Attribute-based data access control in mobile cloud computing: Taxonomy and open issues

Future Generation Computer Systems

Volumn 72, Issue , 2017, Pages 273-287

  Sookhak, Mehdi ^a   Yu, F Richard ^a   Khan, Muhammad Khurram ^b   Xiang, Yang ^c   Buyya, Rajkumar ^d  

^a CARLETON UNIVERSITY   (Canada)

^b KING SAUD UNIVERSITY   (Saudi Arabia)

^c DEAKIN UNIVERSITY   (Australia)

^d UNIVERSITY OF MELBOURNE   (Australia)

Author keywords

Access control; Attribute based encryption; Cloud computing; Thematic taxonomy

Indexed keywords

CLOUD COMPUTING; CRYPTOGRAPHY; DIGITAL STORAGE; INFORMATION MANAGEMENT; MOBILE CLOUD COMPUTING; OPEN DATA; OUTSOURCING; TAXONOMIES;

ATTRIBUTE BASED ACCESS CONTROL; ATTRIBUTE-BASED ENCRYPTIONS; CLOUD STORAGE SYSTEMS; CRYPTOGRAPHIC PRIMITIVES; DATA ACCESS CONTROL; ISSUES AND CHALLENGES; REVOCATION METHODS; SECURITY AND PRIVACY;

ACCESS CONTROL;

EID: 85011018181     PISSN: 0167739X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.future.2016.08.018     Document Type: Article

References (90)

