A Dual Security Protection Mechanism for Cloud-Based Data Storage and Sharing

Authors

  • Prof. Kaveri Deosarkar  Assistant Professor, Computer Science Engineering WCEM, Nagpur, India
  • Kamlesh Samrit  M. Tech Second Year WCEM, Nagpur, India

DOI:

https://doi.org/10.32628/IJSRSET2310234

Keywords:

Security, AES, EDoS, Cloud-Based Data Sharing, Access Control, Cloud Storage Service, Intel SGX, Attribute-Based Encryption

Abstract

Cloud-based data storage service has drawn increasing interest from both academic and industry in recent years due to their efficient and low-cost management. Since it provides services in an open network, it is urgent for service providers to make use of secure data storage and sharing mechanism to ensure data confidentiality and service user privacy. The most widely used method is encryption to protect sensitive data from being compromised. However, simply encrypting data (e.g., via AES) cannot fully address the practical need for data management. Besides, effective access control over download requests also needs to be considered so that Economic Denial of Sustainability (EDoS) attacks cannot be launched to hinder users from enjoying service. In this project, we consider dual access control, in the context of cloud-based storage, in the sense that we design a control mechanism over both data access and download requests without loss of security and efficiency. Two dual access control systems are designed in this paper, each for a distinctly designed setting. The security and experimental analysis for the systems are also presented.

