Secure Role Based Data Access Control in Cloud Computing
Secure Role Based Data Access Control in Cloud Computing
Secure Role Based Data Access Control in Cloud Computing
AbstractCloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine- grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine- grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.
I. I N TRO D U C TI O N Cloud computing is a promising computing paradigm which recently has drawn extensive attention from both academia and industry. By combining a set of existing and new techniques from research areas such as ServiceOriented Architectures (SOA) and virtualization, cloud computing is regarded as such a computing paradigm in which resources in the computing infrastructure are provided as services over the Internet. Along with this new paradigm, various business models are devel- oped, which can be described by terminology of X as a service (XaaS) [1] where X could be software, hardware, data storage, and etc. Successful examples are Amazons EC2 and S3 [2], Google App Engine [3], and Microsoft Azure
[4] which provide users with scalable resources in the payas-you- use fashion at relatively low prices. As compared to building their own infrastructures, users are able to save their investments significantly by migrat- ing businesses into the cloud. With the increasing development of cloud computing technologies, it is not hard to imagine that in the near future more and more businesses will be moved into the cloud. As promising as it is, cloud computing is also facing many challenges that, if not well resolved, may impede its fast growth. Data security, as it exists in many other applications, is among these challenges that would raise great concerns from users when they store sensitive information on cloud servers. These concerns originate from the fact that cloud servers are usually operated by commercial providers which are very likely to be outside of the trusted domain of the users. Data confidential against cloud servers is hence frequently desired when users outsource data for storage in the cloud. In some practical application systems, data confidentiality is not only a security/privacy issue, but also of juristic concerns. For example, in healthcare application scenarios use and disclosure of protected health information (PHI) should meet the require- ments of Health Insurance Portability and Accountability Act (HIPAA) [5], and keeping user data confidential against the storage servers is not just an option, but a requirement. Furthermore, we observe that there are also cases in which cloud users themselves are content providers. They publish data on cloud servers for sharing and need fine-grained data access control in terms of which user (data consumer) has the access privilege to which types of data. In the healthcare case, for example, a medical center would be the data owner who stores millions of healthcare records in the cloud. It would allow data consumers such as doctors, patients, researchers and etc, to access various types of healthcare records under policies admitted by HIPAA. To enforce these access policies, the data owners on one hand would like to take advantage of the abundant resources that the cloud provides for efficiency and
ISSN:2231-2803
- 146 -
IJCTT
International Journal of Computer Trends and Technology- May to June Issue 2011
economy; on the other hand, they may want to keep the data contents confidential against cloud servers. This assumption however no longer holds in cloud computing since the data owner and cloud servers are very likely to be in two different domains. On one hand, cloud servers are not entitled to access the outsourced data content for data confidentiality; on the other hand, the data resources are not physically under the full control of the owner. For the purpose of helping the data owner enjoy fine-grained access control of data stored on untrusted cloud servers, a feasible solution would be encrypting data through certain cryptographic primitive(s), and disclosing decryption keys only to authorized users. These existing works, as we will discuss in section V-C, resolve this issue either by introducing a per file access control list (ACL) for fine-grained access control, or by categorizing files into several f ilegroups for efficiency. As the system scales, however, the complexity of the ACLbased scheme would be proportional to the number of users in the system. The f ilegroup-based scheme, on the other hand, is just able to provide coarse-grained data access control. It actually still remains open to simultaneously achieve the goals of fine-grainedness, scalability, and data confidentiality for data access control in cloud computing. In this paper, we address this open issue and propose a secure and scalable fine-grained data access control scheme for cloud computing. Our proposed scheme is partially based on our observation that, in practical application scenarios each data file can be associated with a set of attributes which are meaningful in the context of interest. The access structure of each user can thus be defined as a unique logical expression over these attributes to reflect the scope of data files that the user is allowed to access. As the logical expression can represent any desired data file set, fine-grainedness of data access control is achieved. To enforce these access structures, we define a public key component for each attribute. Data files are encrypted using public key components corresponding to their attributes. User secret keys are defined to reflect their access structures so that a user is able to decrypt a ciphertext if and only if the data file attributes satisfy his access structure. Such a design also brings about the efficiency benefit, as compared to previous works, in that, 1) the complexity of encryption is just related the number of attributes associated to the data file, and is independent to the number of users in the system; and 2) data file creation/deletion and new user grant operations just affect current file/user without involving systemwide data file update or re-keying. Main contributions of this paper can be summarized