1. [1] Mell, P., Grance, T., The NIST definition of cloud computing. Commun. ACM 53:6 (2010), 1–145.
2. [2] Z. Zhibin, H. Dijiang, Efficient and secure data storage operations for mobile cloud computing, in: 8th International Conference and Workshop on Systems Virtualiztion Management Network and Service Management, 2012, pp. 37–45.
3. [3] Sookhak, M., Talebian, H., Ahmed, E., Gani, A., Khan, M., A review on remote data auditing in single cloud server: Taxonomy and open issues. J. Netw. Comput. Appl. 43 (2014), 121–141, 10.1016/j.jnca.2014.04.011.
4. [4] Kumar, K., Yung-Hsiang, L., Cloud Computing for Mobile Users: Can Offloading Computation Save Energy?. Computer 43:4 (2010), 51–56, 10.1109/mc.2010.98.
5. [5] Sookhak, M., Akhunzada, A., Gani, A., Khurram Khan, M., Anuar, N., Towards dynamic remote data auditing in computational clouds. Sci. World J., 2014, 10.1155/2014/269357.
6. [6] Whaiduzzaman, M., Sookhak, M., Gani, A., Buyya, R., A survey on vehicular cloud computing. J. Netw. Comput. Appl. 40:1 (2014), 325–344, 10.1016/j.jnca.2013.08.004.
7. [7] Sookhak, M., Gani, A., Khan, M.K., Buyya, R., Dynamic remote data auditing for securing big data storage in cloud computing. Inform. Sci., 2015, 1–16, 10.1016/j.ins.2015.09.004.
8. [8] Wang, Q.A., Wang, C., Ren, K., Lou, W.J., Li, J., Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22:5 (2011), 847–859, 10.1109/Tpds.2010.183.
9. [9] Sookhak, M., Gani, A., Talebian, H., Akhunzada, A., Khan, S.U., Buyya, R., Zomaya, A.Y., Remote data auditing in cloud computing environments: A survey, taxonomy, and open issues. ACM Comput. Surv. 47:4 (2015), 65:1–65:34, 10.1145/2764465.
10. [10] Cong, W., Kui, R., Wenjing, L., Jin, L., Toward publicly auditable secure cloud data storage services. IEEE Netw. 24:4 (2010), 19–24, 10.1109/MNET.2010.5510914.
11. [11] Shiraz, M., Sookhak, M., Gani, A., Shah, S., A study on the critical analysis of computational offloading frameworks for mobile cloud computing. J. Netw. Comput. Appl. 47 (2015), 47–60, 10.1016/j.jnca.2014.08.011.
12. [12] S.D.C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, A data outsourcing architecture combining cryptography and access control, 2007, http://dx.doi.org/10.1145/1314466.1314477.
13. [13] Sahai, A., Waters, B., Fuzzy identity-based encryption., (EUROCRYPT 2005) Advances in Cryptology, vol. 3494, 2005, Springer Berlin, Heidelberg, 457–473, 10.1007/11426639_27 (Chapter 27).
14. [14] V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, 2006. http://dx.doi.org/10.1145/1180405.1180418.
15. [15] Hur, J., Improving security and efficiency in attribute-based data sharing. IEEE Trans. Knowl. Data Eng. 25:10 (2013), 2271–2282, 10.1109/TKDE.2011.78.
16. [16] Shamir, A., Identity-based cryptosystems and signature schemes. Blakley, G., Chaum, D., (eds.) Advances in Cryptology, Vol. 196, 1985, Springer Berlin, Heidelberg, 47–53, 10.1007/3-540-39568-7_5 (Chapter 5).
17. [17] Boneh, D., Franklin, M., Identity-based encryption from the weil pairing. Kilian, J., (eds.), (CRYPTO 2001) Advances in Cryptology, vol. 2139, 2001, Springer Berlin, Heidelberg, 213–229, 10.1007/3-540-44647-8_13 (Chapter 13).
18. [18] Shao, J., Cao, Z., Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encryption. Inform. Sci. 206 (2012), 83–95, 10.1016/j.ins.2012.04.013.
19. [19] Blaze, M., Bleumer, G., Strauss, M., Divertible protocols and atomic proxy cryptography. Advances in Cryptology EUROCRYPT’9, Vol. 1403, 1998, Springer Berlin, Heidelberg, 127–144, 10.1007/BFb0054122 (Chapter 10).
20. [20] ElGamal, T., A public key cryptosystem and a signature scheme based on discrete logarithms. Blakley, G., Chaum, D., (eds.) Advances in Cryptology, Vol. 196, 1985, Springer Berlin, Heidelberg, 10–18, 10.1007/3-540-39568-7_2 (Chapter 2).
21. [21] A. Ivan, Y. Dodis, Proxy cryptography revisited, in: Proceedings of the Network and Distributed System Security Symposium, NDSS, 2003, pp. 1–20.
22. [22] Ateniese, G., Fu, K., Green, M., Hohenberger, S., Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9:1 (2006), 1–30, 10.1145/1127345.1127346.
23. [23] R. Canetti, S. Hohenberger, Chosen-ciphertext secure proxy re-encryption, 2007. http://dx.doi.org/10.1145/1315245.1315269.
24. [24] Libert, B., Vergnaud, D., Unidirectional chosen-ciphertext secure proxy re-encryption. IEEE Trans. Inform. Theory 57:3 (2011), 1786–1802, 10.1109/TIT.2011.2104470.
