Survey on Enhancing Secure Access Control for Cloud
Storage
Gauri Bandewar
Prof. R. H. Borhade
Dept. of Information Technology
Sinhgad Technical Education Society’s SKNCOE,
Pune, India
Dept. of Information Technology
Sinhgad Technical Education Society’s SKNCOE,
Pune, India
gauribandewar582@gmail.com
rhborhade@gmail.com
ABSTRACT
Cloud computing is a general term that provides many
services to users. Cloud helps in providing tremendous
amount of storage capability for the purpose of storing
information. So this can also offer security issue of controlling
unauthorized access to cloud data. For this, one very useful
model is RBAC (Role based access control) that helps in
controlling access to information stored on cloud. This paper
gives survey about schemes which are used to control access
from cloud. The term hybrid cloud is presented which is the
combination of public and private cloud in which more
sensitive information is stored on private cloud and all other
information is stored on public cloud but in the encrypted
form. Thus, it will be easy to prevent unauthorized access to
the cloud data so that it helps in improving security.
Keywords
Access control, Cloud computing, Data storage.
1. INTRODUCTION
In today’s world for maintaining data, more attention is given
to the cloud that has capability to store large amount of data
which can be accessed from anywhere. In this more sensitive
data will also be stored for example, customer’s personal data,
identity data and many more. Cloud storage service is
inexpensive and it provides services at very low cost and long
term access. Cloud provides on demand services for storing
data regardless of any maintenance of extra resources. After
this cloud storage is able to provide easy and simple way to
access their valuable data from cloud.
There are three types of cloud that are very useful. Public
cloud, private cloud and last is hybrid cloud [1]. A public
cloud is cloud that has global access. In public cloud data
made available publically. That means, it get accessed by any
person who wants.
Private cloud is based upon internal structure of the
organization. Unlike public cloud, private cloud is not
globally accessible. There is restriction in private cloud to
access data. Users of the private cloud may get access to
public cloud but private cloud is not publically available. So
that private cloud is more secure than public cloud and it is
trusted because it is not accessed by any external party. One
of the main issues is to secure data storage on public cloud.
Users do not know where their data is stored because cloud is
build from many data centers that distributed in different
location. Thus, to provide efficient access in cloud storage
many access control policies are developed. These all access
policies are emphasized in the cloud. In many existing system
it is assumed that cloud provider is trusted.
Paper is organized as: In section 2 related work is described in
detail. And in section 3 the paper is concluded.
2. RELATED WORK
Remaining paper related to access control in cloud.
L. Zhou et al. [1] provides RBE (Role based encryption)
scheme using RBAC (Role Based Access Control) policies for
secure accessing data from cloud using hybrid cloud. Hybrid
cloud is composite of public and private cloud. In which
encrypted data is stored on public cloud and more sensitive
data is stored on private cloud so it can help to prevent
unauthorized access to the cloud. This can also helps in
providing efficient user revocation with constant size key.
Cecile delerablee et al. [2] presents IBBE (Identity Based
Broadcast Encryption) in this broadcaster encrypt message
and transmits it to the group of users who use their private key
for decrypting that message. In this key encapsulation
mechanism is used to encrypt long messages using short key.
This provides constant size private key and constant size
cipher-text.
H. Rgab Hassen et al. [3] proposed key management for
CACH (Content Access Control in Hierarchy) system. In
which two approaches are used. Dependent and independent
key approaches. In dependent key approach to access data
there is no need of key with which it is encrypted. Using his
own key with some public parameter he can decrypt that data.
But in independent key approach, user must have the copy of
key with which data is encrypted. These are complex
cryptographic techniques useful in management of keys in
CACH.
Dan Boneh et al. [4] tell about HIBE (Hierarchical Identity
Based Encryption) scheme. In which three group elements are
included in cipher-text and decryption requires two bilinear
group computations without considering hierarchy depth. This
gives secure encryption system with short cipher-text
consisting of three group elements. Security of this system is
based on Diffie Hellman Inversion assumption. Craig gentry
et al. [5] explains HIDE (Hierarchical ID-Based Encryption)
scheme. It allows public key infrastructure to distribute
workload with delegation of private key generation and
identity authentication. Authentication is done locally. It is
undesirable for large network.
Vipul Goyal et al [6] describes KP-ABE (Key Policy
Attribute Based Encryption). In this each cipher-text is
labeled as encryptor with set of attributes. And private key is
associated with type of cipher-text that the key can decrypt.
This method uses tree access structure in which leaves are
associated with attributes. A user can decrypt the cipher-text
only when attribute associated with cipher-text satisfies key
access structure. This can provide delegation mechanism.
Paulo S. et al. [7] presents IBSC (Identity Based
Signcryption) method based on bilinear maps. This method is
more efficient than Identity Based Encryption schemes. In this
signature and encryption is done at one side and decryption
and verification is on another side. This IBSC satisfies
message confidentiality. This scheme is optimized from the
combination of identity based encryption and identity based
signature.
S. D. C. Di. Vimercati et al. [8] gives solution to the
enforcement of access control and its management. This is
based on selective encryption. In this formal base model is
introduced this describes encryption policy. Two-layer
approach is used one for encryption by owner and second is
for encryption by service itself. So that it can easily enforce
dynamic policy changes.
