Fine Grained Decentralized Access Control With Provable Data Transmission and User Revocation in Cloud

Introduction

Nowadays, cloud computing has gained high consideration in academics as well as industry. In cloud computing, the Data Owner (DO) can outsource its content to the remote storage server, i.e., Cloud Service Provider (CSP), which has a massive data storage capacity. The owner’s data is stored at a remote location, i.e., at CSP, which allows the different users to access the required data from anywhere and at any time by simply connecting to the internet. Thus, all the data storage, processing and maintenance are done by the CSP. It enables the transfer of data between desired entities. In a cloud environment, users are provided with various types of services such as Software, Platform and Infrastructure as a Service (SaaS, PaaS and IaaS). Users can get their services from the service provider.

Since data stored in a cloud can contain some sensitive information that requires high security and privacy considerations from malicious attack. Thus, the security and privacy of data is an important issue during its storage, processing and maintenance by the third party. There are many security challenges in cloud data processing; out of these challenges, data access control and integrity proof for received data are the major once. User identification is required to make sure that only the authorized users can access and store the data over the cloud. User authenticity according to access control mechanism will help the service provider to deliver the required service(s) to the intended users only. On the other hand, integrity check will help the user to make sure that received data is correct without any alteration, by a malicious attacker, between the data transition. Apart from all these security and privacy issues, law enforcement (Ruj, 2014) also needs to be done for getting the best schema.

As per the security requirements discussed above, the owner should take some initiative to protect its data from any malicious activity. This data owner-centric security approach requires the following characteristics (Li, 2009):

• 1.

  Efficient Key Management: All the tasks related to secret key such as its generation, distribution, update, revocation, etc. are done in a well-defined manner. It will be helpful in a heterogeneous and dynamic environment of cloud computing.

• 2.

  Access Right Management: Access to data by a user should be done at an initial stage only, so that no confusion arises while transferring the data from one entity to another entity. Further granting and revoking the access right on any data should be done instantaneously for smooth functioning in the cloud environment.

• 3.

  Fine Grained Protection: Owner’s data may contain sensitive information that requires high-security consideration. Therefore, access policy defined for each data should be enforced very tightly on every access to the data by a user.

Various security and privacy characteristics are explored by many researchers in their work. (Ruj, 2014), addressed the security issues using attribute-based encryption along with signature verification over decentralized access control. Authentication of users using Public Key Encryption (PKE) is also explored in (Li, 2009 & Ferraiolo, 2001). (Wang, 2012), secured the outsourced data using Reed Solomon Erasure Correcting Code. The homomorphic technique is also utilized by many researchers (Gentry, 2009), to ensure that the cloud is not able to access the exact data as ciphertext, provided by the owner. To the cloud, it is in an encrypted format and further encoded while transferring to the user. Users know how to decode and decrypt the received data to get the final result. All these approaches require access control as a primary concern before releasing the data to the authenticated user only and provide access to the cloud services.