【文件属性】:
文件名称:Achieving Data Access Control in Cloud Computing
文件大小:269KB
文件格式:PDF
更新时间:2014-09-04 20:55:47
ABE, CPABE, CLOUD
Abstract—Cloud computing is an emerging computing
paradigm in which resources of the computing infrastructure
are provided as services over the Internet. Promising as it
is, this paradigm also brings forth many new challenges for
data security and access control when users outsource sensitive
data for sharing on cloud servers, which are not within the
same trust domain of data owners. To keep sensitive user data
confidential from untrusted servers, existing work usually apply
cryptographic methods by disclosing data decryption keys only to
authorized users. However, in doing so, these solutions inevitably
introduce heavy computation overhead on the data owner for key
distribution and data management when fine-grained data access
control is desired, and thus do not scale well. The problem of
simultaneously achieving fine-grainedness, scalability, and data
confidentiality of access control actually still remains unresolved.
This paper addresses this challenging open issue by, on the
one hand, defining and enforcing access policies based on data
attributes, and, on the other hand, allowing the data owner
to delegate most of the computation tasks involved in finegrained
data access control to untrusted cloud servers without
disclosing the underlying plaintexts. We achieve this goal by
exploiting and uniquely combining techniques of attribute-based
encryption (ABE), proxy re-encryption, and lazy re-encryption.
Our proposed scheme also has salient properties of user access
privilege confidentiality and user secret key accountability. Extensive
analysis shows that our proposed scheme is highly efficient
and provably secure under existing security models.