Abstract
Cloud computing is currently emerging as a promising next-generation architecture in the Information Technology (IT) industry and education sector. The encoding process of state information from the data and protection are governed by the organizational access control policies. An encryption technique protects the data confidentiality from the unauthorized access leads to the development of fine-grained access control policies with user attributes. The Attribute-Based Encryption (ABE) verifies the intersection of attributes to the multiple sets. The handling of adding or revoking the users is difficult with respect to changes in policies. The inclusion of multiple encrypted copies for the same key raised the computational cost. This paper proposes an efficient Key Derivation Policy (KDP) for improvement of data security and integrity in the cloud and overcomes the problems in traditional methods. The local key generation process in proposed method includes the data attributes. The secret key is generated from the combination of local keys with the user attribute by a hash function. The original text is recovered from the ciphertext by the decryption process. The key sharing between data owner and user validates the data integrity referred MAC verification process. The proposed efficient KDP with MAC verification analyze the security issues and compared with the Cipher Text–Attribute-Based Encryption (CP-ABE) schemes on the performance parameters of encryption time, computational overhead and the average lifetime of key generation. The major advantage of proposed approach is the updating of public information and easy handling of adding/revoking of users in the cloud.
Similar content being viewed by others
References
Wan, Z., Liu, J.E., and Deng, R.H., HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing, IEEE Trans. Inf. Forensics Secur., 2012, vol. 7, pp. 743–754.
Yang, K. and Jia, X., An efficient and secure dynamic auditing protocol for data storage in cloud computing, IEEE Trans. Parallel Distrib. Syst., 2013, vol. 24, pp. 1717–1726.
Li, M., Yu, S., Zheng, Y., Ren, K., and Lou, W., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption, IEEE Trans. Parallel Distrib. Syst., 2013, vol. 24, pp. 131–143.
Wang, C, Chow, S.S., Wang, Q., Ren, K., and Lou, W., Privacy-preserving public auditing for secure cloud storage, IEEE Trans. Comput., 2013, vol. 62, pp. 362–375.
Wang, C., Wang, Q., Ren, K., Cao, N., and Lou, W., Toward secure and dependable storage services in cloud computing, IEEE Trans. Serv. Comput., 2012, vol. 5, pp. 220–232.
Wei, L., Zhu., H., Cao, Z., Dong, X., Jia, W., Chen, Y., et al., Security and privacy for storage and computation in cloud computing, Inf. Sci., 2014, vol. 258, pp. 371–386.
Rewagad, P. and Pawar, Y., Use of digital signature with Diffie-Hellman key exchange and AES encryption algorithm to enhance data security in cloud computing, 2013 International Conference on Communication Systems and Network Technologies (CSNT), 2013, pp. 437–439.
Sun, W., Yu. S., Lou, W., Hou, Y.T., and Li, H., Protecting your right: Attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud, 2014 Proceedings IEEE INFOCOM, 2014, pp. 226–234.
Liu, Q., Wang, G., and Wu, J., Clock-based proxy re-encryption scheme in unreliable clouds, 41st International Conference on Parallel Processing Workshops (ICPPW), 2012, pp. 304–305.
Alshehri, S., Radziszowski, S.P., and Raj, R.K., Secure access for healthcare data in the cloud using ciphertextpolicy attribute-based encryption, IEEE 28th International Conference on Data Engineering Workshops (ICDEW), 2012, pp. 143–146.
Ruj, S., Nayak, A., and Stojmenovic, I., DACC: Distributed access control in clouds, IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2011, pp. 91–98.
Yang, K., Jia, X., and Ren, K., Attribute-based fine-grained access control with efficient revocation in cloud storage systems, Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, 2013, pp. 523–528.
Wang, G., Liu, Q., Wu, J., Guo, M., Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers, Comput. Secur., vol. 30, pp. 320–331.
Li, J., Chen, X., Jia, C., Lou, W., Identity-Based Encryption with Outsourced Revocation in Cloud Computing, 2013.
Zheng, Q., Xu, S., and Ateniese, G., Vabks: Verifiable attribute-based keyword search over outsourced encrypted data, 2014 Proceedings IEEE INFOCOM, 2014, pp. 522–530.
Liu, Q., Wang, G., and Wu, J., Time-based proxy re-encryption scheme for secure data sharing in a cloud environment, Inf. Sci., 2014, vol. 258, pp. 355–370.
Wu, Y., Wei, Z., and Deng, H., Attribute-based access to scalable media in cloud-assisted content sharing, IEEE Trans. Multimedia, 2013, vol. 15, pp. 778–788.
Xu, D., Luo, F., Gao, L., and Tang, Z., Fine-grained document sharing using attribute-based encryption in cloud servers, Third International Conference on Innovative Computing Technology (INTECH), 2013, pp. 65–70.
Li, M., Yu, S., Cao, N., Lou, W., Authorized private keyword search over encrypted data in cloud computing, 31st International Conference on Distributed Computing Systems (ICDCS), 2011, pp. 383–392.
Zhu, Y., Hu. H., Ahn, G.-J., Huang, D., and Wang, S., Towards temporal access control in cloud computing, 2012 Proceedings IEEE INFOCOM, 2012, pp. 2576–2580.
Chen, Y.-R., Chu, C.-K., Tzeng, W.-G., and Zhou, J., CloudHKA: A cryptographic approach for hierarchical access control in cloud computing, in Applied Cryptography and Network Security, Jacobson, M., Locasto, M., Mohassel, P., and Safavi-Naini, R., Eds., Berlin-Heidelberg: Springer, 2013, vol. 7954, pp. 37–52.
Nabeel, M., Ning, S., and Bertino, E., Privacy preserving policy-based content sharing in public clouds, IEEE Trans. Knowl. Data Eng., 2013, vol. 25, pp. 2602–2614.
Takabi, H. and Joshi, J.B.D., Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment, 45th Hawaii International Conference on System Science (HICSS), 2012, pp. 5500–5508.
Nabeel, M. and Bertino, E., Privacy preserving delegated access control in public clouds, IEEE Trans. Knowl. Data Eng., 2014, vol. 26, pp. 2268–2280.
Dijiang, H., Zhibin, Z., Le, X., Tianyi, X., and Yunji, Z., Secure data processing framework for mobile cloud computing, IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2011, pp. 614–618.
Author information
Authors and Affiliations
Corresponding author
Additional information
The article is published in the original.
About this article
Cite this article
Senthil Kumari, P., Nadira Banu Kamal, A.R. Key Derivation Policy for data security and data integrity in cloud computing. Aut. Control Comp. Sci. 50, 165–178 (2016). https://doi.org/10.3103/S0146411616030032
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411616030032