flexible data access
TRANSCRIPT
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
1
Abstractβ Cloud computing offers a new way of services and
has become a popular service platform. Storing user data at a cloud data center greatly releases storage burden of user devices and brings access convenience. Due to distrust in cloud service providers, users generally store their crucial data in an encrypted form. But in many cases, the data need to be accessed by other entities for fulfilling an expected service, e.g., an eHealth service. How to control personal data access at cloud is a critical issue. Various application scenarios request flexible control on cloud data access based on data owner policies and application demands. Either data owners or some trusted third parties or both should flexibly participate in this control. However, existing work hasnβt yet investigated an effective and flexible solution to satisfy this demand. On the other hand, trust plays an important role in data sharing. It helps overcoming uncertainty and avoiding potential risks. But literature still lacks a practical solution to control cloud data access based on trust and reputation. In this paper, we propose a scheme to control data access in cloud computing based on trust evaluated by the data owner and/or reputations generated by a number of reputation centers in a flexible manner by applying Attribue-Based Encryption and Proxy Re-Encryption. We integrate the concept of context-aware trust and reputation evaluation into a cryptographic system in order to support various control scenarios and strategies. The security and performance of our scheme are evaluated and justified through extensive analysis, security proof, comparison and implementation. The results show the efficiency, flexibility and effectiveness of our scheme for data access control in cloud computing.
Index Termsβ Trust; reputation; access control; cloud computing.
This work is sponsored by the PhD grant (JY0300130104) of Chinese
Educational Ministry, the initial grant of Chinese Educational Ministry for researchers from abroad (JY0600132901), and the grant of Shaanxi Province for excellent researchers from abroad (680F1303).
Zheng Yan is with the State Key Lab of Integrated Services Networks, Xidian University, Xi'an 710071, China. (e-mail: [email protected])
Zheng Yan is with the Department of Communications and networking, Aalto University, Otakaari 5, Espoo 02150, Finland. (e-mail: [email protected]).
Xueyun Li is with the Department of Communications and Networking, Aalto University, Otakaari 5, Espoo 02150, Finland. (e-mail: [email protected])
Mingjun Wang is with the State Key Lab of Integrated Services Networks, Xidian University, Xiβan, 710071, China. (e-mail: [email protected]).
Athanasios V. Vasilakos is with the Lulea University of Technology, Sweden. (e-mail: [email protected])
I. INTRODUCTION LOUD computing offers a new way of services by re-arranging various resources (e.g., storage, computing
and services) and providing them to users based on their demands. Cloud computing provides a big resource pool by linking various network resources together. It has desirable properties, such as scalability, elasticity, fault-tolerance, and pay-per-use. Therefore, it becomes a promising service platform, rearranging the structure of Information Technologies. In many situations, different Cloud Service Providers (CSPs) are requested to collaborate together in order to provide an expected service to a user.
On the other hand, reputation and trust relationships in different contexts can be assessed based on social networking activities, behaviors and experiences, as well as performance evaluation. With the rapid growth of mobile communications and the wide usage of mobile devices, people nowadays perform various social activities with their mobile devices, e.g., calling, chatting, sending short messages, and conducting instant social activities via various wireless network connections. Social trust relationships can be established and assessed in a digital world, as illustrated in [29]. Reputation can be assessed based on feedback and Quality of Service (QoS) of an entity [30]. Trust and reputation play a decisive role in cyber security.
A. Motivation One important issue in cloud computing is data security.
Private data of users are stored in the data center of CSP to release the storage and computing burden of personal devices. Typical data examples are social security records and health statistical data monitored by wearable sensors. However, the CSP could be curious on personal privacy [38]. Thus, critical personal data stored in CSP are generally encrypted and their access is controlled. Obviously, these personal data could be accessed by other entities in order to fulfill a cloud service. How to control personal data access at CSP is a practical issue.
Rationally, the data owner should control own data access. But in many situations, the data owner is not available or has no idea how to do the control, when, for example, personal health records should be accessed by several medical experts in order to figure out a treatment solution or by a foreign physician when the data owner is traveling and falling into a
Flexible Data Access Control based on Trust and Reputation in Cloud Computing
Zheng Yan, Senior Member, IEEE, Xueyun Li, Mingjun Wang and Athanasios V. Vasilakos, Senior Member, IEEE
C
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
2
health problem abroad. Therefore, an access control agent is expected in this situation in order to reduce the risk of the data owner in personal data management. Considering both above demands in practice, a heterogeneous scheme that can flexibly control data access in cloud computing is expected.
A number of solutions have been proposed for protecting data access in the cloud. