ABSTRACT
Most existing proposals for access control over outsourced data mainly aim at guaranteeing that the data are only accessible to authorized requestors who have the access credentials. This paper proposes TRLAC, an a posteriori approach for tracing and revoking leaked credentials, to complement existing a priori solutions. The tracing procedure of TRLAC can trace, in a black-box manner, at least one traitor who illegally distributed a credential, without any help from the cloud service provider. Once the dishonest users have been found, a revocation mechanism can be called to deprive them of access rights. We formally prove the security of TRLAC, and empirically shows that the introduction of the tracing feature incurs little costs to outsourcing.
- T. Acar, S. S. M. Chow, and L. Nguyen. Accumulators and U-Prove Revocation. In Financial Cryptography and Data Security, pages 189--196. Springer, 2013.Google Scholar
- G. Ateniese, R. C. Burns, R. Curtmola, J. Herring, L. Kissner, Z. N. J. Peterson, and D. X. Song. Provable Data Possession at Untrusted Stores. In ACM conference on Computer and Communications Security (CCS), pages 598--609. ACM, 2007. Google ScholarDigital Library
- M. Bellare, A. Boldyreva, and A. O'Neill. Deterministic and Efficiently Searchable Encryption. In Advances in Cryptology - CRYPTO, pages 535--552. Springer, 2007. Google ScholarDigital Library
- D. Boneh and M. K. Franklin. Identity-Based Encryption from the Weil Pairing. SIAM J. Comput., 32(3):586--615, 2003. Google ScholarDigital Library
- D. Boneh and M. Naor. Traitor Tracing with Constant size Ciphertext. In ACM conference on Computer and Communications Security (CCS), pages 501--510. ACM, 2008. Google ScholarDigital Library
- D. Boneh, A. Sahai, and B. Waters. Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys. In Advances in Cryptology - EUROCRYPT, pages 573--592. Springer, 2006. Google ScholarDigital Library
- D. Boneh and B. Waters. A Fully Collusion Resistant Broadcast, Trace, and Revoke System. In ACM conference on Computer and Communications Security (CCS), pages 211--220. ACM, 2006. Google ScholarDigital Library
- M. Chase and S. S. M. Chow. Improving Privacy and Security in Multi-Authority Attribute-Based Encryption. In ACM conference on Computer and Communications Security (CCS), pages 121--130. ACM, 2009. Google ScholarDigital Library
- S. S. M. Chow, C.-K. Chu, X. Huang, J. Zhou, and R. H. Deng. Dynamic Secure Cloud storage with Provenance. In Cryptography and Security: From Theory to Applications - Essays Dedicated to Jean-Jacques Quisquater on the Occasion of His 65th Birthday, pages 442--464. Springer, 2012. Google ScholarDigital Library
- S. S. M. Chow, Y.-J. He, L. C. K. Hui, and S. M. Yiu. SPICE -- Simple Privacy-preserving Identity-management for Cloud Environment. In Applied Cryptography and Network Security, pages 526--543. Springer, 2012. Google ScholarDigital Library
- S. S. M. Chow, S.-M. Yiu, L. C. K. Hui, and K. P. Chow. Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. In International Conference on Information Security and Cryptology (ICISC), pages 352--369. Springer, 2004.Google Scholar
- C.-K. Chu, S. S. M. Chow, W.-G. Tzeng, J. Zhou, and R. H. Deng. Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage. IEEE Transactions on Parallel Distributed System, 25(2):468--477, 2014. Google ScholarDigital Library
- C.-K. Chu, J. Weng, S. S. M. Chow, J. Zhou, and R. H. Deng. Conditional Proxy Broadcast Re-Encryption. In Australasian Conference on Information Security and Privacy (ACISP), pages 327--342. Springer, 2009. Google ScholarDigital Library
- C. Delerablée. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In Advances in Cryptology - ASIACRYPT, pages 200--215. Springer, 2007. Google ScholarDigital Library
- H. Deng, Q. Wu, B. Qin, J. Domingo-Ferrer, L. Zhang, J. Liu, and W. Shi. Ciphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts. Information Sciences, Elsevier, 2014. http://dx.doi.org/10.1016/j.ins.2014.01.035.Google ScholarCross Ref
- S. Garg, A. Kumarasubramanian, A. Sahai, and B. Waters. Building Efficient Fully Collusion-Resilient Traitor Tracing and Revocation Schemes. In ACM conference on Computer and Communications Security (CCS), pages 121--130. ACM, 2010. Google ScholarDigital Library
- F. Guo, Y. Mu, and W. Susilo. Identity-Based Traitor Tracing with Short Private Key and Short Ciphertext. In European Symposium on Research in Computer Security (ESORICS), pages 609--626. Springer, 2012.Google Scholar
- K. Kent, S. Chevalier, T. Grance, and H. Dang. Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication 800--86 Notes.Google Scholar
- M. Li, S. Yu, K. Ren, and W. Lou. Securing Personal Health Records in Cloud Computing: patient-centric and fine-grained data access control in multi-owner settings. In Security and Privacy in Communication Networks, pages 89--106. Springer, 2010.Google ScholarCross Ref
