The Experts below are selected from a list of 158454 Experts worldwide ranked by ideXlab platform
Kui Ren - One of the best experts on this subject based on the ideXlab platform.
-
Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud
IEEE Transactions on Parallel and Distributed Systems, 2015Co-Authors: Kan Yang, Xiaohua Jia, Kui RenAbstract:Due to the high volume and velocity of big Data, it is an effective option to store big Data in the cloud, as the cloud has capabilities of storing big Data and processing high volume of user Access requests. Attribute-based encryption (ABE) is a promising technique to ensure the end-to-end security of big Data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct Access Control schemes. A trivial implementation is to let Data owners retrieve the Data and re-encrypt it under the new Access policy, and then send it back to the cloud. This method, however, incurs a high communication overhead and heavy computation burden on Data owners. In this paper, we propose a novel scheme that enabling efficient Access Control with dynamic policy updating for big Data in the cloud. We focus on developing an outsourced policy updating method for ABE systems. Our method can avoid the transmission of encrypted Data and minimize the computation work of Data owners, by making use of the previously encrypted Data with old Access policies. Moreover, we also propose policy updating algorithms for different types of Access policies. Finally, we propose an efficient and secure method that allows Data owner to check whether the cloud server has updated the ciphertexts correctly. The analysis shows that our policy updating outsourcing scheme is correct, complete, secure and efficient.
-
dac macs effective Data Access Control for multiauthority cloud storage systems
IEEE Transactions on Information Forensics and Security, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo Zhang, Ruitao XieAbstract:Data Access Control is an effective way to ensure Data security in the cloud. However, due to Data outsourcing and untrusted cloud servers, the Data Access Control becomes a challenging issue in cloud storage systems. Existing Access Control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same Data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for Access Control of encrypted Data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a Data Access Control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose Data Access Control for multiauthority cloud storage (DAC-MACS), an effective and secure Data Access Control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive Data Access Control scheme (EDAC-MACS), which is secure under weaker security assumptions.
-
dac macs effective Data Access Control for multi authority cloud storage systems
International Conference on Computer Communications, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo ZhangAbstract:Data Access Control is an effective way to ensure the Data security in the cloud. However, due to Data outsourcing and untrusted cloud servers, the Data Access Control becomes a challenging issue in cloud storage systems. Existing Access Control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same Data or require a fully trusted cloud server. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for Access Control of encrypted Data. It requires a trusted authority manages all the attributes and distributes keys in the system. In cloud storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently. However, existing CP-ABE schemes cannot be directly applied to Data Access Control for multi-authority cloud storage systems, due to the inefficiency of decryption and revocation. In this paper, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure Data Access Control scheme with efficient decryption and revocation. Specifically, we construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security. The analysis and the simulation results show that our DAC-MACS is highly efficient and provably secure under the security model.
-
INFOCOM - DAC-MACS: Effective Data Access Control for multi-authority cloud storage systems
2013 Proceedings IEEE INFOCOM, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo ZhangAbstract:Data Access Control is an effective way to ensure the Data security in the cloud. However, due to Data outsourcing and untrusted cloud servers, the Data Access Control becomes a challenging issue in cloud storage systems. Existing Access Control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same Data or require a fully trusted cloud server. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for Access Control of encrypted Data. It requires a trusted authority manages all the attributes and distributes keys in the system. In cloud storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently. However, existing CP-ABE schemes cannot be directly applied to Data Access Control for multi-authority cloud storage systems, due to the inefficiency of decryption and revocation. In this paper, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure Data Access Control scheme with efficient decryption and revocation. Specifically, we construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security. The analysis and the simulation results show that our DAC-MACS is highly efficient and provably secure under the security model.
-
fdac toward fine grained distributed Data Access Control in wireless sensor networks
IEEE Transactions on Parallel and Distributed Systems, 2011Co-Authors: Kui Ren, Wenjing LouAbstract:Distributed sensor Data storage and retrieval have gained increasing popularity in recent years for supporting various applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such architecture also poses a number of security challenges especially when applied in mission-critical applications such as battlefield and e-healthcare. First, as sensor Data are stored and maintained by individual sensors and unattended sensors are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure Data security. Second, in many mission-critical applications, fine-grained Data Access Control is a must as illegal Access to the sensitive Data may cause disastrous results and/or be prohibited by the law. Last but not least, sensor nodes usually are resource-constrained, which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose, in this paper, a distributed Data Access Control scheme that is able to enforce fine-grained Access Control over sensor Data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained Data Access Control for WSNs.
Mohsen Guizani - One of the best experts on this subject based on the ideXlab platform.
