Sanitizable access control system for secure cloud storage against malicious data publishers

Author

Willy SUSILO, University of Wollongong
Peng JIANG, Beijing Institute of Technology
Jianchang LAI, Fujian Normal University
Fuchun GUO, University of Wollongong
Guomin YANG, Singapore Management UniversityFollow
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

5-2022

Abstract

Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. This convenience has enabled corporations to efficiently use the cloud storage as a mechanism to share data among their employees. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. This is assuming that the cloud is fully trusted for not leaking any information, which is impractical as the cloud is owned by a third party. Therefore, encryption is mandatory, and the shared data will need to be stored as a ciphertext using an appropriate access control. However, in practice, some of these employees may be malicious and may want to deviate from the required sharing policy. The existing protection in the literature has been explored to allow only legitimate recipients to decrypt the contents stored in the cloud storage, but unfortunately, no existing work deals with issues raised due to the presence of malicious data publishers. Malicious data publishers construct data following the given policy, but the ciphertexts can actually be decrypted by unauthorized users without valid keys, or simply, anyone else who is unauthorized. The impact of the involvement of malicious data publishers is detrimental, as it may damage intellectual properties from the corporations. Therefore, it remains an elusive research problem on how to enable a sound approach to resolve the issue when malicious data publishers are involved in the system, which is a very practical question. In this work, we present a new direction of research that can cope with the presence of malicious data publishers. We resolve the aforementioned problem by proposing the notion of Sanitizable Access Control System (SACS), which is designed for a secure cloud storage that can also resist against malicious data publishers. We define the threat model and its formal security model, as well as its design and scheme which is based on q-Parallel Bilinear Diffie-Hellman Exponent Assumption. We provide the security proof of our construction as well as its performance analysis. We believe that this work has opened a new area of research which has never been explored before, even though it is very practical. Therefore, this work will enhance the adoption of secure cloud storage in practice.

Keywords

Secure cloud storage, access control, sanitizable, malicious data publishers

Discipline

Information Security | Theory and Algorithms

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

19

Issue

3

First Page

2138

Last Page

2148

ISSN

1545-5971

Identifier

10.1109/TDSC.2021.3058132

Publisher

Institute of Electrical and Electronics Engineers

Citation

SUSILO, Willy; JIANG, Peng; LAI, Jianchang; GUO, Fuchun; YANG, Guomin; and DENG, Robert H.. Sanitizable access control system for secure cloud storage against malicious data publishers. (2022). IEEE Transactions on Dependable and Secure Computing. 19, (3), 2138-2148.
Available at: https://ink.library.smu.edu.sg/sis_research/7302

Copyright Owner and License

Publisher

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TDSC.2021.3058132