Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing
read more
Citations
Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing
A Survey of Fog Computing: Concepts, Applications and Issues
Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption
Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data
Security Challenges for the Public Cloud
References
Above the Clouds: A Berkeley View of Cloud Computing
Attribute-based encryption for fine-grained access control of encrypted data
Improved proxy re-encryption schemes with applications to secure distributed storage
Divertible protocols and atomic proxy cryptography
Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing
Frequently Asked Questions (11)
Q2. What is the purpose of the proposed scheme?
In their proposed scheme, the authors exploit the technique of hybrid encryption to protect data files, i.e., the authors encrypt data files using symmetric DEKs and encrypt DEKs with KPABE.
Q3. What are the main design goals of the proposed scheme?
In addition, the proposed scheme should be able to achieve security goals like user accountability and support basic operations such as user grant/revocation as a general one-to-many communication system would require.
Q4. What is the purpose of user secret key?
User secret key is defined to reflect the access structure so that the user is able to decrypt a ciphertext if and only if the data attributes satisfy his access structure.
Q5. What is the simplest way to decrypt a data file?
In order to achieve secure, scalable and fine-grained access control on outsourced data in the cloud, the authors utilize and uniquely combine the following three advanced cryptograhphic techniques: KP-ABE, PRE and lazy re-encryption.
Q6. What is the efficient way to encrypt data?
Using KP-ABE, the authors are able to immediately enjoy fine-grained data access control and efficient operations such as file creation/deletion and new user grant.
Q7. What is the main problem with the user revocation scheme?
To resolve this issue, the authors combine the technique of proxy re-encryption with KP-ABE and delegate tasks of data file re-encryption and user secret key update to Cloud Servers.
Q8. How is the computation complexity on Cloud Servers?
As the authors will discuss in section V-B, the computation complexity on Cloud Servers is either proportional to the number of system attributes, or linear to the size of the user access structure/tree, which is independent to the number of users in the system.
Q9. What is the system public parameter for the data owner?
In this operation, the data owner chooses a security parameter κ and calls the algorithm level interface ASetup(κ), which outputs the system public parameter PK and the system master key MK.
Q10. How do the authors extend the proposed scheme to support data file writing?
Extending their proposed scheme to support data file writing is trivial by asking the data writer to sign the new data file on each update as [12] does.
Q11. What is the common way to delegate the computational task of user revocation to Cloud?
To resolve the challenging issue of user revocation, the authors combine the technique of proxy re-encryption with KP-ABE and delegate most of the burdensome computational task to Cloud Servers.