-
Towards Delay-Tolerant Flexible Data Access Control for Smart Grid with Renewable Energy Resources
arXiv: Cryptography and Security, 2018Co-Authors: Zhitao Guan, Liehuang Zhu, Zijian Zhang, Mohsen GuizaniAbstract:In the Smart Grid with Renewable Energy Resources (RERs), the Residential Units (RUs) with Distributed Energy Resources (DERs) are considered to be both power consumers and suppliers. Specifically, RUs with excessive renewable generations can trade with the utility in deficit of power supplies for mutual benefits. It causes two challenging issues. First, the trading Data of RUs is quite sensitive, which should be only Accessed by authorized users with fine-grained policies. Second, the behaviors of the RUs to generate trading Data are spontaneous and unpredictable, then the problem is how to guarantee system efficiency and delay tolerance simultaneously. In this paper, we propose a delay-tolerant flexible Data Access Control scheme based on Key Policy Attribute Based Encryption (KP-ABE) for Smart Grid with Renewable Energy Resources (RERs). We adopt the secret sharing scheme (SSS) to realize a flexible Access Control with encryption delay tolerance. Furthermore, there is no central trusted server to perform the encryption/decryption. We reduce the computation cost on RUs and operators via a semi-trusted model. The analysis shows that the proposed scheme can meet the Data security requirement of the Smart Grid with RERs, and it also has less cost compared with other popular models.
-
Toward Delay-Tolerant Flexible Data Access Control for Smart Grid With Renewable Energy Resources
IEEE Transactions on Industrial Informatics, 2017Co-Authors: Zhitao Guan, Liehuang Zhu, Zijian Zhang, Mohsen GuizaniAbstract:In the smart grid with renewable energy resources (RERs), the residential units (RUs) with distributed energy resources are considered to be both power consumers and suppliers. Specifically, RUs with excessive renewable generations can trade with the utility in deficit of power supplies for mutual benefits. It causes two challenging issues. First, the trading Data of RUs are quite sensitive, which should be only Accessed by authorized users with fine-grained policies. Second, the behaviors of the RUs to generate trading Data are spontaneous and unpredictable, and then the problem is how to guarantee system efficiency and delay tolerance simultaneously. In this paper, we propose a delay-tolerant flexible Data Access Control scheme based on key policy attribute-based encryption for smart grid with RERs. We adopt the secret-sharing scheme to realize a flexible Access Control with encryption delay tolerance. Furthermore, there is no central trusted server to perform the encryption/decryption. We reduce the computation cost on RUs and operators via a semitrusted model. The analysis shows that the proposed scheme can meet the Data security requirement of the smart grid with RERs, and it also has less cost compared with other popular models.
Kan Yang - One of the best experts on this subject based on the ideXlab platform.
-
An Efficient and Fine-Grained Big Data Access Control Scheme with Privacy-Preserving Policy
IEEE Internet of Things Journal, 2017Co-Authors: Kan Yang, Hong Jiao Li, Zhou Su, Qi Han, Kan Zheng, Xue Min ShenAbstract:How to Control the Access of the huge amount of big Data becomes a very challenging issue, especially when big Data are stored in the cloud. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising encryption technique that enables end-users to encrypt their Data under the Access policies defined over some attributes of Data consumers and only allows Data consumers whose attributes satisfy the Access policies to decrypt the Data. In CP-ABE, the Access policy is attached to the ciphertext in plaintext form, which may also leak some private information about end-users. Existing methods only partially hide the attribute values in the Access policies, while the attribute names are still unprotected. In this paper, we propose an efficient and fine-grained big Data Access Control scheme with privacy-preserving policy. Specifically, we hide the whole attribute (rather than only its values) in the Access policies. To assist Data decryption, we also design a novel attribute bloom filter to evaluate whether an attribute is in the Access policy and locate the exact position in the Access policy if it is in the Access policy. Security analysis and performance evaluation show that our scheme can preserve the privacy from any linear secret-sharing schemes Access policy without employing much overhead.
-
Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud
IEEE Transactions on Parallel and Distributed Systems, 2015Co-Authors: Kan Yang, Xiaohua Jia, Kui RenAbstract:Due to the high volume and velocity of big Data, it is an effective option to store big Data in the cloud, as the cloud has capabilities of storing big Data and processing high volume of user Access requests. Attribute-based encryption (ABE) is a promising technique to ensure the end-to-end security of big Data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct Access Control schemes. A trivial implementation is to let Data owners retrieve the Data and re-encrypt it under the new Access policy, and then send it back to the cloud. This method, however, incurs a high communication overhead and heavy computation burden on Data owners. In this paper, we propose a novel scheme that enabling efficient Access Control with dynamic policy updating for big Data in the cloud. We focus on developing an outsourced policy updating method for ABE systems. Our method can avoid the transmission of encrypted Data and minimize the computation work of Data owners, by making use of the previously encrypted Data with old Access policies. Moreover, we also propose policy updating algorithms for different types of Access policies. Finally, we propose an efficient and secure method that allows Data owner to check whether the cloud server has updated the ciphertexts correctly. The analysis shows that our policy updating outsourcing scheme is correct, complete, secure and efficient.