Amit Sahai et al. [9] have investigated Fuzzy Identity Based
Encryption. This scheme is error tolerant and secure against
collision attacks. For this user’s private key is constructed one
for each attribute identity. Different users consists private
keys with different polynomials. Size of public key increases
with increasing attributes.
S. Yu et al. [10] have studied about secure access control in
cloud. According to his opinion three techniques are
combined together. These are KP-ABE, PRE and lazy
vocation. If this construction gets deployed alone then high
computation overhead will be done. So to avoid this limitation
combination of above three methods is suitable to achieve
secure and scalable access from cloud. This scheme supports
user revocation.
Eu-Jin Goh et al. [11] have proposed SiRiUS (securing
Remote Untrusted Storage) scheme. This scheme assumes that
network is un-trusted. Revocation and management of key is
easy. New security mechanism is introduced that increases
security of file system without making changes in that file
system. It is designed for multiuser file system so that user
can share files. SiRiUS is useful for storing all access control
information. It supports two access modes. Read only and
read write.
Philipe Golle et al. [12] defines security model for conjunctive
keyword search for encrypted data. Security of this is based
on decisional diffie-hellman assumption. Communication cost
is linear.
R. Canetti et al. [13] have proposed the construction of CCAsecure public key encryption scheme over IBS. In this
construction message is encrypted using with generated key
pair by sender. And message is encrypted with respect to
identity. To obtain signature the resulting cipher-text get
signed which consists of verification key and IBE cipher-text.
To decrypt receiver first verifies the signature on cipher-text
with verification key. Receiver derives secret key with
identity and decrypt cipher-text with generated key pair. This
scheme is simple and efficient.
3. CONCLUSION
Cloud computing has several benefits regarding to storage
capability. And it can handle tremendous amount of data. To
secure data which is present on the cloud several access
mechanism are developed. These are used for securing data
access from cloud. To prevent attacks access control
mechanism is necessary that can help to minimize
unauthorized access to the cloud. In trusted cloud many
security policies can be applied for securing data. So that, it is
necessary to focus on to secure data when the cloud is untrusted.
ACKNOWLEDGMENT
I am extremely thankful to my guide Prof. R. H. Borhade for
suggesting topic for survey and providing all the assistance
needed to complete the work. He inspired me to work in this
area.
REFERENCES
[1] L. Zhou, V. Varadharajan, and M. Hitchens, “Achieving
Secure Role-Based Access Control on Encrypted Data in
Cloud
Storage”,
IEEE
TRANSACTIONS
ON
INFORMATIONFORENSICS AND SECURITY, VOL. 8,
NO. 12, DECEMBER 2013.
[2] Cecile Delerablee, “Identity-Based Broadcast Encryption
with Constant Size Ciphertextsand Private Keys”,
ASIACRYPT 2007, LNCS 4833, pp. 200–215, 2007.
[3] H. R. Hassen, A. Bouabdallah, H. Bettahar, and Y.
Challal, “Key management for content access control in a
hierarchy,” Comput. Netw., vol. 51, no. 11, pp. 3197–3219,
2007.
[4] D. Boneh, X. Boyen, and E.-J. Goh, “Hierarchical identity
based encryption with constant
size ciphertext,” in
EUROCRYPT (Lecture Notes in Computer Science), vol.
3494. New York, NY, USA: Springer- Verlag, May 2005, pp.
440–456.
[5] C. Gentry and A. Silverberg, “Hierarchical ID-based
cryptography,” in ASIACRYPT (Lecture Notes in Computer
Science), vol. 2501. New York, NY, USA: Springer-Verlag,
2002, pp. 548–566.
[6] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attributebased encryption for fine-grained access control of encrypted
data,” in Proc. ACM Conf. Comput. Commun. Sec., Oct./Nov.
2006, pp. 89–98.
[7] P. S. L. M. Barreto, B. Libert, N. McCullagh, and J.-J.
Quisquater, “Efficient and provably-secure identity-based
signatures and signcryption from bilinear maps,” in
ASIACRYPT (Lecture Notes in Computer Science), vol. 3788.
New York, NY, USA: Springer-Verlag, Dec. 2005, pp. 515–
532.
[8] S. D. C. Di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi,
and P. Samarati, “Over-encryption: Management of access
control evolution on outsourced data,” in Proc. VLDB, Sep.
2007, pp. 123–134.
[9] A. Sahai and B. Waters, “Fuzzy
identity-based
encryption,” in Proc. EUROCRYPT, 2005, pp. 457–473.
[10] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure,
scalable, and fine-grained data access control in cloud
computing,” in Proc. IEEE INFOCOM, Mar. 2010, pp. 534–
542.
[11] E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh,
“SiRiUS: Securing remote untrusted storage,” in Proc. NDSS,
2003, pp. 1–15.
[12] P. Golle, J. Staddon, and B. R. Waters, “Secure
conjunctive keyword search over encrypted data,” in ACNS
(Lecture Notes in Computer Science), vol. 3089. New York,
NY, USA: Springer-Verlag, Jun. 2004, pp. 31–45.
[13] R. Canetti, S. Halevi, and J. Katz, “Chosen-ciphertext
security from identity-based encryption,” in EUROCRYPT
(Lecture Notes in Computer Science), vol. 3027. New York,
NY, USA: Springer-Verlag, 2004, pp. 207–222.