scispace - formally typeset
Proceedings ArticleDOI: 10.1109/ICCIC.2016.7919707

Access control and data security in online document verification system

01 Dec 2016-pp 1-5
Abstract: Document or certificate verification is a crucial part wherein a document or certificate issued by an authority will be verified for its authenticity. In a typical system it will be performed through exchange of mails or post, it is a time consuming process and not foolproof due to human intervention. In an online system, the documents hosted on a third party server with negligible downtime guarantee will be downloaded and verified. But in such cases the trustworthiness of the documents hosted on these servers is questionable as the documents will be hosted in its original format and there are chances that it will be modified or altered. Trusting and protecting the documents from getting modified due to intentional attacks and other possible attacks are the issues to be addressed in online document verification system. To overcome these issues and design a foolproof system, in this paper, we propose an online document verification system based on Attribute Based Encryption (ABE). Third party server considered in this case can be either a cloud or a server taken from a service provider. This paper is aimed at providing access control for users to access the documents hosted online based on user's attributes. We show that the proposed scheme is robust against collusion attacks and hacking kind of attacks. Also, it encourages the authorities such as Universities, Autonomous institutions issuing documents for adopting the proposed Online Document Verification System.

...read more

Topics: Certificate (54%), Access control (53%), Server (53%) ...read more
References
  More

Journal ArticleDOI: 10.1016/J.FUTURE.2008.12.001
Rajkumar Buyya1, Chee Shin Yeo1, Srikumar Venugopal1, James Broberg1  +1 moreInstitutions (2)
Abstract: With the significant advances in Information and Communications Technology (ICT) over the last half century, there is an increasingly perceived vision that computing will one day be the 5th utility (after water, electricity, gas, and telephony). This computing utility, like all other four existing utilities, will provide the basic level of computing service that is considered essential to meet the everyday needs of the general community. To deliver this vision, a number of computing paradigms have been proposed, of which the latest one is known as Cloud computing. Hence, in this paper, we define Cloud computing and provide the architecture for creating Clouds with market-oriented resource allocation by leveraging technologies such as Virtual Machines (VMs). We also provide insights on market-based resource management strategies that encompass both customer-driven service management and computational risk management to sustain Service Level Agreement (SLA)-oriented resource allocation. In addition, we reveal our early thoughts on interconnecting Clouds for dynamically creating global Cloud exchanges and markets. Then, we present some representative Cloud platforms, especially those developed in industries, along with our current work towards realizing market-oriented resource allocation of Clouds as realized in Aneka enterprise Cloud technology. Furthermore, we highlight the difference between High Performance Computing (HPC) workload and Internet-based services workload. We also describe a meta-negotiation infrastructure to establish global Cloud exchanges and markets, and illustrate a case study of harnessing 'Storage Clouds' for high performance content delivery. Finally, we conclude with the need for convergence of competing IT paradigms to deliver our 21st century vision.

...read more

Topics: Utility computing (68%), Cloud computing (67%), Cloud computing security (63%) ...read more

5,544 Citations


Open accessProceedings ArticleDOI: 10.1109/SP.2007.11
John Bethencourt1, Amit Sahai2, Brent Waters3Institutions (3)
20 May 2007-
Abstract: In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call ciphertext-policy attribute-based encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous attribute-based encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as role-based access control (RBAC). In addition, we provide an implementation of our system and give performance measurements.

...read more

Topics: Attribute-based encryption (69%), On-the-fly encryption (64%), Client-side encryption (64%) ...read more

3,825 Citations


Open accessBook ChapterDOI: 10.1007/978-3-642-20465-4_31
Allison Lewko1, Brent Waters1Institutions (1)
15 May 2011-
Abstract: We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority. In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority "tied" together different components (representing different attributes) of a user's private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers. We prove our system secure using the recent dual system encryption methodology where the security proof works by first converting the challenge ciphertext and private keys to a semi-functional form and then arguing security. We follow a recent variant of the dual system proof technique due to Lewko and Waters and build our system using bilinear groups of composite order. We prove security under similar static assumptions to the LW paper in the random oracle model.

...read more

Topics: Attribute-based encryption (65%), Probabilistic encryption (60%), Encryption (59%) ...read more

858 Citations


Open accessPosted Content
Allison Lewko1, Brent Waters1Institutions (1)
Abstract: We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority. In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority “tied” together different components (representing different attributes) of a user’s private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers. We prove our system secure using the recent dual system encryption methodology where the security proof works by first converting the challenge ciphertext and private keys to a semi-functional form and then arguing security. We follow a recent variant of the dual system proof technique due to Lewko and Waters and build our system using bilinear groups of composite order. We prove security under similar static assumptions to the LW paper in the random oracle model.

...read more

Topics: Attribute-based encryption (65%), Encryption (59%), Public-key cryptography (58%) ...read more

829 Citations


Proceedings ArticleDOI: 10.1145/1653662.1653678
Melissa Chase1, Sherman S. M. Chow2Institutions (2)
09 Nov 2009-
Abstract: Attribute based encryption (ABE) [13] determines decryption ability based on a user's attributes. In a multi-authority ABE scheme, multiple attribute-authorities monitor different sets of attributes and issue corresponding decryption keys to users, and encryptors can require that a user obtain keys for appropriate attributes from each authority before decrypting a message. Chase [5] gave a multi-authority ABE scheme using the concepts of a trusted central authority (CA) and global identifiers (GID). However, the CA in that construction has the power to decrypt every ciphertext, which seems somehow contradictory to the original goal of distributing control over many potentially untrusted authorities. Moreover, in that construction, the use of a consistent GID allowed the authorities to combine their information to build a full profile with all of a user's attributes, which unnecessarily compromises the privacy of the user. In this paper, we propose a solution which removes the trusted central authority, and protects the users' privacy by preventing the authorities from pooling their information on particular users, thus making ABE more usable in practice.

...read more

Topics: Attribute-based encryption (63%), Encryption (57%), Ciphertext (54%)

756 Citations