Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud

Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy

HIR-CP-ABE: Hierarchical Identity Revocable Ciphertext-Policy Attribute-Based Encryption for Secure and Flexible Data Sharing

Ciphertext Policy Attribute-Based Encryption (CP- ABE) has been proposed to implement the attribute-based access control model. In CP-ABE, data owners encrypt the data with a certain access policy such that only data users whose attributes satisfy the access policy could obtain the corresponding private decryption key from a trusted authority. Therefore, CP-ABE is considered as a promising fine-grained access control mechanism for data sharing where no centralized trusted third party exists, for example, cloud computing, mobile ad hoc networks (MANET), Peer-to-Peer (P2P) networks, information centric networks (ICN), etc.. As promising as it is, user revocation is a cumbersome problem in CP-ABE, thus impeding its application in practice. To solve this problem, we propose a new scheme named HIR-CP-ABE, which implements hierarchical identity- based user revocation from the perceptive of encryption. In particular, the revocation is implemented by data owners directly without any help from any third party. Compared with previous attribute-based revocation solutions, our scheme provides the following nice properties. First, the trusted authority could be offline after system setup and key distribution, thus making it applicable in mobile ad hoc networks, P2P networks, etc., where the nodes in the network are unable to connect to the trusted authority after system deployment. Second, a user does not need to update the private key when user revocation occurs. Therefore, key management overhead is much lower in HIR-CP-ABE for both the users and the trusted authority. Third, the revocation mechanism enables to revoke a group of users affiliated with the same organization in a batch without influencing any other users. To the best of our knowledge, HIR-CP-ABE is the first CP-ABE scheme to provide affiliation-based revocation functionality for data owners. Through security analysis and performance evaluation, we show that the proposed scheme is secure and efficient in terms of computation, communication and storage

A Review on Enhancing Organization Security using Attribute-Based Encryption for Data Sharing

With the recent growth of networking, peoples can share their data with others through online, by using social networks or cloud computing but at the same time there has been increasing demand for data security. People would like to make their private data only accessible to the authorized people. In data sharing systems, access policies and the support of policies updates are most challenging issues. Attribute-based encryption (ABE) and Cipher text policy attribute based encryption (CP-ABE) are becoming promising cryptographic solutions to this issue and achives a fine-grained data access control. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. The major drawback of these systems is the key escrow problem. The proposed scheme solves the key escrow problem which depends on attribute based encryption technique for the shared data. Paillier Cryptosystem is utilized for encryption of keys for assignment and revocation process while Twofish algorithm is used to encrypt and decrypt stored data of users. Whenever data owner upload personal documents on cloud server, first the keywords will get fetched from the documents and index will be created. Lucene indexing algorithm is used for indexing of keywords. A Blind Storage scheme allows a client to store a set of files on a remote server

A Protected And Lightweight Data Distribution Program For Mobile Cloud Computing

Because of the widespread adoption of cloud computing, mobile devices may now store and access personal data from any location at any time. As a result, the data security issue in mobile cloud is becoming increasingly serious, impeding the growth of mobile cloud. There have been several researches undertaken in order to enhance cloud security. However, because mobile devices have limited processing capabilities and power, the majority of them are not suitable for mobile cloud. Mobile cloud applications require solutions with a low computational overhead. We propose a lightweight data sharing mechanism for mobile cloud computing in this work. It provides attribute description fields to achieve lazy-revocation, which is a difficult problem in CP-ABE systems based on programs. The experimental findings suggest that when users share data in mobile cloud settings, a lightweight data sharing technique may effectively minimize the overhead on the mobile device side

Secure data sharing in cloud and IoT by leveraging attribute-based encryption and blockchain

“Data sharing is very important to enable different types of cloud and IoT-based services. For example, organizations migrate their data to the cloud and share it with employees and customers in order to enjoy better fault-tolerance, high-availability, and scalability offered by the cloud. Wearable devices such as smart watch share user’s activity, location, and health data (e.g., heart rate, ECG) with the service provider for smart analytic. However, data can be sensitive, and the cloud and IoT service providers cannot be fully trusted with maintaining the security, privacy, and confidentiality of the data. Hence, new schemes and protocols are required to enable secure data sharing in the cloud and IoT. This work outlines our research contribution towards secure data sharing in the cloud and IoT. For secure data sharing in the cloud, this work proposes several novel attribute-based encryption schemes. The core contributions to this end are efficient revocation, prevention of collusion attacks, and multi-group support. On the other hand, for secure data sharing in IoT, a permissioned blockchain-based access control system has been proposed. The system can be used to enforce fine-grained access control on IoT data where the access control decision is made by the blockchain-based on the consensus of the participating nodes”--Abstract, page iv

Remarks on the Cryptographic Primitive of Attribute-based Encryption

Attribute-based encryption (ABE) which allows users to encrypt and decrypt messages based on user attributes is a type of one-to-many encryption. Unlike the conventional one-to-one encryption which has no intention to exclude any partners of the intended receiver from obtaining the plaintext, an ABE system tries to exclude some unintended recipients from obtaining the plaintext whether they are partners of some intended recipients. We remark that this requirement for ABE is very hard to meet. An ABE system cannot truly exclude some unintended recipients from decryption because some users can exchange their decryption keys in order to maximize their own interests. The flaw discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure

High Sensitive and Relevant Data Sharing with Secure and Low Time Consuming

Intermittent connection of networks and partition taken place frequently are likely to be suffered in military environments. Wireless devices are enabled in the network for accessing the confidential data with security by utilizing the storage nodes and alsothere is a communication with each other.Several privacy challenges andsecurity is based upon the attribute revocation and coordination of attributes issued from differentauthorities independentlywhich are introduced by the ABE scheme.For data encryption and decryption scalability is provided by ABE. In the case of encrypting the data, it is encrypted using certain polices and the attributes based upon the private keys and for decrypting the data it must possess some attributes that must match with the security policy that is applied in the particular data. The confidentiality of the stored data evenin the hostile area where key authorities are not fully trusted. In this paper, we demonstrate method of applying the proposed scheme in high sensitive and relevant data sharing with secure and low time consumin