Provably Secure Data Access Control Protocol for Cloud Computing
Abstract
:1. Introduction
- A provably secure user cloud data access control (DAC) protocol has been proposed. Unlike other protocols, a third-party semi-trusted key generation center (which can be provided by network operators such as China Telecom, China Unicom, and China Mobile) is introduced to encrypt and upload data, eliminating the security threat of the key generation center. It also implements a series of complete access control functions, such as user file encryption uploads, friend download requests, and user authorization friend downloads.
- An extensive analysis is conducted on the DAC protocol, proving that under the Larger Integer Factorization (IF) assumption, the file encryption algorithm of the protocol is indistinguishable under an adaptive Chosen Ciphertext Attack (IND-CCA). Under the condition of being a Gap Diffie–Hellman (GDH) group, we prove that the signature (i.e., authorization) in the protocol is Existential Unforgeability Against Adaptive Chosen Message Attacks (EUF-CMA) secure.
- We conduct simulations to assess the performance of the DAC protocol, meticulously measuring the time allocated for diverse operations, and, subsequently, we juxtapose these results with those of alternative protocols proposed in the field. The simulation outcomes and comparative analysis affirm the effectiveness and practicality of the DAC protocol.
2. Preknowledge
2.1. Bilinear Pairing
- The Decisional Diffie–Hellman Problem (DDH): Given , compute .
- The Decisional Diffie–Hellman Problem (DDH): Given , compute c. If , is called a valid Diffie–Hellman tuple.
2.2. System Model
- Us represents the user (data owner), which encrypts its data files through the key generation center and stores them in the cloud.
- KGC represents the key generation center, which generates partial keys and provides users with partial encryption and decryption services. The function is similar to the key manager or encryption server in the aforementioned literature, but the method used is different.
- The cloud stores encrypted files and related data.
- Fr represents the friend (data consumer), who needs the user’s cloud data to apply for file download authorization from the user.
2.3. Security Model
- Initialization. The challenger constructs the DAC system, after which the intruder acquires the public key of DAC.
- Enquiry. Intruder submits a decryption query to the challenger, who, upon decryption, furnishes the resulting plaintext to intrude .
- Challenge. Intruder generates two messages of equal length, denoted as , and subsequently receives the ciphertext from the challenger, where is a random value between 0 and 1.
- Guess. The intruder outputs and decides whether ; if so, intruder ’s attack is successful.
- The challenger runs in the system to obtain the public and private keys and selects a random function . Intruder obtains the public key.
- Intruder can ask the challenger for and authorization for a message.
- outputs a message and its signature, where has not requested the signature of the message from the challenger. If the signature (authorization) is verified, the intruder’s attack is successful.
3. Data Access Control Protocol
3.1. User File Upload Stage
3.2. Friend Download File Stage
- As shown in Figure 2, , Fr randomly selects and then sends a file download request to Us. .
- After receiving Fr’s request, Us will refuse if he does not agree with it; if he agrees to download the file, Us will randomly select and calculateThen,where and are IND-CCA secure public key cryptography algorithms.
- Fr sends a download request to the cloud. .
- The cloud determines whether is a DH valid Diffie–Hellman tuple. If not, the request is rejected. If the authorization verification is passed, then .
- Fr sends a decryption request to the KGC. .
- KGC determines whether is a DH valid Diffie–Hellman tuple.
4. Protocol Analysis
4.1. Correctness Analysis
4.2. Safety Certification
- Randomly select a number as an initial estimate for (but does not actually know ); meanwhile, assign to .
- inquiry: generates a list L, where the elements are triples of the form , for which the initial value is , with ∗ representing an unknown component, and is permitted to query L at any time. Upon querying , computes and provides the subsequent response:- (a)
- If there exist items in L, answer with .
- (b)
- If there exist items in L, answer with and replace with in L.
- (c)
- Otherwise, randomly select a number , answer with , and store in the list.
 
- Decryption inquiry: When asks for , responds as follows:- (a)
- If there is a first term in L, and the second element is (the term or , then is used to answer.
- (b)
- Otherwise, randomly select a number , answer with and store in L.
 
- Challenge: outputs message randomly selects , calculates , and answers with . Continue to answer .
- Guess: outputs guess , and checks L; if there exist items , then output .
- will not ask the random oracle twice;
- If requests a signature of message R, it has asked before;
- If outputs (R,sig), it has asked before.
