scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Heuristic Approach for Encryption Policies in Data Outsourcing

30 Aug 2012-International Journal of Computer Applications (Foundation of Computer Science (FCS))-Vol. 51, Iss: 12, pp 1-6
TL;DR: A heuristic approach is presented to convert an authorization policy into an equivalent encryption policy while minimizing the no of keys and tokens to be managed.
Abstract: In the era of globalization and dynamic world economies, data outsourcing is inevitable. Security is major concern in data outsourcing environment since data is under the custody of a third party service provider. In present systems DBAs of third party can access and view data even though they are not authorized to do so. This may lead to serious data theft and leakages causing severe business impact to data owner. There are certain many such cases occurred in financial and insurance sector. In this paper we have proposed a novel solution to overcome the problem by combining access control with encryption and digital signature of data. A heuristic approach is presented to convert an authorization policy into an equivalent encryption policy while minimizing the no of keys and tokens to be managed. Different policy enforcement can be applied to different dataset as per security and integrity requirement. General Terms Data Security

Content maybe subject to copyright    Report

Citations
More filters
Journal ArticleDOI
TL;DR: An effective classification method named Rider Chicken Optimization Algorithm-based Recurrent Neural Network (RCOA-based RNN) to perform big data classification in spark architecture is proposed to address the complex classification problems at a reasonable time.
Abstract: This paper proposes an effective classification method named Rider Chicken Optimization Algorithm-based Recurrent Neural Network (RCOA-based RNN) to perform big data classification in spark architecture. Initially, the input data are collected from the network by the master node and then forwarded to the slave node. These nodes are responsible for storing the data and performing computations. The features are effectively selected in the slave node using the proposed RCOA. The selected features are forwarded to the master node. The big data classification is achieved in the master node by using the RNN classifier, and the training of the classifier is done using the proposed RCOA algorithm, which is the integration of the Rider optimization algorithm (ROA) with the standard Chicken Swarm Optimization (CSO). The experimentation is done by using the Switzerland dataset, Cleveland dataset, Hungarian dataset and Skin disease dataset, in which the proposed RCOA-based RNN attained better performance based on the quantitative properties, such as sensitivity, accuracy and specificity with the values of 9.3E+01%, 9.4E+01% and 9.3E+01% using Hungarian dataset. The existing learning methods failed to address the complex classification problems at a reasonable time, which is overcome by the proposed method.

2 citations

References
More filters
Proceedings ArticleDOI
14 Mar 2010
TL;DR: This paper addresses the problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re- Encryption.
Abstract: Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

1,903 citations


"A Heuristic Approach for Encryption..." refers background in this paper

  • ...In [3] authors address problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to un-trusted cloud servers without disclosing the underlying data contents....

    [...]

Proceedings ArticleDOI
07 Aug 2002
TL;DR: A novel paradigm for data management in which a third party service provider hosts "database as a service", providing its customers with seamless mechanisms to create, store, and access their databases at the host site is explored.
Abstract: We explore a novel paradigm for data management in which a third party service provider hosts "database as a service", providing its customers with seamless mechanisms to create, store, and access their databases at the host site. Such a model alleviates the need for organizations to purchase expensive hardware and software, deal with software upgrades, and hire professionals for administrative and maintenance tasks which are taken over by the service provider. We have developed and deployed a database service on the Internet, called NetDB2, which is in constant use. In a sense, a data management model supported by NetDB2 provides an effective mechanism for organizations to purchase data management as a service, thereby freeing them to concentrate on their core businesses. Among the primary challenges introduced by "database as a service" are the additional overhead of remote access to data, an infrastructure to guarantee data privacy, and user interface design for such a service. These issues are investigated. We identify data privacy as a particularly vital problem and propose alternative solutions based on data encryption. The paper is meant as a challenge for the database community to explore a rich set of research issues that arise in developing such a service.

707 citations

Journal ArticleDOI
TL;DR: The security of the scheme is based on pseudorandom functions, without reliance on the Random Oracle Model, and it is shown how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.
Abstract: Hierarchies arise in the context of access control whenever the user population can be modeled as a set of partially ordered classes (represented as a directed graph). A user with access privileges for a class obtains access to objects stored at that class and all descendant classes in the hierarchy. The problem of key management for such hierarchies then consists of assigning a key to each class in the hierarchy so that keys for descendant classes can be obtained via efficient key derivation.We propose a solution to this problem with the following properties: (1) the space complexity of the public information is the same as that of storing the hierarchy; (2) the private information at a class consists of a single key associated with that class; (3) updates (i.e., revocations and additions) are handled locally in the hierarchy; (4) the scheme is provably secure against collusion; and (5) each node can derive the key of any of its descendant with a number of symmetric-key operations bounded by the length of the path between the nodes. Whereas many previous schemes had some of these properties, ours is the first that satisfies all of them. The security of our scheme is based on pseudorandom functions, without reliance on the Random Oracle Model.Another substantial contribution of this work is that we are able to lower the key derivation time at the expense of modestly increasing the public storage associated with the hierarchy. Insertion of additional, so-called shortcut, edges, allows to lower the key derivation to a small constant number of steps for graphs that are total orders and trees by increasing the total number of edges by a small asymptotic factor such as O(log*n) for an n-node hierarchy. For more general access hierarchies of dimension d, we use a technique that consists of adding dummy nodes and dimension reduction. The key derivation work for such graphs is then linear in d and the increase in the number of edges is by the factor O(logd − 1n) compared to the one-dimensional case.Finally, by making simple modifications to our scheme, we show how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.

418 citations

Journal ArticleDOI
Mackinnon1, Taylor1, Meijer1, Akl1
TL;DR: A cryptographic scheme for controlling access to information within a group of users organized in a hierarchy was proposed in [1].
Abstract: A cryptographic scheme for controlling access to information within a group of users organized in a hierarchy was proposed in [1]. The scheme enables a user at some level to compute from his own cryptographic key the keys of the users below him in the organization.

215 citations

Journal ArticleDOI
TL;DR: This paper presents a very similar approach to Akl and Taylor's scheme, but instead of using the top-down design approach, this scheme is using a bottom-up key generating procedure, which means that the published values for most security classes can be much smaller than in their scheme.

196 citations