Achieving secure, scalable, and fine-grained data access control in cloud computing

Shucheng Yu, Cong Wang, Kui Ren, Wenjing Lou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1336 Scopus citations

Abstract

Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when finegrained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Original languageEnglish
Title of host publication2010 Proceedings IEEE INFOCOM
DOIs
StatePublished - 2010
EventIEEE INFOCOM 2010 - San Diego, CA, United States
Duration: 14 Mar 201019 Mar 2010

Publication series

NameProceedings - IEEE INFOCOM
ISSN (Print)0743-166X

Conference

ConferenceIEEE INFOCOM 2010
Country/TerritoryUnited States
CitySan Diego, CA
Period14/03/1019/03/10

Fingerprint

Dive into the research topics of 'Achieving secure, scalable, and fine-grained data access control in cloud computing'. Together they form a unique fingerprint.

Cite this