as follows. 1) To the best of our knowledge, this paper is the first that simultaneously achieves fine-grainedness, scalability and data confidentiality for data access control in cloud computing; 2) Our proposed scheme enables the data owner to delegate most of computation intensive tasks to cloud servers without disclosing data contents or user access privilege information; 3) The proposed scheme is provably secure under the standard security model. In addition, our proposed scheme is able to support user accountability with minor extension. II. M O D E L S A N D A S S U M P TI O N S A.System Models To access data files shared by the data owner, Data Consumers, or users for brevity, download data files of their interest from Cloud Servers and then decrypt. Neither the data owner nor users will be always online. They come online just on the necessity basis. For simplicity, we assume that the only access privilege for users is data file reading. From now on, we will also call data files by files for brevity. Cloud Servers are always online and operated by the Cloud Service Provider (CSP). They are assumed to have abundant storage capacity and computation power. The Third Party Auditor is also an online party which is used for auditing every file access event. B. Security Models That is to say, Cloud Servers will follow our proposed protocol in general, but try to find out as much secret information as possible based on their inputs. More specifically, we assume Cloud Servers are more interested in file contents and user access privilege information than other secret information. Cloud Servers might collude with a small number of malicious users for the purpose of harvesting file contents when it is highly beneficial. Communication channel between the data owner/users and Cloud Servers are assumed to be secured under existing security protocols such as SSL. Users would try to access files either within or outside the scope of their access privileges. To achieve this goal, unauthorized users may work independently or cooperatively. In addition, each party is preloaded with a public/private key pair and the public key can be easily obtained by other parties when necessary. C. Design Goals Our main design goal is to help the data owner achieve
ISSN:2231-2803
- 147 -
IJCTT
International Journal of Computer Trends and Technology- May to June Issue 2011
fine-grained access control on files stored by Cloud Servers. Specifically, we want to enable the data owner to enforce a unique access structure on each user, which precisely designates the set of files that the user is allowed to access. Key Generation This algorithm takes as input an access tree T , the master key M K , and the public key P K . It outputs a user secret key SK as follows. First, it defines a random polynomial pi (x) for each node i of T in the top-down manner starting from the root node r. For each non-root node j, pj (0) = pparent(j) (idx(j)) where parent(j) represents js parent and idx(j) is js unique index given by its parent. For the root node r, pr (0) = y. Then it outputs SK as follows. SK = {ski }i L where L denotes the set of attributes attached to the leaf nodes of T and ski = gti . learn both the data file contents and user access privilege information. In addition, the proposed scheme should be able to achieve security goals like user accountability and support basic operations such as user grant/revocation as a general one-to-many communication system would require. All these design goals should be achieved efficiently in the sense that the system is scalable. III. T EC H N IQ U E P R E L I M I N A RI ES A. Key Policy Attribute-Based Encryption (KP-ABE) In KP-ABE, data are associated with attributes for each of which a public key component is defined. The encryptor associates the set of attributes to the message by encrypting it with the corresponding public key components. Each user is assigned an access structure which is usually defined as an access tree over data attributes, i.e., interior nodes of the access tree are threshold gates and leaf nodes are associated with attributes. User secret key is defined to reflect the access structure so that the user is able to decrypt a ciphertext if and only if the data attributes satisfy his access structure. A KPABE scheme is composed of four algorithms which can be defined as follows: Encryption This algorithm takes a message M , the public key P K , and a set of attributes I as input. It outputs the ciphertext E with the following format: E = (I, E , {Ei }i I ) where E = M Y s , Ei = T s , i and s is randomly chosen from Zp .