References

  1. Joseph A Akinyele, Christina Garman, Ian Miers, Matthew W Pagano, Michael Rushanan, Matthew Green, and Aviel D Rubin. Charm: a framework for rapidly prototyping cryptosystems. Jour- nal of Cryptographic Engineering, 3(2):111–128, 2013.
  2. Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. Innovative technology for cpu based attestation and sealing. In Workshop on hardware and architectural support for security and priva- cy (HASP), volume 13, page 7. ACM New York, NY, USA, 2013.
  3. Alexandros Bakas and Antonis Michalas. Modern Family: A revo- cable hybrid encryption scheme based on attribute-based encryption, symmetric searchable encryption and SGX. In SecureComm 2019, pages 472–486, 2019
  4. Amos Beimel. Secure schemes for secret sharing and key distribution. PhD thesis, PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996. ?
  5. John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy attribute-based encryption. In S&P 2007, pages 321–334. IEEE, 2007.
  6. Victor Costan and Srinivas Devadas. Intel sgx explained. IACR Cryptology ePrint Archive, 2016(086):1–118, 2016.
  7. Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. IRON: functional encryption using intel SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pages 765–782, 2017.
  8. Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Advances in Cryptology-CRYPTO 1999, pages 537–554. Springer, 1999.
  9. Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute- based encryption for fine-grained access control of en- crypted data. In ACM CCS 2006, pages 89–98. ACM, 2006.
  10. Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, and Man Ho Allen Au. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE transactions on information forensics and security, 10(3):665–678, 2015.
  11. Christofer Hoff. Cloud computing security: From ddos (distribut- ed denial of service) to edos (economic denial of sustainability). http://www. rationalsurvivability.com/blog/?p=66.
  12. Joseph Idziorek, Mark Tannian, and Doug Jacobson. Attribution of fraudulent resource consumption in the cloud. In IEEE CLOUD 2012, pages 99–106. IEEE, 2012.
  13. Simon Johnson, Vinnie Scarlata, Carlos Rozas, Ernie Brickell, and Frank Mckeen. Intel?R software guard extensions: Epid provision- ing and attestation services. White Paper, 1:1–10, 2016.
  14. Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring fine-grained control flow inside sgx enclaves with branch shadowing. In 26th USENIX Security Symposium, USENIX Security, pages 16–18, 2017.
  15. Jiguo Li, Xiaonan Lin, Yichen Zhang, and Jinguang Han. Ksf- oabe: outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Transactions on Services Computing, 10(5):715– 725, 2017.
  16. Jiguo Li, Yao Wang, Yichen Zhang, and Jinguang Han. Ful- l verifiability for outsourced decryption in attribute based encryption. IEEE Transactions on Services Computing, DOI: 10.1109/TSC.2017.2710190, 2017.
  17. Wei Li, Kaiping Xue, Yingjie Xue, and Jianan Hong. Tmacs: A robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Transactions on parallel and distributed systems, 27(5):1484–1496, 2016.
  18. Ben Lynn et al. The pairing-based cryptography library. Internet: crypto. stanford. edu/pbc/[Mar. 27, 2013], 2006.
  19. Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Sava- gaonkar. Innovative instructions and software model for isolated execution. In HASP@ISCA 2013, page 10, 2013.
  20. Antonis Michalas. The lord of the shares: combining attribute- based encryption and searchable encryption for flexible data shar- ing. In SAC 2019, pages 146–155, 2019.
  21. Jianting Ning, Zhenfu Cao, Xiaolei Dong, Kaitai Liang, Hui Ma, and Lifei Wei. Auditable σ-time outsourced attribute-based en- cryption for access control in cloud computing. IEEE Transactions on Information Forensics and Security, 13(1):94–105, 2018.
  22. JiantingNing,ZhenfuCao,XiaoleiDong,andLifeiWei.White-box traceable CP-ABE for cloud storage service: How to catch people leaking their access credentials effectively. IEEE Transactions on Dependable and Secure Computing, 15(5):883–897, 2018.
  23. JiantingNing,ZhenfuCao,XiaoleiDong,LifeiWei,andXiaodong Lin. Large universe ciphertext-policy attribute-based encryption with white-box traceability. In Computer Security-ESORICS 2014, pages 55–72. Springer, 2014.
  24. Jianting Ning, Xiaolei Dong, Zhenfu Cao, and Lifei Wei. Ac- countable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In Computer Security– ESORICS 2015, pages 270–289. Springer, 2015.
  25. Jianting Ning, Xiaolei Dong, Zhenfu Cao, Lifei Wei, and Xiaodong Lin. White-box traceable ciphertext-policy attribute-based encryp- tion supporting flexible attributes. IEEE Transactions on Information Forensics and Security, 10(6):1274–1288, 2015.
  26. Olga Ohrimenko, Felix Schuster, Ce ?dric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi- party machine learning on trusted processors. In USENIX Security Symposium, pages 619–636, 2016. 1545-5971 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.ht ml for more information. Authorized licensed use limited to: UNIVERSITY OF BIRMINGHAM. Downloaded on July 26,2020 at 07:27:11 UTC from IEEE Xplore. Restrictions apply.
  27. Ashay Rane, Calvin Lin, and Mohit Tiwari. Raccoon: Closing dig- ital side-channels through obfuscated execution. In 24th USENIX Security Symposium, USENIX Security 2015, pages 431–446, 2015.
  28. Phillip Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM conference on Computer and communi- cations security, pages 98–107. ACM, 2002.
  29. Amit Sahai and Brent Waters. Fuzzy identity-based encryp- tion. In Advances in Cryptology–EUROCRYPT 2005, pages 457–473. Springer, 2005.
  30. Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. T-sgx: Eradicating controlled-channel attacks against enclave pro- grams. In NDSS 2017, 2017.
  31. Victor Shoup. A proposal for an iso standard for public key encryption (version 2.1). IACR Eprint Archive, 112, 2001.
  32. Gaurav Somani, Manoj Singh Gaur, and Dheeraj Sanghi. D- dos/edos attack in cloud: affecting everyone out there! In SIN 2015, pages 169– 176. ACM, 2015.
  33. Mohammed H Sqalli, Fahd Al-Haidari, and Khaled Salah. Edos- shield-a two-steps mitigation technique against edos attacks in cloud computing. In UCC 2011, pages 49–56. IEEE, 2011.
  34. Willy Susilo, Peng Jiang, Fuchun Guo, Guomin Yang, Yong Yu, and Yi Mu. Eacsip: Extendable access control system with in- tegrity protection for enhancing collaboration in the cloud. IEEE Transactions on Information Forensics and Security, 12(12):3110–3122, 2017.
  35. Florian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. Sealed-glass proofs: Using transparent enclaves to prove and sell knowledge. In EuroS&P 2017, pages 19–34. IEEE, 2017. ?
  36. Brent Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Public Key Cryptography–PKC 2011, pages 53–70. Springer, 2011.
  37. Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled- channel attacks: Deterministic side channels for untrusted operat- ing systems. In S&P 2015, pages 640–656. IEEE, 2015.
  38. Kaiping Xue, Weikeng Chen, Wei Li, Jianan Hong, and Peilin Hong. Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Transactions on Information Forensics and Security, 2018.
  39. Shui Yu, Yonghong Tian, Song Guo, and Dapeng Oliver Wu. Can we beat ddos attacks in clouds? IEEE Transactions on Parallel and Distributed Systems, 25(9):2245–2254,

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2023-04-30

Issue

Volume 10, Issue 2, March-April-2023

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Prof. Kaveri Deosarkar, Kamlesh Samrit "A Dual Security Protection Mechanism for Cloud-Based Data Storage and Sharing" International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 10, Issue 2, pp.313-322, March-April-2023. Available at doi : https://doi.org/10.32628/IJSRSET2310234