- sends the generator g and the public key of group G to , where the secret key corresponding to is . In addition, is randomly selected as a guess value; the H inquiry of corresponds to the final forged result.
- H inquiry (at most times). creates a list , the initial value is null, and the element type is quadruple . When initiates the I-th inquiry (set the inquiry value as ), answers as follows:- (a)
- If there is an item corresponding to in , it will respond with .
- (b)
- Otherwise, randomly selects : if , then is calculated; otherwise, calculate .
 is used as the response to the query, and is stored in the list.
- Signature inquiry (at most times). When requests authorization from message R, let I satisfy . is the query value of the I-th H inquiry. answers the question as follows:- (a)
- If , then there is a quadruple in , and it calculates to answer forThus, is the signature of secret key to .
- (b)
- If , the simulation is interrupted.
 
- Output. outputs . If , then is interrupted; otherwise, outputs as forIf ’s guess is correct and outputs a forgery, then solves the CDH problem in step 4).The success of is determined by the following three events:- (a)
- : will not be interrupted in the signature inquiry of ;
- (b)
- : generates a valid message signature pair ;
- (c)
- : occurs and the subscript of the corresponding quadruple of R is .
 can solve the CDH problem with a non-negligible advantage , which contradicts the difficulty of the CDH problem. Therefore, the advantage of the polynomial time intruder to break the signature (authorization) algorithm is negligible, and the theorem is proven.
4.3. Scyther-Based Validation
5. Analytical Results
5.1. Security Comparison
5.2. Performance Evaluation
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Nivedhaa, R.; Justus, J. A Secure Erasure Cloud Storage System Using Advanced Encryption Standard Algorithm and Proxy Re-Encryption. In Proceedings of the 2018 International Conference on Communication and Signal Processing (ICCSP), Chennai, India, 3–5 April 2018; pp. 755–759. [Google Scholar] [CrossRef]
- Singh, P.; Saroj, S.K. A secure data dynamics and public auditing scheme for cloud storage. In Proceedings of the 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 6–7 March 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 695–700. [Google Scholar]
- Sengupta, B.; Nikam, N.; Ruj, S.; Narayanamurthy, S.; Nandi, S. An Efficient Secure Distributed Cloud Storage for Append-Only Data. In Proceedings of the 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), San Francisco, CA, USA, 2–7 July 2018; pp. 146–153. [Google Scholar] [CrossRef]
- Ali, M.; Bilal, K.; Khan, S.U.; Veeravalli, B.; Li, K.; Zomaya, A.Y. DROPS: Division and Replication of Data in Cloud for Optimal Performance and Security. IEEE Trans. Cloud Comput. 2018, 6, 303–315. [Google Scholar] [CrossRef]
- Fatemi Moghaddam, F.; Ahmadi, M.; Sarvari, S.; Eslami, M.; Golkar, A. Cloud computing challenges and opportunities: A survey. In Proceedings of the 2015 1st International Conference on Telematics and Future Generation Networks (TAFGEN), Kuala Lumpur, Malaysia, 26–28 May 2015; pp. 34–38. [Google Scholar] [CrossRef]
- Yuefei, Z.; Bin, L. Research and development of data storage security audit in cloud. Comput. Sci. 2020, 47, 290–300. [Google Scholar]
- Li, L.; An, X. Research on Storage Mechanism of Cloud Security Policy. In Proceedings of the 2018 International Conference on Virtual Reality and Intelligent Systems (ICVRIS), Hunan, China, 10–11 August 2018; pp. 130–133. [Google Scholar] [CrossRef]