Attributes of a file Illness: diabetes Hospital: A Race: asian ... ISSN:2231-2803 Dummy attribute O w n e r
Decryption This algorithm takes as input the ciphertext E encrypted under the attribute set I , the users secret key SK for access tree T , and the public key P K . It first computes e(Ei , ski ) = e(g, g)pi (0)s for leaf nodes. Then, it aggregates these pairing results in the bottom-up manner using the polynomial interpolation technique. Finally, it may recover the blind factor Y s = e(g, g)ys and output the message M if and only if I satisfies T . B. Proxy Re-Encryption Proxy Re-Encryption (PRE) is a cryptographic primitive in which a semi-trusted proxy is able to convert a ciphertext encrypted under Alices public key into another ciphertext that can be opened by Bobs private key without seeing the underlying plaintext. More formally, a PRE scheme allows the proxy, given the proxy reencryption key rka b , to translate ciphertexts under public key pka into ciphertexts under public key pkb and vise versa. IV. Our P RO P O S E D S C H E M E A Main Idea In order to achieve secure, scalable and fine-grained access control on outsourced data in the cloud, we utilize and uniquely combine the following three advanced cryptographic techniques: KP-ABE, PRE and lazy reencryption. More specifically, we associate each data file with a set of attributes, and assign each user an expressive access structure which is defined over these attributes. To enforce this kind of access control, we utilize KP-ABE to escort data encryption keys of data files. Such a construction enables us to immediately enjoy fine-grained ness of access control. However, this construc- tion, if deployed alone, would introduce heavy computation overhead and cumbersome online burden towards the data owner, as he is in charge of all the operations of data/user management. Specifically, such an issue is mainly caused by the operation of user revocation, which inevitabily requires the data owner to re-encrypt all the data files accessible to the leaving user, or even needs the data owner to stay online to update secret keys for users. To resolve this challenging issue and make the construction suitable for cloud computing, we uniquely combine PRE with KP-ABE and enable the
Cloud servers
- 148 -
IJCTT
International Journal of Computer Trends and Technology- May to June Issue 2011
AND
User
N o t a t i o n D e s c r i p t i o n P K , M K s y s t e m p u b l i c k e y a n d
master key Ti public key component for attribute i ti master key component for attribute i SK user secret key
ISSN:2231-2803
- 149 -
IJCTT
International Journal of Computer Trends and Technology- May to June Issue 2011
AND Illiness:diabetes OR
Hospital:A
data owner to delegate most of the computation intensive operations to Cloud Servers without disclosing the underlying file contents. Such a construction allows the data owner to control access of his data files with a minimal overhead in terms of computation effort and online time, and thus fits well into the cloud environment. Data confidentiality is also achieved since Cloud Servers are not able to learn the plaintext of any data file in our construction. For further reducing the computation overhead on Cloud Servers and thus saving the data owners investment, we take advantage of the lazy re-encryption technique and allow Cloud Servers to aggregate computation tasks of multiple system operations. As we will discuss in section V-B, the computation complexity on Cloud Servers is either proportional to the number of system attributes, or linear to the size of the user access structure/tree, which is independent to the number of users in the system. Scalability is thus achieved. In addition, our construction also protects user access privilege information against Cloud Servers. Accoutability of user secret key can also be achieved by using an enhanced scheme of KP-ABE.
user secret key component for attribute i ciphertext component for attribute i attribute set assigned to a data file symmetric data encryption key of a data file set of attributes attached to leaf nodes of P the dummy attribute the system user list attribute history list for attribute i proxy re-encryption key for attribute i from its current version to the updated version i the data owners signature on message X
C. Summary In our proposed scheme we exploit the technique of brid encryption to protect data files, i.e., we encrypt data files using symmetric DEK s and encrypt DEK s with KPABE. Using KP-ABE, we are able to immediately enjoy fine-grained data access control and efficient operations such as file creation/deletion and new user grant. To resolve the challenging issue of user revocation, we combine the technique of proxy re-encryption with KP-ABE and delegate most of the burdensome computational task to Cloud Servers. We achieve this by letting Cloud Servers keep a partial copy of each users secret key, i.e., secret key components of all but one (dummy) attributes. When the data owner redefines a certain set of attributes for the purpose of user revocation, he also generates corresponding proxy re-encryption keys and sends B. Definition and Notation them to Cloud Servers. Cloud Servers, given these proxy For each data file the owner assigns a set of meaningful re-encryption