ReviewAttribute based encryption in cloud computing: A survey, gap analysis, and future directions
Introduction
Cloud environment (Lumb et al., 2009, Jadeja and Modi, 2012, Fehling et al., 2014) provides the new dimension of utilizing information technology resources in the business. The cloud delivers the resources based on the on-demand and pay by use model i.e. whenever we need the additional resources based on the request, the service will be allotted and charged. The cloud delivers the variety of services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) to cloud users as shown in Fig. 1. SaaS provides the application to the user such as webmail, program interface, and web browser. PaaS provides the programming languages, libraries, services, and tools, etc. IaaS provides the infrastructure, such as storage, networks, and other processing and computing resources. There are various deployment models such as private, public, community, and hybrid cloud. Private cloud is owned by a single organization, whereas the public cloud is shared by multiple consumers. Community cloud means the same kind of community consumers can join and use this service. Hybrid cloud is the combination of any two above-said deployment models of the cloud. Based on the user need and requirement, the user may choose specific services and deployment model.
Cloud provides a lot of benefits such as cost savings in investments, less maintenance, flexibility, less environment impact, scalability, access anywhere, etc. Even though the cloud provides a lot of benefits, the businesses or organizations are not moving to the cloud, especially storing big data in the cloud due to security and privacy issues (Takabi et al., 2010, Pasupuleti et al., 2016). Cloud storage (Wu et al., 2010) is mainly used to store and manage the data remotely, it allows storing the data through the internet so that users can access the data from anywhere in the world irrespective of the device and location. Cloud storage also helps to store big data for managing, processing and analyzing of data, which is quite simple without investing much because it supports the entire requirement for the same. However, the problem with cloud storage is data privacy and access control, because storing data in the cloud means it is stored in third party Cloud Service Provider (CSP) who may not trusted. Therefore, the cloud service provider may access or disclose the sensitive data and they may share the stored data to unauthorized users for business purposes. Consider the privacy and security of the users the data must be encrypted before storing in to the cloud. Even though we encrypt the data it can be accessed by all the users, so the data access should be restricted based on user's access level and rights. Henceforth, there are two main things to be considered while storing the data in the cloud i.e. privacy of the big data and user access control (Khan, 2012).
The traditional symmetric and asymmetric key encryption cryptographic techniques are used for encryption. The symmetric key means the same key is used for both encryption and decryption. The asymmetric key means the public key is used for encryption and the private key is used for decryption i.e. different keys are used for both encryption and decryption. However, these encryption techniques provide the privacy, but not the access control. The Attribute Based Encryption (ABE) is a public key cryptographic technique (Kamara and Lauter, 2010) that provides the secure data sharing among multiple users which can achieve both privacy and access control. In ABE, data is encrypted using attributes and decrypted using the secret key of a user which is associated with an access policy. The user can only decrypt when the user credentials satisfy the access policy, and it does not only provide the fine-grained access control, but also provides revocation, collusion resistant, and scalability. The ABE is mainly classified into two types, Key Policy Attribute Based Encryption (KPABE) and Cipher Policy Attribute Based Encryption (CPABE). In KPABE, the ciphertext is based on attributes and the user's secret keys are based on access policies, and it is shown in Fig. 2. In CPABE, the ciphertext is based on access policies and user's secret keys based on attributes and it is shown in Fig. 3.
In this paper, we survey and discuss the different ABE schemes, such as KPABE, CPABE and about access structure, constant ciphertext, and multi-authority. Further CPABE is studied in-depth about hidden policy, proxy re-encryption, revocation mechanism and Hierarchical ABE. Finally, we conclude and provide the future direction of ABE research. The taxonomy of the survey is shown in the Fig. 4. The major contributions of this paper are as follows:
- 1)
We survey the ABE schemes in cloud computing
- 2)
We discuss the problems of different KPABE and CPABE schemes
- 3)
We give the comparison of various ABE schemes based on their advantages, disadvantages, and functionalities.
- 4)
We also provide the security and performance analysis of different ABE schemes
- 5)
Finally, we provide the applications and future directions for ABE in cloud computing
The rest of the paper is organized as follows: Section 2 focus on the ABE basic concepts with an algorithm, Key policy ABE, Ciphertext policy ABE, multi-authority CPABE, hidden policy CPABE, proxy re-encryption, revocation mechanism in CPABE, and Hierarchical attribute based encryption. The comparative study of the various ABE schemes is presented in Section 3. The applications of ABE is given in Section 4. Section 5 covers the future directions of ABE research and the paper is concluded in Section 6.
Section snippets
Attribute based encryption
In this section, we discuss about the fundamental concept of ABE and its algorithm. Sahai and Waters (2005) first proposed the concept of ABE, and it is the public key cryptography of one-to-many algorithm to protect the data in the cloud. Here, the encryption of the data is based on the set of attributes. There are three actors involved namely Authority, Data Owner, Data User. Authority generates public key and send it to the data owner for encryption and it also generates the master secret
Comparison
In this section, we compare the various existing ABE schemes in terms of features analysis, security analysis, and performance analysis.
Applications of ABE
In this section, we give the application scenario of different ABE schemes such as KPABE, and CPABE.