25. [25] Wang, H., Cao, Z., Wang, L., Multi-use and unidirectional identity-based proxy re-encryption schemes. Inform. Sci. 180:20 (2010), 4042–4059, 10.1016/j.ins.2010.06.029.
26. [26] Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E., Role-based access control models. IEEE Comput. 29:2 (1996), 38–47, 10.1109/2.485845.
27. [27] Ahn, G.-J., Sandhu, R., Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. 3:4 (2000), 207–226, 10.1145/382912.382913.
28. [28] Joshi, J., Ghafoor, A., Aref, W.G., Spafford, E.H., Digital government security infrastructure design challenges. IEEE Comput. 34:2 (2001), 66–72, 10.1109/2.901169.
29. [29] Joshi, J.B.D., Aref, W.G., Ghafoor, A., Spafford, E.H., Security models for web-based applications. Commun. ACM 44:2 (2001), 38–44, 10.1145/359205.359224.
30. [30] Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R., Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4:3 (2001), 224–274, 10.1145/501978.501980.
31. [31] D. Jeong-Min, S. You-Jin, P. Namje, Attribute based proxy re-encryption for data confidentiality in cloud computing environments, in: 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering, CNSI, 2011, pp. 248–251. http://dx.doi.org/10.1109/CNSI.2011.34.
32. [32] J. Bethencourt, A. Sahai, B. Waters, Ciphertext-Policy Attribute-Based Encryption, 2007. http://dx.doi.org/10.1109/SP.2007.11.
33. [33] Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W., Mediated ciphertext-policy attribute-based encryption and its application. Information Security Applications, Vol. 5932, 2009, Springer Berlin, Heidelberg, 309–323, 10.1007/978-3-642-10838-9_23 (Chapter 23).
34. [34] S. Yu, C. Wan, K. Ren, W. Lou, Attribute based data sharing with attribute revocation, 2010. http://dx.doi.org/10.1145/1755688.1755720.
35. [35] Pirretti, M., Traynor, P., McDaniel, P., Waters, B., Secure attribute-based systems. J. Comput. Secur. 18:5 (2010), 799–837, 10.3233/JCS-2009-0383.
36. [36] Liang, X., Lu, R., Lin, X., Shen, X.S., Ciphertext policy attribute based encryption with efficient revocation, Tech. Rep., 2010 URL http://bbcr.uwaterloo.ca/~x27liang/papers/abewithrevocation.pdf.
37. [37] M. Green, S. Hohenberger, B. Waters, Outsourcing the decryption of ABE ciphertexts, 2011.
38. [38] Han, J., Susilo, W., Mu, Y., Zhou, J., Au, M., PPDCP-ABE: Privacy-preserving decentralized ciphertext-policy attribute-based encryption. Computer Security - ESORICS 2014, Vol. 8713, 2014, Springer International Publishing, 73–90, 10.1007/978-3-319-11212-1_5 (Chapter 5).
39. [39] Stinson, D.R., Cryptography: Theory and Practice. third ed., 2005, Chapman and Hall/CRC.
40. [40] R. Ostrovsky, A. Sahai, B. Waters, Attribute-based encryption with non-monotonic access structures, 2007. http://dx.doi.org/10.1145/1315245.1315270.
41. [41] Naor, M., Pinkas, B., Efficient trace and revoke schemes. Financial Cryptography, Vol. 1962, 2001, Springer Berlin, Heidelberg, 1–20, 10.1007/3-540-45472-1_1 (Chapter 1).
42. [42] A. Lewko, A. Sahai, B. Waters, Revocation systems with very small private keys, in: IEEE Symposium on Security and Privacy, SP, Oakland, CA, USA, 2010, pp. 273–285. http://dx.doi.org/10.1109/SP.2010.23.
43. [43] Attrapadung, N., Libert, B., de Panafieu, E., Expressive key-policy attribute-based encryption with constant-size ciphertexts., PKC 2011 Public Key Cryptography, vol. 6571, 2011, Springer Berlin, Heidelberg, 90–108, 10.1007/978-3-642-19379-8_6 (Chapter 6).
44. [44] L. Cheung, C. Newport, Provably secure ciphertext policy ABE, 2007. http://dx.doi.org/10.1145/1315245.1315302.
45. [45] Waters, B., Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization., PKC 2011 Public Key Cryptography, vol. 6571, 2011, Springer Berlin, Heidelberg, 53–70, 10.1007/978-3-642-19379-8_4 (Chapter 4).
46. [46] Yamada, S., Attrapadung, N., Hanaoka, G., Kunihiro, N., A framework and compact constructions for non-monotonic attribute-based encryption., PKC 2014 Public-Key Cryptography, vol. 8383, 2014, Springer Berlin, Heidelberg, 275–292, 10.1007/978-3-642-54631-0_16 (Chapter 16).
47. [47] Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B., Attribute-based encryption for circuits from multilinear maps. Advances in Cryptology CRYPTO 2013, vol. 8043, 2013, Springer, Berlin, Heidelberg, 479–499, 10.1007/978-3-642-40084-1_27 (Chapter 27).