-
expressive efficient and revocable Data Access Control for multi authority cloud storage
IEEE Transactions on Parallel and Distributed Systems, 2014Co-Authors: Kan Yang, Xiaohua JiaAbstract:Data Access Control is an effective way to ensure the Data security in the cloud. Due to Data outsourcing and untrusted cloud servers, the Data Access Control becomes a challenging issue in cloud storage systems. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is regarded as one of the most suitable technologies for Data Access Control in cloud storage, because it gives Data owners more direct Control on Access policies. However, it is difficult to directly apply existing CP-ABE schemes to Data Access Control for cloud storage systems because of the attribute revocation problem. In this paper, we design an expressive, efficient and revocable Data Access Control scheme for multi-authority cloud storage systems, where there are multiple authorities co-exist and each authority is able to issue attributes independently. Specifically, we propose a revocable multi-authority CP-ABE scheme, and apply it as the underlying techniques to design the Data Access Control scheme. Our attribute revocation method can efficiently achieve both forward security and backward security. The analysis and simulation results show that our proposed Data Access Control scheme is secure in the random oracle model and is more efficient than previous works.
-
dac macs effective Data Access Control for multiauthority cloud storage systems
IEEE Transactions on Information Forensics and Security, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo Zhang, Ruitao XieAbstract:Data Access Control is an effective way to ensure Data security in the cloud. However, due to Data outsourcing and untrusted cloud servers, the Data Access Control becomes a challenging issue in cloud storage systems. Existing Access Control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same Data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for Access Control of encrypted Data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a Data Access Control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose Data Access Control for multiauthority cloud storage (DAC-MACS), an effective and secure Data Access Control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive Data Access Control scheme (EDAC-MACS), which is secure under weaker security assumptions.
-
dac macs effective Data Access Control for multi authority cloud storage systems
International Conference on Computer Communications, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo ZhangAbstract:Data Access Control is an effective way to ensure the Data security in the cloud. However, due to Data outsourcing and untrusted cloud servers, the Data Access Control becomes a challenging issue in cloud storage systems. Existing Access Control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same Data or require a fully trusted cloud server. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for Access Control of encrypted Data. It requires a trusted authority manages all the attributes and distributes keys in the system. In cloud storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently. However, existing CP-ABE schemes cannot be directly applied to Data Access Control for multi-authority cloud storage systems, due to the inefficiency of decryption and revocation. In this paper, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure Data Access Control scheme with efficient decryption and revocation. Specifically, we construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security. The analysis and the simulation results show that our DAC-MACS is highly efficient and provably secure under the security model.
Zheng Yan - One of the best experts on this subject based on the ideXlab platform.
-
Game Theoretical Analysis on Acceptance of a Cloud Data Access Control System Based on Reputation
IEEE Transactions on Cloud Computing, 2020Co-Authors: Lijun Gao, Zheng Yan, Laurence T. YangAbstract:With the rapid development of the Internet, cloud storage has penetrated into every aspect of human society. However, cloud Data disclosure happens more and more frequently, which makes cloud Data security and privacy protection impact wide adoption of cloud storage. Control cloud Data Access based on reputation by introducing a Reputation Center (RC) was proposed and demonstrated to secure cloud Data effectively in [9] . But the acceptance of such a system by cloud users and Cloud Service Providers (CSPs) is crucial for its practical deployment and final success. In this paper, we investigate the acceptance of a cloud Data Access Control system based on reputation using Game Theory. Due to the existence of dishonest CSPs, there exists a social reputation dilemma among CSPs, which seriously impedes the popularity of cloud storage. To encourage users to use cloud storage and suppress collusion between CSPs and Data requesters, a repeated public-goods game is built up by applying a compensation mechanism to improve the utilities of cloud users and a punishment mechanism based on reputation to incent honest behaviors. Theoretical analysis and simulation results show the effectiveness of the compensation and punishment mechanisms to increase cloud storage rate and restrain dishonest system entities.
