Fine-grained Data Access Control Systems with User Accountability in - - PowerPoint PPT Presentation

fine grained data access control systems with user
SMART_READER_LITE
LIVE PREVIEW

Fine-grained Data Access Control Systems with User Accountability in - - PowerPoint PPT Presentation

Jun 25, 2023 569 likes •788 views

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 , Gansen Zhao 2 , and Xiaofeng Chen 3 Chunming Rong 4 , Yong Tang 2 1 Guangzhou University, China South China Normal University 2 3 Xidian University

slide-1
SLIDE 1

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing

Jin Li1, Gansen Zhao2, and Xiaofeng Chen 3 Chunming Rong4, Yong Tang2

1 Guangzhou University, China 2 South China Normal University 3 Xidian University 4 Stavenger University, Norway

slide-2
SLIDE 2

Outline

  • Background
  • Our Approach
  • Conclusion and Future Work
slide-3
SLIDE 3

Background

  • Cloud computing is an emerging computing paradigm in

which IT resources and capacities are provided as services over the Internet.

  • Challenging issues:

Data Storage and Access Control

slide-4
SLIDE 4

Background

  • Security Concern: Data access control

 Different type of data should be accessible to

different category of users, i.e., fine-grained data access control.

 Only authorized users can access data.

slide-5
SLIDE 5

Background

  • Challenges for achieving fine-grained

access control

 Strong attacks are possible

  • user collusion
  • key abuse

 User/attribute add and revocation

slide-6
SLIDE 6

Background

  • Our Design Goals

 Fine-grained access control over data

stored in cloud computing

 Collusion resistance  User accountability

  • Design Tool

– Attribute-based Encryption (ABE): one-to- many encryption, PKC

slide-7
SLIDE 7

Problem Description

  • Illegal key sharing among users

– How to prevent users from sharing their attribute private keys?

 Some users may have common attributes.

slide-8
SLIDE 8

Outline

  • Background
  • Our Approach
  • Conclusion And Future Work
slide-9
SLIDE 9

Attribute-Based Encryption

  • ABE is developed into two branches
  • Ciphertext Policy ABE (CP-ABE) and Key Policy ABE

(KP-ABE)

  • Both are powerful tools for fine-grained access control

File encrypted under access structure T Attribute set A, T(A)=1 Attribute set B, T(B)=0

 

CP-ABE

slide-10
SLIDE 10

Idea

  • Each user is associated with a set of

attributes.

  • User secret key is associated with an

access structure.

  • Data are encrypted over a set of attributes.
  • Decrypt of data requires data attributes

satisfy user access structure.

slide-11
SLIDE 11
  • Our observation
  • To detect illegal user, their identities IDs should

be included in the private key of attribute list L.

  • There is no user ID information in the ciphertext.
slide-12
SLIDE 12

Scheme Description

  • System Setup
  • Public parameters as well as a master key for the

attribute authority are chosen.

  • New User Grant
  • Assume that the attributes of user ID are L=(L1, L2, …,

Lk).

  • The authority computes the key for L║ID with the

technique of hierarchical identity-based encryption, where ID is viewed as another default attribute.

slide-13
SLIDE 13
  • New File Creation
  • Assume that a message is encrypted with

ciphertext-policy W.

  • The sender computes a ciphertext with

policy W ║*, such that any user with attribute list R(L,W)=1 can decrypt, regardless of the identity ID.

slide-14
SLIDE 14
  • File Access
  • Suppose that a message is encrypted with W ║*.
  • Assume the user’s secret key is for L║ID, where R(L,

W)=1. The user can only decrypt the ciphertext with attribute private key of L and the secret key of ID.

slide-15
SLIDE 15
  • Trace

Suppose that a given pirate device can decrypt the ciphertext under ciphertext-policy W. To pinpoint the exact identity: The authority just computes the hash values of identities for all authorized users and find the identity if its hash value is the same with the one in the decryption key.

slide-16
SLIDE 16

Main Idea in our construction

In normal encryption algorithm, a message is encrypted under ciphertext-policy W=W'║* such that any user with L║ID satisfying R(L║ID,W)=1 is able to decrypt. In tracing algorithm, the well-formed private key is extracted and pinpointed from the pirate device.

slide-17
SLIDE 17

Main Idea in our construction

To achieve efficient user revocation, a broadcast encryption algorithm is used such that any revoked user cannot get the secret encrypted by the broadcast encryption.

slide-18
SLIDE 18

Security Analysis

  • Fine-grained access control

 User access structure is able to describe

sophisticated logics over attributes. We can enforce complex access policies.

  • Collusion resistance

 Each user’s secret key has a unique

secret sharing scheme. Secret keys from different users do not “match” each other.

slide-19
SLIDE 19

Outline

  • Background
  • Our Approach
  • Conclusion And Future Work
slide-20
SLIDE 20
  • We presented a construction of ABE

with user accountability.

  • We

showed how to use the ABE construction in Cloud computing to achieve access control.

  • How

to achieve more fine-grained access structure is our future work.

slide-21
SLIDE 21

Thank You!