Attribute-based cloud storage with secure provenance over encrypted data

National Research Foundation (NRF) Singapore; AXA Research Fun

Облачное хранилище

Несмотря на многочисленные преимущества облачного хранилища, защита данных по-прежнему является уязвимостью. В этой статье рассматриваются несколько способов защиты личных данных на облачном сервере. Данные могут быть защищены от изменений, посторонними лицами с помощью облачной системы хранения, где данные шифруются и поиск осуществляется по ключевому слову. В статье исследуется надежная и безопасная схема облачного хранилища с использованием нескольких обслуживающих компаний, и описывается архитектура облачной системы хранения на основе атрибутов с безопасным происхождением.Despite the many benefits of cloud storage, data protection is still a vulnerability. In this article, several ways of protection personal data on a cloud server are conceded. Data can be protected from alteration by unauthorized people using a cloud storage system, where data is encrypted and searched for using a keyword. In this article, a reliable and secure cloud storage schema using multiple service providers is examined and the system architecture of an attribute-based cloud storage system with secure provenance is described

Attribute-based cloud storage with secure provenance over encrypted data

To securely and conveniently enjoy the benefits of cloud storage, it is desirable to design a cloud data storage system which protects data privacy from storage servers through encryption, allows fine-grained access control such that data providers can expressively specify who are eligible to access the encrypted data, enables dynamic user management such that the total number of data users is unbounded and user revocation can be carried out conveniently, supports data provider anonymity and traceability such that a data provider’s identity is not disclosed to data users in normal circumstances but can be traced by a trusted authority if necessary, and equally important, provides secure data provenance by presenting irrefutable evidence on who has created and modified the data in the cloud. However, most of the existing cloud storage systems with secure provenance either lack the expressiveness in access control or incur too much performance overhead or do not support dynamic user management. In this paper, we solve these problems by presenting an attribute-based cloud storage system with secure provenance. We first give a simple construction without achieving user revocation, and then extend it with an efficient revocation mechanism to prevent revoked data users from accessing the newly encrypted data. Thereafter, we implement the algorithms in the proposed two constructions to evaluate their performance. Our experimental results show that the proposed systems are acceptable to be applied in practice

Attribute-Based Cloud Storage with Secure Provenance over Encrypted Data

To securely and conveniently enjoy the benefits of cloud storage, it is desirable to design a cloud data storage system which protects data privacy from storage servers through encryption, allows fine-grained access control such that data providers can expressively specify who are eligible to access the encrypted data, enables dynamic user management such that the total number of data users is unbounded and user revocation can be carried out conveniently, supports data provider anonymity and traceability such that a data provider's identity is not disclosed to data users in normal circumstances but can be traced by a trusted authority if necessary, and equally important, provides secure data provenance by presenting irrefutable evidence on who has created and modified the data in the cloud. However, most of the existing cloud storage systems with secure provenance either lack the expressiveness in access control or incur too much performance overhead or do not support dynamic user management. In this paper, we solve these problems by presenting an attribute-based cloud storage system with secure provenance. We first give a simple construction without achieving user revocation, and then extend it with an efficient revocation mechanism to prevent revoked data users from accessing the newly encrypted data. Thereafter, we implement the algorithms in the proposed two constructions to evaluate their performance. Our experimental results show that the proposed systems are acceptable to be applied in practice