American Journal of Information Systems
ISSN (Print): 2374-1953 ISSN (Online): 2374-1988 Website: https://www.sciepub.com/journal/ajis Editor-in-chief: Sergii Kavun
Open Access
Journal Browser
Go
American Journal of Information Systems. 2016, 4(2), 17-31
DOI: 10.12691/ajis-4-2-1
Open AccessArticle

ASP: Advanced Security Protocol for Security and Privacy in Cloud Computing

Shyam Nandan Kumar1, and Amit Vajpayee2

1M.Tech-Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India

2Department of Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India

Pub. Date: March 16, 2016

Cite this paper:
Shyam Nandan Kumar and Amit Vajpayee. ASP: Advanced Security Protocol for Security and Privacy in Cloud Computing. American Journal of Information Systems. 2016; 4(2):17-31. doi: 10.12691/ajis-4-2-1

Abstract

Security concern has become the biggest obstacle to adoption of cloud because all information and data are completely under the control of cloud service providers. To provide optimal services on cloud, this paper introduces a new distributed and scalable data sharing scheme for data owners in clouds that supports anonymous authentication. Proposed ASP (Advanced Security Protocol) protocol is a cryptographic access control protocol based on key-updating scheme referred to as Advanced Key Update (AKU). The main advantage of the AKU scheme its support for efficient delegation and revocation of privileges in hierarchies without requiring complex cryptographic data structures. Proposed ASP protocol also includes a new digital signature scheme that enables cloud providers to ensure that requests are submitted by authorized end-users, without learning their identities. User Revocation facility is also supported by proposed ASP. In this paper various existing approaches and issues related to data encryption and message authentications are also discussed. At last, experiment results are analyzed and performances are evaluated. The main aim of the paper is to provide more visibility and control to the end-users and close the gap between capabilities of existing solutions and new requirements of cloud-based systems.

Keywords:
cloud computing data sharing decryption encryption concurrent access distributed system web message signing and verification data confidentiality message authentication cloud security

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

Figures

Figure of 9

References:

[1]  Shyam Nandan Kumar, and Amit Vajpayee, “A Survey on Secure Cloud: Security and Privacy in Cloud Computing.” American Journal of Systems and Software, vol. 4, no. 1 (2016): 14-26.
 
[2]  Shyam Nandan Kumar, “Cryptography during Data Sharing and Accessing Over Cloud.” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1 (2015): 12-18.
 
[3]  Shyam Nandan Kumar, “DecenCrypto Cloud: Decentralized Cryptography Technique for Secure Communication over the Clouds.” Journal of Computer Sciences and Applications, vol. 3, no. 3 (2015): 73-78.
 
[4]  Shyam Nandan Kumar, “Review on Network Security and Cryptography.” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1 (2015): 1-11.
 
[5]  Shyam Nandan Kumar, “World towards Advance Web Mining: A Review.” American Journal of Systems and Software, vol. 3, no. 2 (2015): 44-61.
 
[6]  “The NIST Definition of Cloud Computing”. National Institute of Standards and Technology. Retrieved 24 July 2011.
 
[7]  Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O’Reilly Media, Inc., Sebastopol, CA.
 
[8]  A. Verma and S. Kaushal, “Cloud Computing Security Issues and Challenges: A Survey”, Proceedings of Advances in Computing and Communications, Vol. 193, pp. 445-454, 2011.
 
[9]  Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. “Achieving secure, scalable and fine-grained data access control in cloud computing”. In Proceedings of the 29th conference on Information communications, INFOCOM'10, pp. 534-542, Piscataway, NJ, USA, 2010. IEEE Press.
 
[10]  Wayne Jansen, Timothy Grance, “NIST Guidelines on Security and Privacy in Public Cloud Computing”, Draft Special Publication 800-144, 2011.
 
[11]  RFC 3174, US Secure Hash Algorithm 1 (SHA1) http://www.ietf.org/rfc/rfc3174.txt.
 
[12]  Joan Daemen and Vincent Rijmen. Rijndael/aes. “In Encyclopedia of Cryptography and Security”. 2005.
 
