Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2011). Published as Volume 96 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST), pages 491-510; London, United Kingdom; September 7-9, 2011.
Security and privacy concerns hinder the adoption of cloud storage and computing in sensitive environments. We present a user-centric privacy-preserving cryptographic access control protocol called K2C (Key To Cloud) that enables end-users to securely store, share and manage their sensitive data in an untrusted cloud storage anonymously. Due to its distributed nature and support for lazy revocation, K2C is highly scalable and reliable. Moreover, it can be easily implemented on top of existing cloud services and APIs --- we demonstrate its prototype based on Amazon S3 API.
K2C is realized through our new cryptographic key-updating scheme, referred to as AB-HKU. The main advantage of the AB-HKU scheme is that it supports efficient delegation and revocation of privileges for hierarchies without requiring complex cryptographic data structures. We show the security of our AB-HKU scheme and K2C protocol based on the hardness of the Decisional Bilinear Diffie-Hellman problem (DBDH).
We analyze the security and performance of our access control protocol and provide an open source implementation of its core features. The two cryptographic libraries, Hierarchical Identity-Based Encryption and Key-Policy Attribute-Based Encryption, developed in this project are useful beyond the specific cloud security problem studied.
Paper:
[
PDF
]
(© Springer)
DOI:
[
DOI not yet available
]
Citation:
[
BibTex
]