48. [48] Boneh, D., Silverberg, A., Applications of multilinear forms to cryptography. Contemp. Math. 324 (2003), 72–91.
49. [49] S. Gorbunov, V. Vaikuntanathan, H. Wee, Attribute-based encryption for circuits, 2013. http://dx.doi.org/10.1145/2488608.2488677.
50. [50] Dragan, C.C., Tiplea, F.L., Efficient key-policy attribute-based encryption for general Boolean circuits from multilinear maps, Tech. rep., Cryptology ePrint Archive, Report 2014/462., 2014.
51. [51] M. Pirretti, P. Traynor, P. McDaniel, B. Waters, Secure attribute-based systems, 2006. http://dx.doi.org/10.1145/1180405.1180419.
52. [52] A. Boldyreva, V. Goyal, V. Kumar, Identity-based encryption with efficient revocation, 2008. http://dx.doi.org/10.1145/1455770.1455823.
53. [53] Hur, J., Noh, D.K., Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22:7 (2011), 1214–1221, 10.1109/TPDS.2010.203.
54. [54] K. Yang, X. Jia, R. Kui, Attribute-based fine-grained access control with efficient revocation in cloud storage systems, 2013. http://dx.doi.org/10.1145/2484313.2484383.
55. [55] Cheng, Y., Wang, Z.-y., Ma, J., Wu, J.-j., Mei, S.-z., Ren, J.-c., Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage. J. Zhejiang Univ. Sci. C 14:2 (2013), 85–97, 10.1631/jzus.C1200240.
56. [56] Shamir, A., How to share a secret. Commun. ACM 22:11 (1979), 612–613, 10.1145/359168.359176.
57. [57] Tysowski, P.K., Hasan, M.A., Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE Trans. Cloud Comput. 1:2 (2013), 172–186, 10.1109/TCC.2013.11.
58. [58] Fu, K.E., Group sharing and random access in cryptographic storage file systems. (Ph.D. thesis), 1999.
59. [59] K. Fu, S. Kamara, T. Kohno, Key regression: Enabling efficient key distribution for secure distributed storage, Computer Science Department Faculty Publication Series, 2006, p. 149.
60. [60] Backes, M., Cachin, C., Oprea, A., Secure key-updating for lazy revocation., (ESORICS 2006) 1th European Symposium on Research in Computer Security, vol. 4189, 2006, Springer, Berlin, Heidelberg, Hamburg, Germany, 327–346, 10.1007/11863908_21.
61. [61] Zarandioon, S., Yao, D., Ganapathy, V., K2C: Cryptographic cloud storage with lazy revocation and anonymous access., (SecureComm 2011) 7th International ICST Conference, vol. 96, 2011, Springer, Berlin, Heidelberg, London, UK, 59–76, 10.1007/978-3-642-31909-9_4.
62. [62] Barsoum, A., Hasan, A., Enabling dynamic data and indirect mutual trust for cloud computing storage systems. IEEE Trans. Parallel Distrib. Syst. 24:12 (2013), 2375–2385, 10.1109/TPDS.2012.337.
63. [63] Sahai, A., Seyalioglu, H., Waters, B., Dynamic credentials and ciphertext delegation for attribute-based encryption. Advances in Cryptology CRYPTO 2012, vol. 7417, 2012, Springer, Berlin, Heidelberg, 199–217, 10.1007/978-3-642-32009-5_13 (Chapter 13).
64. [64] Lee, K., Choi, S., Lee, D., Park, J., Yung, M., Self-updatable encryption: Time constrained access control with hidden attributes and better efficiency. Sako, K., Sarkar, P., (eds.) Advances in Cryptology - ASIACRYPT 2013, Vol. 8269, 2013, Springer, Berlin, Heidelberg, 235–254, 10.1007/978-3-642-42033-7_13 (Chapter 13).
65. [65] Chase, M., Multi-authority attribute based encryption. Theory of Cryptography, Vol. 4392, 2007, Springer, Berlin, Heidelberg, 515–534, 10.1007/978-3-540-70936-7_28 (Chapter 28).
66. [66] Lin, H., Cao, Z., Liang, X., Shao, J., Secure threshold multi authority attribute based encryption without a central authority. Inform. Sci. 180:13 (2010), 2618–2632, 10.1016/j.ins.2010.03.004.
67. [67] Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T., Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20:1 (2007), 51–83, 10.1007/s00145-006-0347-3.
68. [68] Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T., Robust threshold DSS signatures. Inform. Comput. 164:1 (2001), 54–84, 10.1006/inco.2000.2881.
69. [69] M. Chase, S.S.M. Chow, Improving privacy and security in multi-authority attribute-based encryption, 2009. http://dx.doi.org/10.1145/1653662.1653678.
70. [70] Lewko, A., Waters, B., Decentralizing attribute-based encryption. Advances in Cryptology EUROCRYPT 2011, Vol. 6632, 2011, Springer, Berlin, Heidelberg, 568–588, 10.1007/978-3-642-20465-4_31 (Chapter 31).
