Article Preview
TopIntroduction
In recent days, many organizations are adopting and integrating cloud computing with their traditional infrastructure. Due to this change, there arises a need to develop appropriate solutions to deal with security threats associated with cloud computing. The security concern arises as the data is stored and handled by the third party service provider. The data owners will have limited control and visibility over the data. As cloud computing is recently emerged paradigm there exists many issues and uncertainty for applying security solutions at various levels such as host level, network level, data level and application level. The traditional security solutions are not sufficient for cloud computing because of its large scale, distributed and heterogeneous environment. The topmost threats to cloud security include unauthorized access, misconfigurations, hijacking, malware, phishing attacks etc.
The major challenge associated with cloud computing, which need to addressed, is to ensure secure and authorized access control. As entire data is stored with the third party cloud service provider and available over the public network, it is important to ensure that the data is accessed by authorized users only. The traditional authentication and access control solutions are not fully sufficient for cloud environment. Hence, providing fine-grained and secure access control mechanism for cloud is an important research issue. In this paper, a trusted encrypted access control scheme is proposed for cloud computing. The encrypted access control is based on the Identity based Encryption (IBE) where the message is encrypted using the identity of the user (Shamir, 1985). The Attribute based Encryption (ABE) is presented as application of the traditional IBE scheme (Sahai & Waters, 2005). In ABE, attributes of the user and an access policy is used to ensure fine-grained access control. The access policy is built with combinations of different threshold gates and user attributes. The data is made available to the user, only when his/her attributes satisfy the predefined access structure. In literature there are two different forms of ABE schemes available, such as Key-Policy Attribute based Encryption (KP-ABE) and Ciphertext Policy Attribute based Encryption (CP-ABE) (Goyal et al., 2006; Bethencourt et al., 2007). These two schemes are different in terms of how attributes and access structure is associated. In case of CP-ABE scheme the attributes are integrated with the key and the access structure is associated with the ciphertext. This will ensure that the key with sufficient attributes can only decrypt the ciphertext that has associated access structure. Whereas in KP-ABE scheme the access structure is integrated with the key and attributes are merged with ciphertext. The KP-ABE scheme has one basic limitation that whoever has the ciphertext can decrypt it and there is no way to ensure that only the intended user has decrypted it. In the traditional CP-ABE scheme, separate ciphertext is generated for each message according to the predefined access structure. But, sometimes it is possible that multiple access structures are hierarchically related to each other. Hence, it is possible that a hierarchical access structure can be generated, instead of generating multiple separate access structures. This hierarchical access structure can be used to encrypt multiple messages. Also, establishing trust among cloud environment and cloud users is of prime importance issue. The service provider should deliver trusted services to the users. Also the users, who are accessing data from cloud, must be trustworthy. Thus, it is necessary to integrate trust evaluation along with traditional access control models.
The paper presents the Trusted Hierarchical Access Structure based Encryption (T-HASE) scheme. The major contributions are as follows:
- •
The hierarchical access structure based scheme is implemented to encrypt multiple messages and enable to decrypt the respective message on basis of how much part of entire access structure is satisfied.
- •
The trust evaluation scheme that allocates trust levels to service providers on the basis of their performance parameters is proposed, so that trusted service delivery is ensured.
- •
The trust evaluation scheme for data users is proposed, so that only trusted users can access the data shared in cloud environment.