[13]  Jon Marler, “Securing the Cloud: Addressing Cloud Computing Security Concerns with Private Cloud”, Rackspace Knowledge Centre, March 27, 2011, Article Id: 1638.
 
[14]  A. Sahai and B. Waters, “Fuzzy identity-based encryption”, in EUROCRYPT, ser. Lecture Notes in Computer Science, vol. 3494. Springer, pp. 457-473, 2005.
 
[15]  V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS ’06). ACM, 2006, pp. 89-98.
 
[16]  R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic access structures,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 195-203, November 2007.
 
[17]  J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '07), pp. 321-334, May 2007.
 
[18]  L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 456-465, November 2007.
 
[19]  B. Waters, “Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization,” in Public Key Cryptography (PKC '11), pp. 53-70, Springer, Berlin, Germany, 2011.
 
[20]  A. Lewko, T. Okamoto, A. Sahai, and B. Waters, “Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption,” in Advances in Cryptology: EUROCRYPT 2010, vol. 6110 of Lecture Notes in Computer Science, pp. 62-91, Springer, Berlin, Germany, 2010.
 
[21]  K. Emura, A. Miyaji, K. Omote, A. Nomura, and M. Soshi, “A ciphertext-policy attribute-based encryption scheme with constant ciphertext length,” International Journal of Applied Cryptography, vol. 2, no. 1, pp. 46-59, 2010.
 
[22]  M. Chase, “Multi-authority attribute based encryption,” in Theory of Cryptography, vol. 4392 of Lecture Notes in Computer Science, pp. 515-534, Springer, Berlin, Germany, 2007.
 
[23]  J. Han, W. Susilo, Y. Mu, and J. Yan, “Privacy-preserving decentralized key-policy attribute-based encryption,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 11, pp. 2150-2162, 2012.
 
[24]  V. Bozovic, D. Socek, R. Steinwandt, and V. I. Villanyi, “Multi-authority attribute-based encryption with honest-but-curious central authority,” International Journal of Computer Mathematics, vol. 89, no. 3, pp. 268-283, 2012.
 
[25]  H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority attribute based encryption without a central authority,” Information Sciences, vol. 180, no. 13, pp. 2618-2632, 2010.
 
[26]  M. Chase and S. S. M. Chow, “Improving privacy and security in multi-authority attribute-based encryption,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), pp. 121-130, Chicago, Ill, USA, November 2009.
 
[27]  N. Attrapadung and H. Imai, “Dual-policy attribute based encryption,” in Applied Cryptography and Network Security, pp. 168-185, Springer, Berlin, Germany, 2009.
 
[28]  Guojun Wang, Qin Liu, Jie Wu and Minyi Guo, “Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers”, 2011.
 
[29]  M. Mambo and E. Okamoto, “Proxy cryptosystems: delegation of the power to decrypt ciphertexts,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 80, no. 1, pp. 54-62, 1997.
 
[30]  M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” in Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT '98), pp. 127-144, Espoo, Finland, 1998.
 
[31]  Tatsuaki Okamoto and Katsuyuki Takashima, “Decentralized Attribute-Based Signatures” , Public-Key Cryptography – PKC 2013, Springer Berlin Heidelberg, pp 125-142.
 
[32]  Xiaofeng Chen, Jin Li, Xinyi Huang, Jingwei Li, Yang Xiang and Duncan S. Wong, “Secure Outsourced Attribute-Based Signatures”, pp: 3285-3294, IEEE, vol. 25, (2014).
 
[33]  Wenyi Liu, Uluagac, A.S. and Beyah, R., “MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data”, IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2014, pp. 518-523, Toronto, ON.
 
[34]  S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation” in ACM ASIACCS, pp. 261-270, 2010.
 
[35]  A. B. Lewko and B. Waters, “Decentralizing attribute-based encryption”, in EUROCRYPT, ser. Lecture Notes in Computer Science, vol. 6632. Springer, pp. 568-588, 2011.
 
[36]  H. K. Maji, M. Prabhakaran, and M. Rosulek, “Attribute-based signatures”, in CT-RSA, ser. Lecture Notes in Computer Science, vol. 6558. Springer, pp. 376-392, 2011.
 
