Comparison-based encryption for fine-grained access control in clouds

Yan Zhu; Hongxin Hu; Gail-Joon Ahn; Mengyang Yu; Hongjia Zhao

doi:10.1145/2133601.2133614

Comparison-based encryption for fine-grained access control in clouds

Yan Zhu, Hongxin Hu, Gail-Joon Ahn, Mengyang Yu, Hongjia Zhao

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

34 Scopus citations

Abstract

Access control is one of the most important security mechanisms in cloud computing. However, there has been little work that explores various comparison-based constraints for regulating data access in clouds. In this paper, we present an innovative comparison-based encryption scheme to facilitate fine-grained access control in cloud computing. By means of forward/backward derivation functions, we introduce comparison relation into attribute-based encryption to implement various range constraints on integer attributes, such as temporal and level attributes. Then, we present a new cryptosystem with dual decryption to reduce computational overheads on cloud clients, where the majority of decryption operations are executed in cloud servers. We also prove the security strength of our proposed scheme, and our experiment results demonstrate the efficiency of our methodology.

Original language	English (US)
Title of host publication	CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
Pages	105-116
Number of pages	12
DOIs	https://doi.org/10.1145/2133601.2133614
State	Published - 2012
Event	2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12 - San Antonio, TX, United States Duration: Feb 7 2012 → Feb 9 2012

Publication series

Name	CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

Conference

Conference	2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12
Country/Territory	United States
City	San Antonio, TX
Period	2/7/12 → 2/9/12

Keywords

access control
attribute-based encryption
cloud
cryptography
dual decryption
integer comparison

ASJC Scopus subject areas

Computer Science Applications

Access to Document

10.1145/2133601.2133614

Cite this

Zhu, Y., Hu, H., Ahn, G-J., Yu, M., & Zhao, H. (2012). Comparison-based encryption for fine-grained access control in clouds. In CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (pp. 105-116). (CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy). https://doi.org/10.1145/2133601.2133614

Comparison-based encryption for fine-grained access control in clouds. / Zhu, Yan; Hu, Hongxin; Ahn, Gail-Joon et al.
CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy. 2012. p. 105-116 (CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zhu, Y, Hu, H, Ahn, G-J, Yu, M & Zhao, H 2012, Comparison-based encryption for fine-grained access control in clouds. in CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy. CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, pp. 105-116, 2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12, San Antonio, TX, United States, 2/7/12. https://doi.org/10.1145/2133601.2133614

@inproceedings{4649e4e7a0f24de98570a09bb62a5551,

title = "Comparison-based encryption for fine-grained access control in clouds",

abstract = "Access control is one of the most important security mechanisms in cloud computing. However, there has been little work that explores various comparison-based constraints for regulating data access in clouds. In this paper, we present an innovative comparison-based encryption scheme to facilitate fine-grained access control in cloud computing. By means of forward/backward derivation functions, we introduce comparison relation into attribute-based encryption to implement various range constraints on integer attributes, such as temporal and level attributes. Then, we present a new cryptosystem with dual decryption to reduce computational overheads on cloud clients, where the majority of decryption operations are executed in cloud servers. We also prove the security strength of our proposed scheme, and our experiment results demonstrate the efficiency of our methodology.",

keywords = "access control, attribute-based encryption, cloud, cryptography, dual decryption, integer comparison",

author = "Yan Zhu and Hongxin Hu and Gail-Joon Ahn and Mengyang Yu and Hongjia Zhao",

year = "2012",

doi = "10.1145/2133601.2133614",

language = "English (US)",

isbn = "9781450310918",

series = "CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy",

pages = "105--116",

booktitle = "CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy",

note = "2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12 ; Conference date: 07-02-2012 Through 09-02-2012",

}

TY - GEN

T1 - Comparison-based encryption for fine-grained access control in clouds

AU - Zhu, Yan

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Yu, Mengyang

AU - Zhao, Hongjia

PY - 2012

Y1 - 2012

N2 - Access control is one of the most important security mechanisms in cloud computing. However, there has been little work that explores various comparison-based constraints for regulating data access in clouds. In this paper, we present an innovative comparison-based encryption scheme to facilitate fine-grained access control in cloud computing. By means of forward/backward derivation functions, we introduce comparison relation into attribute-based encryption to implement various range constraints on integer attributes, such as temporal and level attributes. Then, we present a new cryptosystem with dual decryption to reduce computational overheads on cloud clients, where the majority of decryption operations are executed in cloud servers. We also prove the security strength of our proposed scheme, and our experiment results demonstrate the efficiency of our methodology.

AB - Access control is one of the most important security mechanisms in cloud computing. However, there has been little work that explores various comparison-based constraints for regulating data access in clouds. In this paper, we present an innovative comparison-based encryption scheme to facilitate fine-grained access control in cloud computing. By means of forward/backward derivation functions, we introduce comparison relation into attribute-based encryption to implement various range constraints on integer attributes, such as temporal and level attributes. Then, we present a new cryptosystem with dual decryption to reduce computational overheads on cloud clients, where the majority of decryption operations are executed in cloud servers. We also prove the security strength of our proposed scheme, and our experiment results demonstrate the efficiency of our methodology.

KW - access control

KW - attribute-based encryption

KW - cloud

KW - cryptography

KW - dual decryption

KW - integer comparison

UR - http://www.scopus.com/inward/record.url?scp=84863269353&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863269353&partnerID=8YFLogxK

U2 - 10.1145/2133601.2133614

DO - 10.1145/2133601.2133614

M3 - Conference contribution

AN - SCOPUS:84863269353

SN - 9781450310918

T3 - CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

SP - 105

EP - 116

BT - CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

T2 - 2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12

Y2 - 7 February 2012 through 9 February 2012

ER -

Comparison-based encryption for fine-grained access control in clouds

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this