- Z. Liu, Z. Cao, and D. S. Wong. Expressive Black-box Traceable Ciphertext-Policy Attribute-Based Encryption. Cryptology ePrint Archive, Report 2012/669, 2012.Google Scholar
- Z. Liu, Z. Cao, and D. S. Wong. Blackbox Traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on eBay. In ACM conference on Computer and Communications Security (CCS), pages 475--486. ACM, 2013. Google ScholarDigital Library
- Z. Liu, Z. Cao, and D. S. Wong. White-box Traceable Ciphertext-Policy Attribute-Based Encryption supporting Any Monotone Access Structures. IEEE Transactions on Information Forensics and Security, 8(1):76--88, 2013.Google ScholarDigital Library
- K. Nuida, S. Fujitsu, M. Hagiwara, T. Kitagawa, H. Watanabe, K. Ogawa, and H. Imai. An Improvement of Discrete Tardos Fingerprinting Codes. Designs, Codes and Cryptography, 52(3):339--362, 2009. Google ScholarDigital Library
- V. Pappas, V. P. Kemerlis, A. Zavou, M. Polychronakis, and A. D. Keromytis. CloudFence: Data Flow Tracking as a Cloud Service. In Research in Attacks, Intrusions, and Defenses, pages 411--431. Springer, 2013.Google Scholar
- B. Qin, H. Wang, Q. Wu, J. Liu, and J. Domingo-Ferrer. Simultaneous Authentication and Secrecy in Identity-Based Data Upload to Cloud. Cluster Computing, 16(4):845--859, 2013. Google ScholarDigital Library
- F. Sebé, J. Domingo-Ferrer, A. Martinez-Balleste, Y. Deswarte, and J.-J. Quisquater. Efficient Remote Data Possession Checking in Critical Information Infrastructures. IEEE Transactions on Knowledge and Data Engineering, 20(8):1034--1038, 2008. Google ScholarDigital Library
- U. Somani, K. Lakhani, and M. Mundra. Implementing Digital Signature with RSA Encryption Algorithm to Enhance the Data Security of Cloud in Cloud Computing. In Parallel Distributed and Grid Computing (PDGC), pages 211--216. IEEE, 2010.Google ScholarCross Ref
- Y. S. Tan, R. K. Ko, P. Jagadpramana, C. H. Suen, M. Kirchberg, T. H. Lim, B. S. Lee, A. Singla, K. Mermoud, D. Keller, et al. Tracking of Data Leaving the Cloud. In Trust, Security and Privacy in Computing and Communications (TrustCom), pages 137--144. IEEE, 2012. Google ScholarDigital Library
- G. Tardos. Optimal Probabilistic Fingerprint Codes. Journal of the ACM (JACM), 55(2):10, 2008. Google ScholarDigital Library
- Y. Tong, J. Sun, S. S. M. Chow, and P. Li. Cloud-Assisted Mobile-Access of Health Data with Privacy and Auditability. IEEE Journal of Biomedical and Health Informatics, 18(2):419--429, 2014.Google ScholarCross Ref
- B. Wang, S. S. M. Chow, M. Li, and H. Li. Storing Shared Data on the Cloud via Security-Mediator. In International Conference on Distributed Computing Systems (ICDCS), pages 124--133. IEEE, 2013. Google ScholarDigital Library
- B. Wang, Y. Hou, M. Li, H. Wang, and H. Li. Maple: Scalable Multi-Dimensional Range Search over Encrypted Cloud data with Tree-Based Index. In ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2014. To Appear. Google ScholarDigital Library
- C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou. Privacy-Preserving Public Auditing for Secure Cloud Storage. IEEE Transactions on Computers, 62(2):362--375, 2013. Google ScholarDigital Library
- P. Xu, H. Jin, Q. Wu, and W. Wang. Public-Key Encryption with Fuzzy Keyword Search: a provably secure scheme under keyword guessing attack. IEEE Transactions on Computers, 62(11):2266--2277, 2013. Google ScholarDigital Library
- O. Q. Zhang, R. K. Ko, M. Kirchberg, C. H. Suen, P. Jagadpramana, and B. S. Lee. How to Track Your Data: rule-based data provenance tracing algorithms. In Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1429--1437. IEEE, 2012. Google ScholarDigital Library
- Z. Zhang, Y. Chen, S. S. M. Chow, G. Hanaoka, Z. Cao, and Y. Zhao. All-but-One Dual Projective Hashing and Its Applications. In Applied Cryptography and Network Security (ACNS). Springer, 2014. To Appear.Google Scholar
Index Terms
- Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data
Recommendations
Attribute-based encryption for fine-grained access control of encrypted data
CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityAs more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., ...
Multi-authority fine-grained access control with accountability and its application in cloud
Attribute-based encryption (ABE) is one of critical primitives for the application of fine-grained access control. To reduce the trust assumption on the attribute authority and in the meanwhile enhancing the privacy of users and the security of the ...
Tracing and revoking scheme for dynamic privileges against pirate rebroadcast
Broadcast encryption provides a convenient method to distribute digital content to subscribers over an insecure broadcast channel so that only the qualified users can recover the data. Currently, there are only two broadcast encryption schemes designed ...
Comments