71. [71] S. Ruj, A. Nayak, I. Stojmenovic, DACC: Distributed access control in clouds, in: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Changsha, 2011, pp. 91–98. http://dx.doi.org/10.1109/TrustCom.2011.15.
72. [72] Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R., DAC-MACS: Effective data access control for multiauthority cloud storage systems. IEEE Trans. Inf. Forensics Secur. 8:11 (2013), 1790–1801, 10.1109/TIFS.2013.2279531.
73. [73] Yang, K., Jia, X., Expressive, efficient and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst., PP(99), 2013, 1, 10.1109/TPDS.2013.253.
74. [74] Lewko, A., Waters, B., New proof methods for attribute-based encryption: Achieving full security through selective techniques. Advances in Cryptology CRYPTO 2012, Vol. 7417, 2012, Springer, Berlin, Heidelberg, 180–198, 10.1007/978-3-642-32009-5_12 (Chapter 12).
75. [75] Ruj, S., Stojmenovic, M., Nayak, A., Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans. Parallel Distrib. Syst. 25:2 (2014), 384–394, 10.1109/TPDS.2013.38.
76. [76] Maji, H., Prabhakaran, M., Rosulek, M., Attribute-based signatures. Topics in Cryptology CT-RSA 2011, Vol. 6558, 2011, Springer, Berlin, Heidelberg, 376–392, 10.1007/978-3-642-19074-2_24 (Chapter 24).
77. [77] Gentry, C., Silverberg, A., Hierarchical ID-based cryptography., (ASIACRYPT 2002) 8th International Conference on the Theory and Application of Cryptology and Information Security Queenstown, vol. 2501, 2002, Springer Berlin, Heidelberg, New Zealand, 548–566, 10.1007/3-540-36178-2_34.
78. [78] Wang, G., Liu, Q., Wu, J., Guo, M., Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput. Secur. 30:5 (2011), 320–331, 10.1016/j.cose.2011.05.006.
79. [79] Bennett, K., Grothoff, C., Horozov, T., Patrascu, I., Efficient sharing of encrypted data. Information Security and Privacy, Vol. 2384, 2002, Springer, Berlin, Heidelberg, 107–120, 10.1007/3-540-45450-0_8 (Chapter 8).
80. [80] Zhiguo, W., Jun'e, L., Deng, R.H., HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7:2 (2012), 743–754, 10.1109/TIFS.2011.2172209.
81. [81] Bobba, R., Khurana, H., Prabhakaran, M., Attribute-sets: A practically motivated enhancement to attribute-based encryption., (ESORICS 2009) 14th European Symposium on Research in Computer Security, vol. 5789, 2009, Springer Berlin, Heidelberg, Saint-Malo, France, 587–604, 10.1007/978-3-642-04444-1_36 (Chapter 36).
82. [82] Li, J., Wang, Q., Wang, C., Ren, K., Enhancing attribute-based encryption with attribute hierarchy. Mob. Netw. Appl. 16:5 (2011), 553–561, 10.1007/s11036-010-0233-y.
83. [83] X. Liu, Y. Xia, S. Jiang, F. Xia, Y. Wang, Hierarchical attribute-based access control with authentication for outsourced data in cloud computing, in: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, 2013, pp. 477–484. http://dx.doi.org/10.1109/TrustCom.2013.60.
84. [84] Wang, Z., Wang, J., A provably secure ciphertext-policy hierarchical attribute-based encryption., (ICCCS 2015) Cloud Computing and Security: First International Conference, 2015, Springer International Publishing, Nanjing, China, 38–48, 10.1007/978-3-319-27051-7_4.
85. [85] Damgård, I., Thorbek, R., Linear integer secret sharing and distributed exponentiation. 9th International Conference on Theory and Practice in Public-Key Cryptography, 2006, Springer Berlin, Heidelberg, New York, 75–90, 10.1007/11745853_6.
86. [86] Teng, W., Yang, G., Xiang, Y., Zhang, T., Wang, D., Attribute-based access control with constant-size ciphertext in cloud computing. IEEE Trans. Cloud Comput., PP(99), 2016, 1, 10.1109/TCC.2015.2440247.
87. [87] Wang, S., Zhou, J., Liu, J.K., Yu, J., Chen, J., Xie, W., An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11:6 (2016), 1265–1277, 10.1109/TIFS.2016.2523941.
88. [88] Xu, L., Tang, S., Verifiable computation with access control in cloud computing. J. Supercomput., 2013, 1–19, 10.1007/s11227-013-1039-z.
89. [89] Parno, B., Raykova, M., Vaikuntanathan, V., How to delegate and verify in public: Verifiable computation from attribute-based encryption., 2012, Springer, Berlin, Heidelberg, 422–439, 10.1007/978-3-642-28914-9_24 (Chapter 24).
90. [90] G. Xu, G. Amariucai, Y. Guan, Delegation of computation with verification outsourcing: curious verifiers, 2013. http://dx.doi.org/10.1145/2484239.2484253.