TY - JOUR
T1 - Sanitizable Access Control System for Secure Cloud Storage Against Malicious Data Publishers
AU - Susilo, Willy
AU - Jiang, Peng
AU - Lai, Jianchang
AU - Guo, Fuchun
AU - Yang, Guomin
AU - Deng, Robert H.
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. This convenience has enabled corporations to efficiently use the cloud storage as a mechanism to share data among their employees. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. This is assuming that the cloud is fully trusted for not leaking any information, which is impractical as the cloud is owned by a third party. Therefore, encryption is mandatory, and the shared data will need to be stored as a ciphertext using an appropriate access control. However, in practice, some of these employees may be malicious and may want to deviate from the required sharing policy. The existing protection in the literature has been explored to allow only legitimate recipients to decrypt the contents stored in the cloud storage, but unfortunately, no existing work deals with issues raised due to the presence of malicious data publishers. Malicious data publishers construct data following the given policy, but the ciphertexts can actually be decrypted by unauthorized users without valid keys, or simply, anyone else who is unauthorized. The impact of the involvement of malicious data publishers is detrimental, as it may damage intellectual properties from the corporations. Therefore, it remains an elusive research problem on how to enable a sound approach to resolve the issue when malicious data publishers are involved in the system, which is a very practical question. In this work, we present a new direction of research that can cope with the presence of malicious data publishers. We resolve the aforementioned problem by proposing the notion of Sanitizable Access Control System (SACS), which is designed for a secure cloud storage that can also resist against malicious data publishers. We define the threat model and its formal security model, as well as its design and scheme which is based on $q$q-Parallel Bilinear Diffie-Hellman Exponent Assumption. We provide the security proof of our construction as well as its performance analysis. We believe that this work has opened a new area of research which has never been explored before, even though it is very practical. Therefore, this work will enhance the adoption of secure cloud storage in practice.
AB - Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. This convenience has enabled corporations to efficiently use the cloud storage as a mechanism to share data among their employees. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. This is assuming that the cloud is fully trusted for not leaking any information, which is impractical as the cloud is owned by a third party. Therefore, encryption is mandatory, and the shared data will need to be stored as a ciphertext using an appropriate access control. However, in practice, some of these employees may be malicious and may want to deviate from the required sharing policy. The existing protection in the literature has been explored to allow only legitimate recipients to decrypt the contents stored in the cloud storage, but unfortunately, no existing work deals with issues raised due to the presence of malicious data publishers. Malicious data publishers construct data following the given policy, but the ciphertexts can actually be decrypted by unauthorized users without valid keys, or simply, anyone else who is unauthorized. The impact of the involvement of malicious data publishers is detrimental, as it may damage intellectual properties from the corporations. Therefore, it remains an elusive research problem on how to enable a sound approach to resolve the issue when malicious data publishers are involved in the system, which is a very practical question. In this work, we present a new direction of research that can cope with the presence of malicious data publishers. We resolve the aforementioned problem by proposing the notion of Sanitizable Access Control System (SACS), which is designed for a secure cloud storage that can also resist against malicious data publishers. We define the threat model and its formal security model, as well as its design and scheme which is based on $q$q-Parallel Bilinear Diffie-Hellman Exponent Assumption. We provide the security proof of our construction as well as its performance analysis. We believe that this work has opened a new area of research which has never been explored before, even though it is very practical. Therefore, this work will enhance the adoption of secure cloud storage in practice.
KW - Access control
KW - Malicious data publishers
KW - Sanitizable
KW - Secure cloud storage
UR - http://www.scopus.com/inward/record.url?scp=85100845156&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2021.3058132
DO - 10.1109/TDSC.2021.3058132
M3 - Article
AN - SCOPUS:85100845156
SN - 1545-5971
VL - 19
SP - 2138
EP - 2148
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 3
ER -