Secure Data Group Sharing and Dissemination with Attribute and Time Conditions in Public Cloud


 Paper Synopsis:

Data dissemination:
Dissemination takes on the theory of the traditional view of communication, which involves a sender and receiver. The traditional communication view point is broken down into a sender sending information, and receiver collecting the information processing it and sending information back, like a telephone line.
Example:
Alice (owner, share)    è      Bob(view, share(with policies)) (disseminator, re-encrypting the ciphertext)
Existing system:
Attribute-based encryption
Attribute-based encryption (ABE) is one of new cryptographic mechanisms used in cloud to reach flexible and fine-grained secure data group sharing [4]. Especially, ciphertext-policy ABE (CP-ABE) allows data owners to encrypt data with an access policy such that only users whose attributes satisfy the access policy can decrypt the data [5].

The proxy re-encryption (PRE) scheme [7] in a manner could achieve efficient data dissemination in cloud by re-encrypting the ciphertext to other users [8]. However, it may not meet the requirements when data owner doesn’t expect all the authorized users who can view his data to disseminate data or allow the disseminators to disseminate all his data. For example, Alice authorizes Bob and Carol to access her data, but she only allows Bob to disseminate some specific photos or videos to his space.

The conditional PRE (CPRE) scheme [9] could address this issue by allowing a user to generate a re-encryption key associated with a condition, and only the encrypted data meeting the condition can be reencrypted [10].

Timed-Release Encryption
time-based exposing can be achieved by timed-release encryption (TRE). The TRE allows data owner to encrypt message for the purpose that intended users can decrypt it after a designated time [13,37]. It is a two-factor encryption scheme combining public key encryption (PKE) and time dependent encryption. In order to recover message, a trusted agent is required to expose time token, which is kept confidential by the trusted agent until at an appointed time, thus even the intended user cannot get the plaintext of message before the designated releasing time.

To achieve many-to-many access control of data dissemination, Huang et al. [29] proposed PRECISE, which combines attribute-based CPRE with IBBE to support fine-grained re-encryption conditions on IBBE ciphertext.

Proposed system:
propose a secure data group sharing and dissemination scheme in public cloud based on attribute-based and timed-release conditional identity-based broadcast PRE.
Advantage:
 Our scheme provides fine-grained and timed-release data dissemination which allows flexibility in specifying different access rights of individual data disseminators.

Our scheme is advanced in data dissemination security as data owners could specify encrypted data to be disseminated by some certain users at different times by enforcing the fine-grained and timed-release access policy conditions.

CIBPRE [10] only can enforce a single simple keyword condition and cannot achieve time-based exposing in data dissemination phase, so the ciphertext size and re-encryption key size in this scheme are both inevitable less than other schemes.
Objectives:
(1) We employ IBBE technique to achieve secure data group sharing in public cloud, which allows data owner to outsource encrypted data to semi-trusted cloud and share it with a group of receivers at one time. It is more convenient that email and username could be used as public keys for users.
(2) We design an access policy embedding releasing time and take the advantages of attribute-based CPRE, to achieve fine-grained and timed-release data group dissemination. The CSP can re-encrypt initial ciphertexts for data disseminator after the designate time if his attributes associated with the re-encryption key satisfy the access policy in the ciphertexts.
.
System Architecture:

·         The central authority (CA) is a fully trusted authority running on trusted cloud platform with flexibility and scalability that manages and distributes public/secret keys in the system, including generates system parameters to initialize system and generates private keys and attribute keys with users’ identity and attributes. In addition, it acts as a trusted time agent to publish time token at each pre-defined time.
·         The CSP is a semi-trusted entity that has abundant storage capacity and computation power to provide data sharing services in public cloud. It is in charge of controlling the accesses from outside users to the stored data and providing corresponding services. When it receives the request of data re-encryption, it is responsible for generating a re-encrypted ciphertext with re-encryption key from data disseminator. Hence, CSP stores not only initial ciphertexts, but also re-encrypted ciphertexts.
·         The data owner wishes to outsource the data into cloud for convenience of group sharing and dissemination. The data owner is in charge of encrypting data for a set of receivers. If the data owner has the requirement to limit his data to be disseminated by some specific people after some specific time, the data owner is able to define attribute-based and timed-release access policy and enforce it on his own data by encrypting the data under the policy before outsourcing it.
·         The data disseminator is the person who wishes to share data owner’s data with other people (e.g. his friends, family members, colleagues). For security and access control considerations, data disseminator must be one of intended receivers defined by the data owner, who could decrypt the initial ciphertexts. The data disseminator can generate re-encryption keys, and then send data re-encryption requests with these keys to the CSP to disseminate data owner’s data to others. Only the attributes of data disseminator satisfy access policy and the pre-determined time arrives, data re-encryption request can be successfully executed by CSP.
·         The user is the ciphertexts receiver who can access the outsourced data. The user is able to decrypt the initial and re-encrypted ciphertexts if he is the intended receiver defined by the data owners or data disseminators.

