal of Computing and Information Technology, 2011, 19(1): 25–55.
RISHI I. Apple to Strengthen Security After iCloud Nude Celebrity Photos Leak [EB/OL]. [2014–09–02]. http://time.com/3271667/ apple-jennifer-lawrence-icloud-leak-security.
Cloud Security Alliance. Security guidance for critical areas of focus in cloud computing v2.1 [EB/OL]. [2013–03–26]. http://www. cloudsecurityalliance. org/guidance/csaguide.v2.1.pdf.
SU Jin-shu, CAO Dan, WANG Xiao-feng, SUN Yi-pin, HU Qiao-lin. Attribute-based encryption schemes [J]. Journal of Software, 2011, 22(6): 1299–1315. (in Chinese)
XUE Wei, SHU Ji-wu, LIU Yang, XUE Mao. Corslet: A shared storage system keeping your data private [J]. Science China Information Sciences, 2011, 54(6): 1119–1128.
MAHAJAN P, SETTY S, LEE S, CLEMENT A, ALVISI L, DAHLIN M, WALFISH M. Depot: Cloud storage with minimal trust [J]. ACM Transactions on Computer Systems, 2011, 29(4): 1–38.
SHRAER A, CACHIN C, CIDON A, KEIDAR I, MICHALEVSKY Y, SHAKET D. Venus: Verification for untrusted cloud storage [C]// Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop. New York: ACM, 2010: 19–30.
ROY I, SETTY S T V, KILZER A, SHMATIKOV V, WITCHEL E. Airavat: Security and privacy for mapreduce [C]// Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation. San Jose: DBLP, 2010, 10: 297–312.
YAN Liang, RONG Chun-ming, ZHAO Gan-sen. Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography [C]// Proceedings of 1st International Conference. Berlin: Springer, 2009: 167–177.
WANG Qian, WANG Cong, LI Jin, REN Kui, LOU Wen-jing. Enabling public verifiability and data dynamics for storage security in cloud computing [C]// Proceedings of Computer Security–ESORICS 2009. Berlin: Springer, 2009: 355–370.
DAMIANI E, PAGANO F, PAGANO D. iPrivacy: A distributed approach to privacy on the cloud [J]. International Journal on Advances in Security, 2011, 4(3): 185–197.
MAO Jian, LI Kun, XU Xian-dong. Privacy protection scheme for cloud computing [J]. Journal of Tsinghua University(Science and Technology), 2011, 51(10): 1357–1362. (in Chinese)
HUANG Ru-wei, GUI Xiao-lin, YU Si, YU Wei. Privacy-preserving computable encryption scheme of cloud computing [J]. Chinese Journal of Computers, 2011, 34(12): 2391–2402. (in Chinese)
SHAMIR A. Identity-based cryptosystems and signature schemes [J]. Lecture Notes in Computer Science, 1984, 21(2): 47–53.
BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing [C]// Proceedings of the 10th Cryptology Conference on Advances in Cryptology. Berlin: Springer, 2001: 213–229.
SAHAI A, WATERS B. Fuzzy identity-based encryption [C]// Proceedings of the 2005 Annual Eurocrypt Conference. Berlin: Springer, 2005: 457–473.
GOYAL V, PANDEY O, SAHAI A, WATERS B. Attribute-based encryption for fine-grained access control of encrypted data [C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 89–98.
BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption [C]// Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society, 2007: 321–334.
CHASE M. Multi-authority attribute based encryption [C]// Proceedings of Theory of Cryptography Conference. Berlin: Springer, 2007: 515–534.
BOZOVIC V, SOCEK D, STEINWANDT R, VILLANYI V I. Multi-authority attribute-based encryption with honest-but-curious central authority [J]. International Journal of Computer Mathematics, 2012, 89(3): 268–283.
LIN Huang, CAO Zhen-fu, LIANG Xiao-hui, SHAO Jun. Secure threshold multi authority attribute based encryption without a central authority [J]. Information Sciences, 2010, 180(13): 2618–2632.
BLAZE M, BLEUMER G, STRAUSS M. Divertible protocols and atomic proxy cryptography [C]// Proceedings of the 1998 International Conference on the Theory and Application of Cryptographic Techniques Espoo. Berlin: Springer, 1998: 127–144.
ATENIESE G, FU K, GREEN M, HOHENBERGER S. Improved proxy re-encryption schemes with applications to secure distributed storage [J]. ACM Transactions on Information and System Security, 2006, 9(1): 1–30
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Projects(61472192, 61202004) supported by the National Natural Science Foundation of China; Project(14KJB520014) supported by the Natural Science Fund of Higher Education of Jiangsu Province, China
Rights and permissions
About this article
Cite this article
Xu, Xl., Zhang, Qt. & Zhou, Jl. NC-MACPABE: Non-centered multi-authority proxy re-encryption based on CP-ABE for cloud storage systems. J. Cent. South Univ. 24, 807–818 (2017). https://doi.org/10.1007/s11771-017-3483-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11771-017-3483-z