-
Flexible Data Access Control Based on Trust and Reputation in Cloud Computing
IEEE Transactions on Cloud Computing, 2017Co-Authors: Zheng Yan, Mingjun Wang, Athanasios V. VasilakosAbstract:Cloud computing offers a new way of services and has become a popular service platform. Storing user Data at a cloud Data center greatly releases storage burden of user devices and brings Access convenience. Due to distrust in cloud service providers, users generally store their crucial Data in an encrypted form. But in many cases, the Data need to be Accessed by other entities for fulfilling an expected service, e.g., an eHealth service. How to Control personal Data Access at cloud is a critical issue. Various application scenarios request flexible Control on cloud Data Access based on Data owner policies and application demands. Either Data owners or some trusted third parties or both should flexibly participate in this Control. However, existing work hasn't yet investigated an effective and flexible solution to satisfy this demand. On the other hand, trust plays an important role in Data sharing. It helps overcoming uncertainty and avoiding potential risks. But literature still lacks a practical solution to Control cloud Data Access based on trust and reputation. In this paper, we propose a scheme to Control Data Access in cloud computing based on trust evaluated by the Data owner and/or reputations generated by a number of reputation centers in a flexible manner by applying Attribue-Based Encryption and Proxy Re-Encryption. We integrate the concept of context-aware trust and reputation evaluation into a cryptographic system in order to support various Control scenarios and strategies. The security and performance of our scheme are evaluated and justified through extensive analysis, security proof, comparison and implementation. The results show the efficiency, flexibility and effectiveness of our scheme for Data Access Control in cloud computing.
-
Flexible Data Access Control in D2D communications
Future Generation Computer Systems, 2017Co-Authors: Zheng Yan, Haomeng Xie, Peng Zhang, Brij B. GuptaAbstract:Device-to-Device (D2D) communications have been regarded as an advanced technology for the next generation mobile communication networks and wireless systems (5G). It is essential to secure D2D communication Data for resisting malicious attacks. However, secure D2D communications among mobile devices have not been well solved. By paying attention to the important role of trust in securing D2D communications, in this paper, we propose a scheme using either a General Trust (GT) level issued by a core network or a Local Trust (LT) level evaluated by a device or both to Control D2D communication Data Access by applying Attribute-Based Encryption (ABE). This scheme realizes secure Data communications among mobile devices under the legacy system model of Long-Term Evolution (LTE). Performance analysis and evaluation demonstrate that the proposed scheme is effective with regard to security, computation complexity, communication cost, flexibility and scalability.
-
CIT - CDController: A Cloud Data Access Control System Based on Reputation
2017 IEEE International Conference on Computer and Information Technology (CIT), 2017Co-Authors: Huaqing Lin, Zheng Yan, Raimo KantolaAbstract:The rapid development of cloud computing is changing the way of service provision, Data usage and sharing over the Internet. Cloud Data privacy and security protection is a crucial issue that impacts the success of cloud computing and big Data. A number of cloud Data Access Control schemes have been proposed in the literature. However, existing solutions suffer from high computation complexity and cost and therefore few of them have been really deployed in practice. In this paper, we introduce a cloud Data Access Control system based on reputation named CDController. The system can securely Control cloud Data Access and effectively reduce Access risk according to the reputations of cloud computing entities by applying proxy re-encryption in the situation that the Data owner is not available online or does not know how to Control the Access. System evaluation based on a prototype implementation shows the effectiveness of the CDController.
Jinli Qiu - One of the best experts on this subject based on the ideXlab platform.
-
Scalable Industry Data Access Control in RFID-Enabled Supply Chain
IEEE ACM Transactions on Networking, 2016Co-Authors: Yuanqing Zheng, Yunhao Liu, Jinli QiuAbstract:Department of Computin
-
ICNP - Scalable Data Access Control in RFID-Enabled Supply Chain
2014 IEEE 22nd International Conference on Network Protocols, 2014Co-Authors: Yuanqing Zheng, Yunhao Liu, Jinli QiuAbstract:By attaching RFID tags to products, supply chain participants can identify products and create product Data to record the product particulars in transit. Participants along the supply chain share their product Data to enable information exchange and support critical decisions in production operations. Such an information sharing essentially requires a Data Access Control mechanism when the product Data relates to sensitive business issues. However, existing Access Control solutions are ill suited to the RFID-enabled supply chain, as they are not scalable in handling a huge number of tags, introduce vulnerability to the product Data, and performs poorly to support privilege revocation of product Data. We present a new scalable Data Access Control system that addresses these limitations. Our system provides an item-level Data Access Control mechanism that defines and enforces Access policies based on both the participants' role attribute and the products' RFID tag attribute. Our system further provides an item-level privilege revocation mechanism by allowing the participants to delegate encryption updates in revocation operation without disclosing the underlying Data contents. We design a new upDatable encryption scheme and integrate it with Cipher text Policy-Attribute Based Encryption (CP-ABE) to implement the key components of our system.