In KPABE, the data is encrypted using set of descriptive attributes and secret key is associated with access structure. KPABE is more suitable for the following application which requires the descriptive attribute to encrypt the data such as 1) In secure forensic application, the relevant information and evidence is stored with set of descriptive attributes such as crime id, date, and name of the
Future directions
We analysed the different ABE schemes and research progress. It is a leading research area in the past decade but still there is a scope to investigate further on ABE. The following are the some of the possible challenges for further investigation on ABE.
- 1
CPABE efficiency for big data, mobile, IoT applications: CPABE scheme provides effective access control for big data, mobile and IoT applications in the cloud but the computation requirement of encryption and decryption process is inefficient
Discussion and conclusion
In this paper, we focused on the importance and requirement of privacy and access control in the cloud environment and ABE is a widely used prominent cryptographic technique to provide that privacy and the fine-grained access control. We comprehensively surveyed the attribute based encryption schemes based on various characteristics and parameters such as access structure, multi-authority, hidden policy in CPABE, proxy re-encryption in CPABE, revocation mechanism in CPABE and HABE. Furthermore,
P.Praveen Kumar received the MTech degree in Computer and Information Technology from Manonmaniam Sundaranar University. He is currently doing PhD at National Institute of Technology, Tiruchirappalli. His research interests include Cloud Computing, Big Data, and Cryptography. He is a life member of the ISTE.
References (80)
- et al.
Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts
Inf. Sci.
(2014) - et al.
Secure, efficient and revocable multi-authority access control system in cloud storage
Comput. Secur.
(2016) - et al.
A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing
Future Generat. Comput. Syst.
(2015) - et al.
An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing
J. Netw. Comput. Appl.
(2016) - et al.
Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers
Comput. Secur.
(2011) - et al.
Attribute-based encryption supporting direct/indirect revocation modes
- et al.
Expressive key-policy attribute-based encryption with constant-size ciphertexts
- et al.
Ciphertext-policy attribute-based encryption
- et al.
The Importance of ABAC: Attribute-based Access Control to Big Data: Privacy and Context
(2015) - et al.
Efficient pairing computation for attribute based encryption using MBNR for big data in cloud
Multi-authority attribute based encryption
Improving privacy and security in multi-authority attribute-based encryption
Efficient decentralized attribute-based access control for cloud storage with user revocation
Provably secure ciphertext policy abe
A framework of multi-authority attribute-based encryption with outsourcing and revocation
Expanded Top Ten Big Data Security and Privacy Challenges
Attribute-based storage supporting secure deduplication of encrypted data in cloud
IEEE Trans. Big Data
Identity-based broadcast encryption with constant size ciphertexts and private keys
A ciphertext-policy attribute-based encryption scheme with constant ciphertext length
Int. J. Appl. Cryptogr.
Arbitrary-state attribute based encryption with dynamic membership
IEEE Trans. Comput.
Cloud computing fundamentals
Scalable and secure access control policy update for outsourced big data
Future Generat. Comput. Syst.
Attribute-based encryption for fine-grained access control of encrypted data
Bounded ciphertext policy attribute based encryption
Privacy-preserving decentralized key-policy attribute-based encryption
IEEE Trans. Parallel Distr. Syst.
Secure, efficient and fine-grained data access control mechanism for P2P storage cloud
IEEE Trans. Cloud Comput.
Improving security and efficiency in attribute-based data sharing
IEEE Trans. Knowl. Data Eng.
Attribute-based access control with efficient revocation in data outsourcing systems
IEEE Trans. Parallel Distr. Syst.
Efficient and provable secure ciphertext-policy attribute-based encryption schemes
Mediated ciphertext-policy attribute-based encryption and its application
Cloud computing-concepts, architecture and challenges
Fully secure hidden ciphertext policy attribute-based encryption with short ciphertext size
Cryptographic cloud storage
Access control in cloud computing environment
ARPN J. Eng. Appl. Sci.
Fully secure cipertext-policy hiding CP-ABE
Fully secure key-policy attribute-based encryption with constant-size ciphertexts and fast decryption
Decentralizing attribute-based encryption
Revocation systems with very small private keys
Matrix Access Structure Policy Used in Attribute Based Proxy Re-encryption
Privacy-aware attribute-based encryption with user accountability
Cited by (0)
P.Praveen Kumar received the MTech degree in Computer and Information Technology from Manonmaniam Sundaranar University. He is currently doing PhD at National Institute of Technology, Tiruchirappalli. His research interests include Cloud Computing, Big Data, and Cryptography. He is a life member of the ISTE.
P .Syam Kumar received the MTech degree in Computer Science and Technology from Andhra University and PhD degree in Computer Science from Pondicherry University. He is an Assistant professor in Institute for Development and Research in Banking Technology (IDRBT), Hyderabad. His research interests are in the area of Cloud Computing, Security and Privacy, Cryptography and IoT. He is a member of the IEEE.
P .J.A.Alphonse received the MTech degree in computer science from Indian Institute of Technology, Delhi and the PhD degree in Mathematics & Computer Science from National Institute of Technology, Tiruchirappalli. He is currently working as Associate professor in National Institute of Technology, Tiruchirappalli. His research interests include Graph Theory and its Algorithms, Wireless and Ad hoc Networks, Cryptography and Network Security. He is a life member of the ISTE and ISC.