{"title":"为云计算中的安全数据访问控制提供统计隐私保护","authors":"Yaser Baseri , Abdelhakim Hafid , Mahdi Daghmehchi Firoozjaei , Soumaya Cherkaoui , Indrakshi Ray","doi":"10.1016/j.jisa.2024.103823","DOIUrl":null,"url":null,"abstract":"<div><p><em>Cloud Service Providers</em> (<em>CSP</em>s) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and <em>CSP</em>s cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. <em>Attribute-Based Encryption</em> (<em>ABE</em>) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in <em>ABE</em>, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of <em>ABE</em>. We analyze several existing anonymous <em>ABE</em> schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a <em>Privacy-Preserving Access Control Scheme (PACS)</em>, which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of <em>PACS</em>, called <em>Statistical Privacy-Preserving Access Control Scheme (SPACS)</em>, which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that <em>SPACS</em> can successfully protect against <em>Collision Attacks</em> and <em>Chosen Plaintext Attacks</em>.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103823"},"PeriodicalIF":3.8000,"publicationDate":"2024-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624001261/pdfft?md5=a547f9409c23468b9558ba93b652bd43&pid=1-s2.0-S2214212624001261-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Statistical privacy protection for secure data access control in cloud\",\"authors\":\"Yaser Baseri , Abdelhakim Hafid , Mahdi Daghmehchi Firoozjaei , Soumaya Cherkaoui , Indrakshi Ray\",\"doi\":\"10.1016/j.jisa.2024.103823\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><em>Cloud Service Providers</em> (<em>CSP</em>s) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and <em>CSP</em>s cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. <em>Attribute-Based Encryption</em> (<em>ABE</em>) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in <em>ABE</em>, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of <em>ABE</em>. We analyze several existing anonymous <em>ABE</em> schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a <em>Privacy-Preserving Access Control Scheme (PACS)</em>, which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of <em>PACS</em>, called <em>Statistical Privacy-Preserving Access Control Scheme (SPACS)</em>, which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that <em>SPACS</em> can successfully protect against <em>Collision Attacks</em> and <em>Chosen Plaintext Attacks</em>.</p></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"84 \",\"pages\":\"Article 103823\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2024-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001261/pdfft?md5=a547f9409c23468b9558ba93b652bd43&pid=1-s2.0-S2214212624001261-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212624001261\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001261","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Statistical privacy protection for secure data access control in cloud
Cloud Service Providers (CSPs) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and CSPs cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. Attribute-Based Encryption (ABE) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in ABE, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of ABE. We analyze several existing anonymous ABE schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a Privacy-Preserving Access Control Scheme (PACS), which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of PACS, called Statistical Privacy-Preserving Access Control Scheme (SPACS), which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that SPACS can successfully protect against Collision Attacks and Chosen Plaintext Attacks.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.