keys, can update user secret key components attributes which are necessary for access control. Different and re-encrypt data files accordingly without knowing the data files can have a subset of attributes in common. Each underlying plaintexts of data files. This enhancement releases attribute is associated with a version number for the purpose the data owner from the possible huge computation overhead of attribute update as we will discuss later. Cloud Servers on user revocation. The data owner also does not need to keep an attribute history list AH L which records the version always stay online since Cloud Servers will take over the evolution history of each attribute and PRE keys used. In burdensome task after having obtained the PRE keys. To further addition to these meaningful attributes, we also define one save computation overhead of Cloud Servers on user revocation, dummy attribute, denoted by symbol AttD for the purpose of we use the technique of lazy re-encryption and enable Cloud key management. AttD is required to be included in every Servers to aggregate multiple successive secret key update/file data files attribute set and will never be updated. The access re-encryption operations into one, and thus statistically save the structure of each user is implemented by an access tree. computation overhead. Interior nodes of the access tree are threshold gates. Leaf nodes of the access tree are associated with data file attributes. For the purpose of key management, we require the root node to be an AN D gate (i.e., n-of-n threshold gate) with one child being the leaf node which is associated with the dummy attribute, and the other child node being any threshold gate. The dummy attribute will not be attached to any other node in the access tree. Fig.1 illustrates our definitions by an example. In addition, Cloud Servers also keep a user list U L which records IDs of all the valid users in the system. Fig.2 gives the description of notation to be used in our scheme.
ISSN:2231-2803
- 150 -
IJCTT
International Journal of Computer Trends and Technology- May to June Issue 2011
D. Discussion According to the above analysis, we can see that our proposed scheme is able to realize the desired security goals, i.e., fine-grained access control, data confidentiality, user access privilege confidentiality, and user secret key accountability. The goal of scalability is also achieved since the complexity for each operation of our proposed scheme, as is shown in Fig. 7, is no longer dependent to the nunber of users in the system. Therefore, our proposed scheme can serve as an ideal candidate for data access control in the emerging cloud computing environment. On the contrary, existing access control schemes in related areas either lack scalability, and fine-grainedness , or do not provide adequate proof of data confidentiality . VI. C O N C L U S I O N This paper aims at fine-grained data access control in cloud computing. One challenge in this context is to achieve finegrainedness, data confidentiality, and scalability. Simultaneously, which is not provided by current work. In this paper we propose a scheme to achieve this goal by exploiting KP- ABE and uniquely combining it with techniques of proxy re-encryption and lazy re-encryption. Moreover, our proposed scheme can enable the data owner to delegate most of com- putation overhead to powerful cloud servers. Confidentiality of user access privilege and user secret key accountability can be achieved. Formal security proofs show that our proposed scheme is secure under standard cryptographic models. VII R EF E R E N C E S [1] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, Above the clouds: A berkeley view of cloud computing, University of California, Berkeley, Tech. Rep. USB-EECS-2009-28, Feb 2009. [2] Amazon Web www.aws.amazon.com. Services (AWS), online Online at at
[7] P. D. McDaniel and A. Prakash, Methods and limitations of security policy reconciliation, in Proc. of SP02, 2002. [8] T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation, in Proc. of SP03, 2003.[9] J. Li, N. Li, and W. H. Winsborough, Automated trust negotiation using cryptographic credentials, in Proc. of CCS05, 2005.[10] J. Anderson, Computer Security Technology Planning Study, Air Force Electronic Systems Division, Report ESD-TR73-51, 1972, www.seclab.cs.ucdavis.edu/projects/history/.[11] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Scalable secure file sharing on untrusted storage, in Proc. of FAST03, 2003. [12] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, Sirius: Securing remote untrusted storage, in Proc. of NDSS03, 2003. [13] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, in Proc. of NDSS05, 2005. [14] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Over-encryption: Management of access control evolution on outsourced data, in Proc. of VLDB07, 2007.[15] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proc. Of CCS06, 2006
[4] Microsoft Azure, http://www.microsoft.com/azure/. [5] 104th United States Congress, Health Insurance Portability and Accountability Act of 1996 (HIPPA), Online at www.aspe.hhs.gov/admnsimp/pl104191.htm, 1996. [6] H. Harney, A. Colgrove, and P. D. McDaniel, Principles of policy in secure groups, in Proc. of NDSS01, 2001.
ISSN:2231-2803
- 151 -
IJCTT