Security on above model

In our scheme, we assume the CA running on the trusted cloud platform to be fully trusted, which means it would not be compromised by malicious attackers or collude with other malicious entities. However, we assume the CSP is honest but curious, which means it executes the tasks and may collude to get unauthorized data. Specifically, security requirements cover the following aspects.
1) Data confidentiality. The unauthorized users who are not the intended receivers defined by data owner should be prevented from accessing the data. Additionally, unauthorized access from CSP which is not fully trusted, should also be prevented.
2) Re-encryption secrecy. The data disseminator whose attributes could not satisfy the access policy in ciphertexts alone, or who tries to disseminate the ciphertext before specified releasing time, should be prevented from disseminating the ciphertexts.
3) Flexible dissemination conditions. The data owner can custom fine-grained and timed-release conditions so that the data only can be disseminated by the users whose attributes satisfy these conditions after the releasing time.
4) Collusion resistance. The unauthorized data disseminators cannot collude with each other to generate the reencryption key, thus the re-encryption of ciphertext should not be successful.

Conclusion:
propose a secure data group sharing and dissemination scheme in public cloud based on at
tribute-based and timed-release conditional identity-based broadcast PRE. Our scheme allows users to share data with a group of receivers by using identity such as email and username at one time, which would guarantee data sharing security and convenience in public cloud. Besides, with the usage of fine-grained and timed-release CPRE, our scheme allows data owners to custom access policies and time trapdoors in the ciphertext which could limit the dissemination conditions when outsourcing their data. The CSP will re-encrypt the ciphertext successfully only when the attributes of data disseminator associated with the re-encryption key satisfy access policy in the
initial ciphertext and the time trapdoors in the initial ciphertext are exposed.

For additional details comment below with requirements.

Comments

Post a Comment

Popular posts from this blog

Lightweight Fine-Grained Search over Encrypted Data in Fog Computing

Image
Aim: propose a Lightweight Fine-Grained Search (LFGS) system which supports fine Grained access control and single keyword search. Existing System: ·          the existing ciphertext retrieval schemes rarely focus on the fog computing environment and most of them still impose high computational and storage overhead on resource-limited end users. ·         existing CP-ABKS schemes are approximately proportional to the complexity of access policy, which greatly hinder the uses of resource-limited IoT devices. ·          existing CP-ABE schemes is that encryption or decryption operations involve time-consuming pairing operations and a number of other operations increasing with the complexity of access policy . Proposed System: Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing by extending Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Searchable Encryption (SE) technologies, which can achieve fine-grained access control and keyword sea
Read more

A Comprehensive Study on Social Network Mental Disorders Detection via Online Social Media Mining

Image
Aim: To automatically identify SNMD patients at the early stage according to their OSN data with a novel tensor model that efficiently integrate heterogeneous data from different OSNs. Existing System: The SNMD data from different OSNs may be incomplete due to the heterogeneity (drawback) . For example, the profiles of users may be empty due to the privacy issue, different functions on different OSNs (e.g., game, check-in, event), etc.  Proposed System : propose a machine learning framework, namely, Social Network Mental Disorder Detection (SNMDD) , that exploits features extracted from social network data to accurately identify potential cases of SNMDs. The paper also exploits multi-source learning in SNMDD and propose a new SNMD-based Tensor Model (STM) to improve the accuracy.   Advantage: propose a novel tensor-based approach to address the issues of using heterogeneous data and incorporate domain knowledge in SNMD detection. Objectives: ·          to explore data m
Read more