- Markandey, A.; Dhamdhere, P.; Gajmal, Y. Data Access Security in Cloud Computing: A Review. In Proceedings of the 2018 International Conference on Computing, Power and Communication Technologies (GUCON), Greater Noida, India, 28–29 September 2018; pp. 633–636. [Google Scholar] [CrossRef]
- Mogarala, A.G.; Mohan, K.G. Security and Privacy Designs Based Data Encryption in Cloud Storage and Challenges: A Review. In Proceedings of the 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Bengaluru, India, 10–12 July 2018; pp. 1–7. [Google Scholar] [CrossRef]
- Shaik, N.S.; Ketepalli, G.; Reddy, V.N.; Reddy, T.M.K. Cryptograhy and Pk-Anonymization Methods for Secure Data Storage in Cloud. In Proceedings of the 2019 Third International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 12–14 December 2019; pp. 472–477. [Google Scholar] [CrossRef]
- Vora, A.V.; Hegde, S. Keyword-based private searching on cloud data along with keyword association and dissociation using cuckoo filter. Int. J. Inf. Secur. 2019, 18, 305–319. [Google Scholar] [CrossRef]
- Kodumru, N.L.; Supriya, M. Secure Data Storage in Cloud Using Cryptographic Algorithms. In Proceedings of the 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), Pune, India, 16–18 August 2018; pp. 1–6. [Google Scholar] [CrossRef]
- Wang, H.; He, D.; Han, J. VOD-ADAC: Anonymous Distributed Fine-Grained Access Control Protocol with Verifiable Outsourced Decryption in Public Cloud. IEEE Trans. Serv. Comput. 2020, 13, 572–583. [Google Scholar] [CrossRef]
- Rafique, F.; Obaidat, M.S.; Mahmood, K.; Ayub, M.F.; Ferzund, J.; Chaudhry, S.A. An Efficient and Provably Secure Certificateless Protocol for Industrial Internet of Things. IEEE Trans. Ind. Inform. 2022, 18, 8039–8046. [Google Scholar] [CrossRef]
- Seo, S.H.; Nabeel, M.; Ding, X.; Bertino, E. An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds. IEEE Trans. Knowl. Data Eng. 2014, 26, 2107–2119. [Google Scholar] [CrossRef]
- Ali, M.; Malik, S.U.R.; Khan, S.U. DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party. IEEE Trans. Cloud Comput. 2017, 5, 642–655. [Google Scholar] [CrossRef]
- Akhila, M.; Hemalatha, E.; Parvathi, S.; Karthikeyan, L. Data security in cloud using semi trusted third party key manager. Int. J. Sci. Res. Sci. Technol. 2016, 2, 111–113. [Google Scholar]
- Han, S.; Han, K.; Zhang, S. A Data Sharing Protocol to Minimize Security and Privacy Risks of Cloud Storage in Big Data Era. IEEE Access 2019, 7, 60290–60298. [Google Scholar] [CrossRef]
- Bian, G.; Chang, J. Certificateless Provable Data Possession Protocol for the Multiple Copies and Clouds Case. IEEE Access 2020, 8, 102958–102970. [Google Scholar] [CrossRef]
- Ben Daoud, W.; Rekik, M.; Meddeb-Makhlouf, A.; Zarai, F.; Mahfoudhi, S. SACP: Secure Access Control Protocol. In Proceedings of the 2021 International Wireless Communications and Mobile Computing (IWCMC), Harbin City, China, 28 June–2 July 2021; pp. 935–941. [Google Scholar] [CrossRef]
- Thakur, G.; Kumar, P.; Deepika; Jangirala, S.; Das, A.K.; Park, Y. An Effective Privacy-Preserving Blockchain-Assisted Security Protocol for Cloud-Based Digital Twin Environment. IEEE Access 2023, 11, 26877–26892. [Google Scholar] [CrossRef]
- Singh, D.; Chitkara, M. Advanced Privacy-Aware Protocol Placement in Cloud Security. In Proceedings of the 2023 International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE), Ballar, India, 29–30 April 2023; pp. 1–5. [Google Scholar] [CrossRef]
- Gundale, M.; Mishra, A. Security Models of cloud computing using Machine Learning Network Security Application. In Proceedings of the 2023 International Conference on Computational Intelligence and Sustainable Engineering Solutions (CISES), Greater Noida, India, 28–30 April 2023; pp. 340–346. [Google Scholar] [CrossRef]
