TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage

Li, Wei; Xue, Kaiping; Xue, Yingjie; Hong, Jianan

doi:10.1109/tpds.2015.2448095

Cited by 124 publications

(102 citation statements)

References 35 publications

Supporting

Mentioning

100

Contrasting

Order By: Relevance

“…If the AA is compromised, the attacker gains access to the master key and generates a secret key to the unauthorized user that is used to decrypt the ciphertext. Recently, Li et al 25 proposed a threshold multiauthority CP-ABE scheme (TMACS) for secure sharing of data in cloud computing. To overcome these problems, various multiauthority dynamic key management CP-ABE schemes [22][23][24] have been proposed.…”

Section: Sahai and Watermentioning

confidence: 99%

“…Moreover, the scheme 37 does not provide forward secrecy. Most of the existing schemes 25,37,38,40,43,44 configure multiple AA centers, where each AA possesses its own disjointed attribute set and issues the attribute secret key to a user independently. In Yang et al, 38 the key authority center is divided into multiauthority key generation centers to facilitate escrow-free dynamic key management configuration.…”

Section: Related Workmentioning

confidence: 99%

“…We compare the performance of our proposed scheme with the existing schemes 25,32,33 in terms of storage overhead, computation cost, and communication cost. The notations for performance analysis are shown in Table 2.…”

Section: Performance Analysismentioning

confidence: 99%

See 2 more Smart Citations

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

Tiwari

Gangadharan

2017

Int J Communication

View full text Add to dashboard Cite

An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine-grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext-policy attribute-based proxy re-encryption scheme. In the proposed scheme, we design an efficient fine-grained revocation mechanism, which enables not only efficient attribute-level revocation but also efficient policy-level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single-point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy-or attribute-revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes. KEYWORDSattribute-level revocation, attribute-based access control, CP-ABE, policy-level revocation, public cloud storage INTRODUCTIONCloud computing emerges as a new paradigm of computing that provides elasticity, scalability, and multitenancy on demand pay-per-use service model. 1 Specifically, cloud storage services enable a data owner to host data in the cloud, and enable a consumer to access the data through cloud server. 2 The adoption of a cloud storage service (eg, Dropbox, Google Drive, Microsoft and OneDrive) for storing, managing, and sharing the data has been gained significant attention in the real world. 3 However, privacy and security issues related to the user's data pose various challenges regarding data access control that impede the cloud storage system from wide adoption. 4-7 To prevent the unauthorized access of the sensitive data, a common method is to encrypt the data before uploading it to the cloud server. 8 The traditional public key encryption, 9 identity-based encryption (IBE), 10-12 and homomorphic encryption 13,14 cannot be directly used to impose the access control over the encrypted data in cloud environment. These methods ensure that the encrypted data can be decrypted by a single user, thus decreasing the flexibility and scalability of data access control in cloud environment.Int J Commun Syst. 2018;31:e3494.wileyonlinelibrary.com/journal/dac

show abstract

Section: Sahai and Watermentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

Tiwari

Gangadharan

2017

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Later, Li et al [11] proposed an ABE scheme with attribute revocation mechanism based on CC MA-ABE, which is limited on a rule of CNF in the access policy. A threshold multiauthority CP-ABE access control scheme was proposed for public cloud storage with which both security and performance are improved [22].…”

Section: Related Workmentioning

confidence: 99%

Modified Ciphertext‐Policy Attribute‐Based Encryption Scheme with Efficient Revocation for PHR System

Zheng

Jie-ming

Wang

et al. 2017

Mathematical Problems in Engineering

View full text Add to dashboard Cite

Attribute-based encryption (ABE) is considered a promising technique for cloud storage where multiple accessors may read the same file. For storage system with specific personal health record (PHR), we propose a modified ciphertext-policy attribute-based encryption scheme with expressive and flexible access policy for public domains. Our scheme supports multiauthority scenario, in which the authorities work independently without an authentication center. For attribute revocation, it can generate different update parameters for different accessors to effectively resist both accessor collusion and authority collusion. Moreover, a blacklist mechanism is designed to resist role-based collusion. Simulations show that the proposed scheme can achieve better performance with less storage occupation, computation assumption, and revocation cost compared with other schemes.

show abstract

“…The solution to problems created due to single authority schemes is using multi-authority schemes which jointly manage universal authority sets such that each attribute is able to share secret keys to users independently [9]. By using multiple authorities, a load of user legitimacy verification on single authority is reduced [11]. In this paper, we use the system containing AA (Attribute Authority), which is responsible for performing user legitimacy verification and send an intermediate request to CA for obtaining secret key.…”

Section: Introductionmentioning

confidence: 99%

Review Paper on Data Access Control using CP-ABE for Multi-Authority Cloud Storage System

Mane¹

2017

IJRASET

View full text Add to dashboard Cite

Cloud computing is the system on which we can store data over a network and easily access it from anywhere. But in the case of public cloud storage systems, access control is a most concerning issue[4]. Cipher-text-Policy Attribute-Based Encryption (CP-ABE) is the most excellent technique to provide efficient and secure data access control for public cloud storage. Existing CP-ABE schemes offers single attribute authority to perform user legitimacy verification and also distributing secret keys, and as a result, performance degrades in the case of the large-scale cloud storage system. Users may be a long time waiting to obtain their secret keys, hence efficiency decreases[10]. In this paper, the system employs multiple attribute authorities to share the load of user legitimacy verification. CA (Central Authority) is there to generate secret keys for legitimacy verified users. Each of the authorities in scheme manages the whole attribute set individually. When any user accesses any type of data, AA informs the owner of respective data by a message containing username and details of data that user has been accessed. Auditing mechanism is there to detect which AA (Attribute Authority) is improperly performed the user legitimacy verification procedure.

show abstract

TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage

Cited by 124 publications

References 35 publications

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

Modified Ciphertext‐Policy Attribute‐Based Encryption Scheme with Efficient Revocation for PHR System

Review Paper on Data Access Control using CP-ABE for Multi-Authority Cloud Storage System

Contact Info

Product

Resources

About