An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing

Rohit Ahuja, Sraban Kumar Mohanty, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

The advent of cloud computing motivates business organizations to migrate their complex data management systems from local servers to cloud servers for scalable and durable resources on pay per use basis. Considering enormous users and large amount of documents at cloud servers, there is a requirement of an access control scheme, which supports fine-grained cum flexible access control along with 'Query-Response' mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from user, such as to restrict user from sharing or retrieving data or both, i.e., flexible system privilege revocation and most imperatively to preserve the identity of data owner and consumer, while sharing and retrieving data. Most of the access control schemes in cloud computing till date focus on restricting user from accessing data only. In this paper, we propose an identity preserving access control scheme to simultaneously realize the notion of scalability, fine-grained cum flexible access control, efficient data utilization, identity preserving and flexible system privilege revocation. We extend Ciphertext-Policy Attribute-Set-Based Encryption (CPASBE) in a hierarchical structure of users to achieve scalability. In addition, a hybridization of proxy re-encryption and CP-ASBE is introduced to materialize the concept of flexible system privilege revocation. Furthermore, we formally prove the security of our proposed scheme based on decisional bilinear Diffie-Hellman assumption. Efficacy of our scheme is depicted by performing comprehensive experiments.

Original languageEnglish
Title of host publicationProceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages39-47
Number of pages9
ISBN (Electronic)9781509022854
DOIs
Publication statusPublished - Dec 12 2016
Event11th Asia Joint Conference on Information Security, AsiaJCIS 2016 - Fukuoka, Japan
Duration: Aug 4 2016Aug 5 2016

Other

Other11th Asia Joint Conference on Information Security, AsiaJCIS 2016
CountryJapan
CityFukuoka
Period8/4/168/5/16

Fingerprint

Cloud computing
Access control
Computer systems
Servers
Cryptography
Scalability
Information management
Industry
Experiments

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

Ahuja, R., Mohanty, S. K., & Sakurai, K. (2016). An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing. In Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016 (pp. 39-47). [7782056] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS.2016.23

An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing. / Ahuja, Rohit; Mohanty, Sraban Kumar; Sakurai, Kouichi.

Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 39-47 7782056.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ahuja, R, Mohanty, SK & Sakurai, K 2016, An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing. in Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016., 7782056, Institute of Electrical and Electronics Engineers Inc., pp. 39-47, 11th Asia Joint Conference on Information Security, AsiaJCIS 2016, Fukuoka, Japan, 8/4/16. https://doi.org/10.1109/AsiaJCIS.2016.23
Ahuja R, Mohanty SK, Sakurai K. An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing. In Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 39-47. 7782056 https://doi.org/10.1109/AsiaJCIS.2016.23
Ahuja, Rohit ; Mohanty, Sraban Kumar ; Sakurai, Kouichi. / An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing. Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 39-47
@inproceedings{6e844bebf20740b2b79835f75799f5dd,
title = "An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing",
abstract = "The advent of cloud computing motivates business organizations to migrate their complex data management systems from local servers to cloud servers for scalable and durable resources on pay per use basis. Considering enormous users and large amount of documents at cloud servers, there is a requirement of an access control scheme, which supports fine-grained cum flexible access control along with 'Query-Response' mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from user, such as to restrict user from sharing or retrieving data or both, i.e., flexible system privilege revocation and most imperatively to preserve the identity of data owner and consumer, while sharing and retrieving data. Most of the access control schemes in cloud computing till date focus on restricting user from accessing data only. In this paper, we propose an identity preserving access control scheme to simultaneously realize the notion of scalability, fine-grained cum flexible access control, efficient data utilization, identity preserving and flexible system privilege revocation. We extend Ciphertext-Policy Attribute-Set-Based Encryption (CPASBE) in a hierarchical structure of users to achieve scalability. In addition, a hybridization of proxy re-encryption and CP-ASBE is introduced to materialize the concept of flexible system privilege revocation. Furthermore, we formally prove the security of our proposed scheme based on decisional bilinear Diffie-Hellman assumption. Efficacy of our scheme is depicted by performing comprehensive experiments.",
author = "Rohit Ahuja and Mohanty, {Sraban Kumar} and Kouichi Sakurai",
year = "2016",
month = "12",
day = "12",
doi = "10.1109/AsiaJCIS.2016.23",
language = "English",
pages = "39--47",
booktitle = "Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing

AU - Ahuja, Rohit

AU - Mohanty, Sraban Kumar

AU - Sakurai, Kouichi

PY - 2016/12/12

Y1 - 2016/12/12

N2 - The advent of cloud computing motivates business organizations to migrate their complex data management systems from local servers to cloud servers for scalable and durable resources on pay per use basis. Considering enormous users and large amount of documents at cloud servers, there is a requirement of an access control scheme, which supports fine-grained cum flexible access control along with 'Query-Response' mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from user, such as to restrict user from sharing or retrieving data or both, i.e., flexible system privilege revocation and most imperatively to preserve the identity of data owner and consumer, while sharing and retrieving data. Most of the access control schemes in cloud computing till date focus on restricting user from accessing data only. In this paper, we propose an identity preserving access control scheme to simultaneously realize the notion of scalability, fine-grained cum flexible access control, efficient data utilization, identity preserving and flexible system privilege revocation. We extend Ciphertext-Policy Attribute-Set-Based Encryption (CPASBE) in a hierarchical structure of users to achieve scalability. In addition, a hybridization of proxy re-encryption and CP-ASBE is introduced to materialize the concept of flexible system privilege revocation. Furthermore, we formally prove the security of our proposed scheme based on decisional bilinear Diffie-Hellman assumption. Efficacy of our scheme is depicted by performing comprehensive experiments.

AB - The advent of cloud computing motivates business organizations to migrate their complex data management systems from local servers to cloud servers for scalable and durable resources on pay per use basis. Considering enormous users and large amount of documents at cloud servers, there is a requirement of an access control scheme, which supports fine-grained cum flexible access control along with 'Query-Response' mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from user, such as to restrict user from sharing or retrieving data or both, i.e., flexible system privilege revocation and most imperatively to preserve the identity of data owner and consumer, while sharing and retrieving data. Most of the access control schemes in cloud computing till date focus on restricting user from accessing data only. In this paper, we propose an identity preserving access control scheme to simultaneously realize the notion of scalability, fine-grained cum flexible access control, efficient data utilization, identity preserving and flexible system privilege revocation. We extend Ciphertext-Policy Attribute-Set-Based Encryption (CPASBE) in a hierarchical structure of users to achieve scalability. In addition, a hybridization of proxy re-encryption and CP-ASBE is introduced to materialize the concept of flexible system privilege revocation. Furthermore, we formally prove the security of our proposed scheme based on decisional bilinear Diffie-Hellman assumption. Efficacy of our scheme is depicted by performing comprehensive experiments.

UR - http://www.scopus.com/inward/record.url?scp=85010440793&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85010440793&partnerID=8YFLogxK

U2 - 10.1109/AsiaJCIS.2016.23

DO - 10.1109/AsiaJCIS.2016.23

M3 - Conference contribution

AN - SCOPUS:85010440793

SP - 39

EP - 47

BT - Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -