EACSIP: Extendable Access Control System with Integrity Protection for enhancing collaboration in the cloud

Author

Willy SUSILO
Peng JIANG
Fuchun GUO
Guomin YANG, Singapore Management UniversityFollow
Yong YU
Yi MU

Publication Type

Journal Article

Version

publishedVersion

Publication Date

12-2017

Abstract

It is widely acknowledged that the collaborations with more users increase productivity. Secure cloud storage is a promising tool to enhance such a collaboration. Access control system can be enabled with attribute-based encryption. In this system, a user encrypts and uploads his/her data to the cloud with an access policy, such that only people who satisfy that access policy can decrypt the data. When a recipient would like to enable another person who is originally unauthorized by the original access policy, this recipient will need to extend the access policy by adding a new policy that includes the new person hence, the notion of extendable access control system. Admitting new users to access the uploaded data is an important requirement in enhancing collaborations. The main issue is with regards to the integrity protection during the process of extending the access policy. When a new access policy is added, the cloud has to be sure that the extended access policy remains guarding the same encrypted data as the original access policy, even though the cloud cannot decrypt this ciphertext, which is a challenging problem to solve. In this paper, we answer the above problem affirmatively by introducing an extendable access control system with Integrity Protection (EACSIP), which is suitable to enhance collaboration in the cloud. The construction of EACSIP is built on top of a novel cryptographic primitive, namely functional key encapsulation with equality testing. The security proof and the performance evaluation of EACSIP are provided in this paper.

Keywords

cloud storage, equality test, Extendable access control, integrity protection

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Information Forensics and Security

Volume

12

Issue

12

First Page

3110

Last Page

3122

ISSN

1556-6013

Identifier

10.1109/TIFS.2017.2737960

Publisher

Institute of Electrical and Electronics Engineers

Citation

SUSILO, Willy; JIANG, Peng; GUO, Fuchun; YANG, Guomin; YU, Yong; and MU, Yi. EACSIP: Extendable Access Control System with Integrity Protection for enhancing collaboration in the cloud. (2017). IEEE Transactions on Information Forensics and Security. 12, (12), 3110-3122.
Available at: https://ink.library.smu.edu.sg/sis_research/7426

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://doi.org/10.1109/TIFS.2017.2737960