- Kaur, M.; Kaimal, A.B. Analysis of Cloud Computing Security Challenges and Threats for Resolving Data Breach Issues. In Proceedings of the 2023 International Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India, 23–25 January 2023; pp. 1–6. [Google Scholar] [CrossRef]
- Mishra, S.; Chitkara, M. Service Level Trust Key Encryption based Cloud Security using Starvation End-Point Encryption. In Proceedings of the 2023 IEEE International Conference on Integrated Circuits and Communication Systems (ICICACS), Raichur, India, 24–25 February 2023; pp. 1–5. [Google Scholar] [CrossRef]
- Ali, M.; Dhamotharan, R.; Khan, E.; Khan, S.U.; Vasilakos, A.V.; Li, K.; Zomaya, A.Y. SeDaSC: Secure Data Sharing in Clouds. IEEE Syst. J. 2017, 11, 395–404. [Google Scholar] [CrossRef]
- Kumar, V.; Mohammed Ali Al-Tameemi, A.; Kumari, A.; Ahmad, M.; Falah, M.W.; Abd El-Latif, A.A. PSEBVC: Provably Secure ECC and Biometric Based Authentication Framework Using Smartphone for Vehicular Cloud Environment. IEEE Access 2022, 10, 84776–84789. [Google Scholar] [CrossRef]
- Boneh, D.; Lynn, B.; Shacham, H. Short signatures from the Weil pairing. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, 9–13 December 2001; Springer: Berlin/Heidelberg, Germany, 2001; pp. 514–532. [Google Scholar]
- Dhakad, N.; Kar, J. EPPDP: An Efficient Privacy-Preserving Data Possession With Provable Security in Cloud Storage. IEEE Syst. J. 2022, 16, 6658–6668. [Google Scholar] [CrossRef]
- Gupta, M.; Kumar, B.S. Lightweight Secure Session Key Protection, Mutual Authentication, and Access Control (LSSMAC) for WBAN-Assisted IoT Network. IEEE Sens. J. 2023, 23, 20283–20293. [Google Scholar] [CrossRef]
- Xu, S.; Han, X.; Xu, G.; Ning, J.; Huang, X.; Deng, R.H. An Adaptive Secure and Practical Data Sharing System with Verifiable Outsourced Decryption. IEEE Trans. Serv. Comput. 2023, 1–13. [Google Scholar] [CrossRef]
- Tanveer, M.; Bashir, A.K.; Alzahrani, B.A.; Albeshri, A.; Alsubhi, K.; Chaudhry, S.A. CADF-CSE: Chaotic map-based authenticated data access/sharing framework for IoT-enabled cloud storage environment. Phys. Commun. 2023, 59, 102087. [Google Scholar] [CrossRef]
- Amintoosi, H.; Nikooghadam, M.; Kumari, S.; Jun, F.; Xiong, H.; Kumar, S.; Rodrigues, J.J.P.C. Secure and Authenticated Data Access and Sharing Model for Smart Wearable Systems. IEEE Internet Things J. 2022, 9, 5368–5379. [Google Scholar] [CrossRef]
- Li, Q.; Ma, J.; Li, R.; Liu, X.; Xiong, J.; Chen, D. Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 2016, 59, 45–59. [Google Scholar] [CrossRef]
- Tiwari, D.; Chaturvedi, G.K.; Gangadharan, G. ACDAS: Authenticated controlled data access and sharing scheme for cloud storage. Int. J. Commun. Syst. 2019, 32, e4072. [Google Scholar] [CrossRef]
- Ghaffar, Z.; Ahmed, S.; Mahmood, K.; Islam, S.H.; Hassan, M.M.; Fortino, G. An Improved Authentication Scheme for Remote Data Access and Sharing Over Cloud Storage in Cyber-Physical-Social-Systems. IEEE Access 2020, 8, 47144–47160. [Google Scholar] [CrossRef]




| Protocol | Pros and Cons | Year | Ref. | 
|---|---|---|---|
| Secret Sharing Group Key Management Protocol | Pros: The protocol reduces the potential security and privacy hazards associated with data. Cons: The group key management protocol may need enhancements to address forward and backward security issues. | 2019 | [18] | 
| Certificateless Multi-Copy-Multi-Cloud Protocol | Pros: The protocol avoids the vulnerabilities of the certificateless approach. Cons: Insufficient attention has been given to the vulnerabilities inherent in this technology. | 2020 | [19] | 
| Secure Access Control Protocol | Pros: The proposed protocol can protect fog nodes from outside attacks and inside attacks. Cons: The design process is quite complex. | 2021 | [20] | 
