Secure data sharing in cloud and IoT by leveraging attribute-based encryption and blockchain

“Data sharing is very important to enable different types of cloud and IoT-based services. For example, organizations migrate their data to the cloud and share it with employees and customers in order to enjoy better fault-tolerance, high-availability, and scalability offered by the cloud. Wearable devices such as smart watch share user’s activity, location, and health data (e.g., heart rate, ECG) with the service provider for smart analytic. However, data can be sensitive, and the cloud and IoT service providers cannot be fully trusted with maintaining the security, privacy, and confidentiality of the data. Hence, new schemes and protocols are required to enable secure data sharing in the cloud and IoT. This work outlines our research contribution towards secure data sharing in the cloud and IoT. For secure data sharing in the cloud, this work proposes several novel attribute-based encryption schemes. The core contributions to this end are efficient revocation, prevention of collusion attacks, and multi-group support. On the other hand, for secure data sharing in IoT, a permissioned blockchain-based access control system has been proposed. The system can be used to enforce fine-grained access control on IoT data where the access control decision is made by the blockchain-based on the consensus of the participating nodes”--Abstract, page iv

Multiple Authorities Access under Public Cloud Storage: Review

Public cloud storage is a cloud storage model that provide services to individuals and organizations to store, edit and manage data. Public cloud storage service is also known as storage service, utility storage and online storage. Cloud storage has many advantages, there is still remain various challenges among which privacy and security of users data have major issues in public cloud storage. Attribute Based Encryption(ABE) is a cryptographic technique which provides data owner direct control over their data in public cloud storage. In the traditional ABE scheme involve only one authority to maintain attribute set which can bring a single-point bottleneck on security and performance. Now we use threshold multi-authority Cipher text-Policy Attribute-Based Encryption (CP-ABE) access control scheme, name TMACS. TMACS is Threshold Multi-Authority Access Control System. In TMACS, multiple authority jointly manages the whole attribute set but no user has full control of any specific attribute. By combining threshold secret sharing (t,n) and multi-authority CP-ABE scheme, we developed efficient multi-authority access control system in public cloud storage

Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

SEA-BREW: A scalable Attribute-Based Encryption revocable scheme for low-bitrate IoT wireless networks

Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to state-of-the-art ABE schemes, ours is capable of securely performing key revocations with a single short broadcast message, instead of a number of unicast messages that is linear with the number of nodes. This is desirable for low-bitrate Wireless Sensor and Actuator Networks (WSANs) which often are the heart of (I)IoT systems. In SEA-BREW, sensors, actuators, and users can exchange encrypted data via a cloud server, or directly via wireless if they belong to the same WSAN. We formally prove that our scheme is secure also in case of an untrusted cloud server that colludes with a set of users, under the generic bilinear group model. We show by simulations that our scheme requires a constant computational overhead on the cloud server with respect to the complexity of the access control policies. This is in contrast to state-of-the-art solutions, which require instead a linear computational overhead

Secure Cloud Storage using Multi Attribute Authority with Multi Central Authority

Cloud Computing plays a main role in present day to day life. Security & privacy of data is major task in cloud. It is required to protect data from hackers & introdures . To provide more security this paper present multi attribute authority Cipher text Attribute Based Encryption (CPABE )technology with multi Central Authority(CA). Due to untrusted cloud server data access control becomes challenging task in cloud computing. Current data access control scheme is no longer applicable to cloud storage system, because it can’t provide fully trusted cloud server. We call it as a central authority. This single CA did not manage any attribute but responsible for issuing user unique id (UID).This CA must have capacity to decrypt any Cipher Text(CT) on the cloud. To overcome such a drawback here we can replace single CA to multi CA.in this paper we design secure cloud storage by providing access to the files using CPABE scheme. This system achieve forwarded & backward security . Also in this paper revocation technique is used related with file,user and attribute. DOI: 10.17762/ijritcc2321-8169.16041

Multiple Authorities Access under Public Cloud Storage

Public cloud storage is a cloud storage model that provide services to individuals and organizations to store, edit and manage data. Public cloud storage service is also known as storage service, utility storage and online storage. Cloud storage has many advantages, there is still remain various challenges among which privacy and security of users data have major problem in public cloud storage. Attribute Based Encryption(ABE) is a cryptographic technique which provides data owner direct control over their data in public cloud storage. In the traditional ABE scheme involve only single authority to maintain attribute set which can bring a single-point bottleneck on both security and performance. Now we use threshold multi-authority Cipher Text-Policy Attribute-Based Encryption (CP-ABE) access control scheme, name TMACS. TMACS is Threshold Multi-Authority Access Control System. In TMACS,multiple authority jointly manages the whole attribute set but no one has full control of any specific attribute. By combining threshold secret sharing (t,n) and multi-authority CP-ABE scheme, we developed efficient multi-authority access control system in public cloud storage

Survey on securing data storage in the cloud

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field

mRLWE-CP-ABE: A revocable CP-ABE for post-quantum cryptography

We address the problem of user fast revocation in the lattice-based Ciphertext Policy Attribute-Based Encryption (CP-ABE) by extending the scheme originally introduced by Zhang and Zhang [Zhang J, Zhang Z. A ciphertext policy attribute-based encryption scheme without pairings. In: International Conference on Information Security and Cryptology. Springer; 2011. p. 324-40. doi: https://doi.org/10.1007/978-3-642-34704-7_23.]. While a lot of work exists on the construction of revocable schemes for CP-ABE based on pairings, works based on lattices are not so common, and - to the best of our knowledge - we introduce the first server-aided revocation scheme in a lattice-based CP-ABE scheme, hence being embedded in a post-quantum secure environment. In particular, we rely on semi-trusted "mediators" to provide a multi-step decryption capable of handling mediation without re-encryption. We comment on the scheme and its application, and we provide performance experiments on a prototype implementation in the Attribute-Based Encryption spin-off library of Palisade to evaluate the overhead compared with the original scheme