[37]  Amazon S3 . http://aws.amazon.com/s3/.
 
[38]  Michael Backes, Christian Cachin, and Alina Oprea. “Secure Key-Updating for Lazy Revocation”,. In Research Report RZ 3627, IBM Research, pages 327-346. Springer, 2005.
 
[39]  Marina Blanton, Nelly Fazio, and Keith B. Frikken. “Dynamic and Efficient Key Management for Access Hierarchies”. In Proceedings of the ACM Conference on Computer and Communications Security, 2005.
 
[40]  Dan Boneh and Matthew Franklin. “Identity-based encryption from the weil pairing”. SIAM J. Comput., 32: 586-615, March 2003.
 
[41]  Craig Gentry and Alice Silverberg. “Hierarchical ID-based cryptography”. In ASI- ACRYPT, pp. 548-566, 2002.
 
[42]  SQL Data Services/Azure Services Platform. http://http://www.windowsazure.com.
 
[43]  Amazon SimpleDB. http://aws.amazon.com/simpledb/.
 
[44]  Google App Engine. http://appengine.google.com.
 
[45]  Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber. Bigtable: “A distributed storage system for structured data”. In Proceedings of the 7th symposium on Operating systems design and implementation - volume 7, pp. 205-218, 2006.
 
[46]  P. Sharma, S. K. Sood, and S. Kaur, “Security Issues in Cloud Computing”, Proceedings of High Performance Architecture and Grid Computing, Vol. 169, pp. 36-45, 2011.
 
[47]  Alessandro Perilli, Claudio Criscione, “Securing the Private Cloud”, Article on Secure Networks, Virtualization.info. http://virtualization.info/en/security/privatecloud.pdf.
 
[48]  Thomas W. Shinder, “Security Issues in Cloud Deployment models”, TechNet Articles, Wiki, Microsoft, Aug, 2011.
 
[49]  Craig Gentry, A FULLY HOMOMORPHIC ENCRYPTION SCHEME”, PhD Thesis, STANFORD UNIVERSITY, September 2009.
 
[50]  Cloud Security Alliance (2012), “SecaaS implementation guidance, category 1: identity and Access management”. Available: https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementation _Guidance.pdf.
 
[51]  Ron Rivest (2002-10-29). “Lecture Notes 15: Voting, Homomorphic Encryption.
 
[52]  B. R. Kandukuri, P. V. Ramakrishna, and A. Rakshit, “Cloud security issues”, in Proceedings of the IEEE International Conference on Services Computing (SCC '09), pp. 517-520, September 2009.
 
[53]  Win-Bin Huang and Wei-Tsung Su, “Identity-based access control for digital content based on ciphertext-policy attribute-based encryption”, International Conference on Information Networking (ICOIN), IEEE, pp. 87-91, Cambodia, 2015.
 
[54]  Jie Xu, Qiaoyan Wen, Wenmin Li, Zhengping Jin, “Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with Verifiable Delegation in Cloud Computing”, IEEE Transactions on Parallel and Distributed Systems, vol. 27, issue: 1, pp. 119-129, 2015.
 
[55]  Win-Bin Huang, Wei-Tsung Su, and Chiang-Sheng Liang, “A threshold-based key generation approach for ciphertext-policy attribute-based encryption”, Seventh International Conference on Ubiquitous and Future Networks (ICUFN), IEEE, pp. 908-913, Sapporo, 2015.
 
[56]  Juanjuan Li, Zhenhua Liu, and Longhui Zu, “Chosen-Ciphertext Secure Multi-use Unidirectional Attribute-Based Proxy Re-Encryptions”, Ninth Asia Joint Conference on Information Security (ASIA JCIS), IEEE, pp. 96-103, Wuhan, 2014.
 
[57]  Han Yiliang, Jiang Di , Yang Xiaoyuan, “The Revocable Attribute Based Encryption Scheme for Social Networks”, International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec), IEEE, pp. 44-51, Hangzhou, 2015.
 
[58]  Lin You, and Lijun Wang, “Hierarchical authority key-policy attribute-based encryption”, IEEE 16th International Conference on Communication Technology (ICCT), pp. 868-872, Hangzhou, 2015.