Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

Secure data sharing in cloud and IoT by leveraging attribute-based encryption and blockchain

“Data sharing is very important to enable different types of cloud and IoT-based services. For example, organizations migrate their data to the cloud and share it with employees and customers in order to enjoy better fault-tolerance, high-availability, and scalability offered by the cloud. Wearable devices such as smart watch share user’s activity, location, and health data (e.g., heart rate, ECG) with the service provider for smart analytic. However, data can be sensitive, and the cloud and IoT service providers cannot be fully trusted with maintaining the security, privacy, and confidentiality of the data. Hence, new schemes and protocols are required to enable secure data sharing in the cloud and IoT. This work outlines our research contribution towards secure data sharing in the cloud and IoT. For secure data sharing in the cloud, this work proposes several novel attribute-based encryption schemes. The core contributions to this end are efficient revocation, prevention of collusion attacks, and multi-group support. On the other hand, for secure data sharing in IoT, a permissioned blockchain-based access control system has been proposed. The system can be used to enforce fine-grained access control on IoT data where the access control decision is made by the blockchain-based on the consensus of the participating nodes”--Abstract, page iv

Access of Encrypted Personal Record in Cloud

Personal record is a data, which is collected and stored in cloud computing to gain cost benefit and better access control. In maintaining Personal Record, cloud computing plays an important role, since minor organizations are not affordable to keep own servers to maintain the personal record for cost and security aims. Providing availability to various stake holders become a deadly process in isolated individual servers with encryption technology. Cloud ensures that personal record availability to the necessary user at any point of time. In any country, there is a law which governs to maintain privacy of special records, and hence maintaining recodes in cloud are subjected to privacy concerns and high risk of getting exploited. There are various encryption schemes to provide personal records security and privacy in Cloud computing. Extensive logical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme. DOI: 10.17762/ijritcc2321-8169.15016

Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption

Abstract: Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme

On Using Encryption Techniques to Enhance Sticky Policies Enforcement

How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE

A survey of state-of-the-art methods for securing medical databases

This review article presents a survey of recent work devoted to advanced state-of-the-art methods for securing of medical databases. We concentrate on three main directions, which have received attention recently: attribute-based encryption for enabling secure access to confidential medical databases distributed among several data centers; homomorphic encryption for providing answers to confidential queries in a secure manner; and privacy-preserving data mining used to analyze data stored in medical databases for verifying hypotheses and discovering trends. Only the most recent and significant work has been included

The Secured Data Sharing For Multiauthority Access in Cloud Storage

Cloud record sharing indicates to a scope of cloud services that enables individuals to store and synchronize archives, photographs, recordings and different files in the cloud—and offer them with other individuals. These services additionally enable clients to share and synchronize data among different gadgets for a solitary proprietor. These services are open through work areas, scratch pad, advanced mobile phones and media tablets, and give a basic system to synchronizing data over numerous gadgets. In cloud computing, to shield data from spilling, clients need to scramble their data before being shared. In this paper we propose a proficient encryption plan based on layered model of the entrance structure is proposed in cloud computing, which is named document progression CP-ABE plan. FH-CP-ABE broadens normal CP-ABE with a various leveled structure of access approach, in order to accomplish basic, adaptable and fine-grained access control

Revocable Attribute-based Encryption Scheme with Arithmetic Span Program for Cloud-Assisted IoT

Efficient user revocation and description of the access policy are essential to enhance the practicality of attribute-based encryption (ABE) in real-life scenarios, such as cloud-assisted IoT. Nevertheless, existing ABE works fail to balance the two vital indicators. Motivated by this, in this paper, we present a revocable ciphertext-policy attribute-based encryption with arithmetic span programs (R-CPABE-ASP) for cloud-assisted IoT. For the first time, the presented R-CPABE-ASP achieves efficient user revocation and expressive description of access policy simultaneously. In R-CPABE-ASP, each attribute involved in access policy is merely used once to check whether a user owns access to shared data. Hence, the R-CPABE-ASP work enables efficient data encryption compared with existing revocable ABE works by reducing unnecessary cost for defining access policy. Meanwhile, the forward security of sensitive data is ensured by periodical update of encrypted data such that the capability of revocable storage is also assured in R-CPABE-ASP. As shown in the outsourced version of R-CPABE-ASP, The costly part for users to decrypt the data is outsourced to powerful cloud servers. There- fore, users in our R-CPABE-ASP can access their data in a more efficient way by merely one exponential operation. Finally, we carry out detailed theoretical analysis and experimental simulations to evaluate the performance of our work. The results fairly show that our proposed work is efficient and feasible in cloud-assisted IoT