| Blockchain-Assisted Security Protocol | Pros: This protocol shows efficient and enhanced security against various attacks. Cons: This protocol does not involve other environments. | 2023 | [21] | 
| Objectives | Pros and Cons | Year | Ref. | 
|---|---|---|---|
| Cloud Security | Pros: This article focuses on ensuring the security of cloud data. Cons: Insufficient attention has been given to the vulnerabilities inherent in this technology. | 2023 | [22] | 
| Cloud Computing Security | Pros: This article focuses on improving cloud security by encrypting cloud data in cloud workers. Cons: Larger datasets are not discussed. | 2023 | [23] | 
| Cloud Computing | Pros: This article provides a general overview of cloud computing. Cons: Weakness of resolving data breach issues. | 2023 | [24] | 
| Cloud Data and Cloud Security | Pros: This article provides efficient secure communication. Cons: Weaknesses of this technology are not discussed. | 2023 | [25] | 
| Symbol | Meaning | 
|---|---|
| Data file | |
| Policy file | |
| KGC generated public key | |
| KGC generated private key | |
| Encryption with symmetric key | |
| Public private key pair of Us | |
| Authorization generated by Us for Fr using KGC decryption | |
| Authorization of download of cloud data generated by Us for Fr | |
| Public private key pair of Fr | |
| U-key | Universal serial bus key | 
| Claims | For User/Smart U_j/SR | Attack Status | 
|---|---|---|
| Claim-a | claim (SR, Secret, SKe) | No attack found | 
| Claim-b | claim (SR, Alive) | No attack found | 
| Claim-c | claim (SR, Niagree) | No attack found | 
| Claim-d | claim (SR, Nisynch) | No attack found | 
| Claims | For Cloud Server (CR) | Attack Status | 
| Claim-a | claim (CR, Secret, SKe) | No attack found | 
| Claim-b | claim (CR, Alive) | No attack found | 
| Claim-c | claim (CR, Niagree) | No attack found | 
| Claim-d | claim (CR, Nisynch) | No attack found | 
| Framework | Sec1 1 | Sec2 2 | Sec3 3 | Sec4 4 | Sec5 5 | 
|---|---|---|---|---|---|
| Haleh [33] | ✕ | ✓ | ✓ | ✓ | ✓ | 
| Li [34] | ✓ | ✓ | ✓ | ✓ | ✓ | 
| Tiwari [35] | ✓ | ✕ | ✕ | ✓ | ✓ | 
| Zahid [36] | ✓ | ✓ | ✓ | ✓ | ✓ | 
| Tanveer [32] | ✓ | ✓ | ✓ | ✓ | ✓ | 
| The proposed | ✓ | ✓ | ✓ | ✓ | ✓ | 
| File Size (MB) | [14] | [15] | [18] | DAC | ||||
|---|---|---|---|---|---|---|---|---|
| UL | DL | UL | DL | UL | DL | UL | DL | |
| 0.1 | 1.48 | 1.15 | 1.4 | 0.99 | 0.80 | 0.80 | 0.53 | 0.55 | 
| 0.5 | 1.89 | 1.31 | 1.48 | 1.03 | 0.94 | 0.96 | 0.74 | 0.82 | 
| 1 | 2.90 | 1.85 | 2.06 | 1.48 | 1.24 | 1.18 | 1.10 | 1.17 | 
| 10 | 14.59 | 10.45 | 14.95 | 9.90 | 6.43 | 6.48 | 5.37 | 5.61 | 
| 50 | 60.37 | 35.90 | 58.56 | 35.57 | 9.01 | 10.24 | 7.69 | 8.53 | 
| 100 | 155.15 | 61.59 | 112.41 | 59.14 | 17.37 | 20.68 | 14.03 | 17.53 | 
| 500 | 872.09 | 400.21 | 492.03 | 229.81 | 33.24 | 39.25 | 30.35 | 33.11 | 
| Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. | 
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhang, J.; Chen, A.; Zhang, P. Provably Secure Data Access Control Protocol for Cloud Computing. Symmetry 2023, 15, 2111. https://doi.org/10.3390/sym15122111
Zhang J, Chen A, Zhang P. Provably Secure Data Access Control Protocol for Cloud Computing. Symmetry. 2023; 15(12):2111. https://doi.org/10.3390/sym15122111
Chicago/Turabian StyleZhang, Ji, Anmin Chen, and Ping Zhang. 2023. "Provably Secure Data Access Control Protocol for Cloud Computing" Symmetry 15, no. 12: 2111. https://doi.org/10.3390/sym15122111
APA StyleZhang, J., Chen, A., & Zhang, P. (2023). Provably Secure Data Access Control Protocol for Cloud Computing. Symmetry, 15(12), 2111. https://doi.org/10.3390/sym15122111
 
        



 
       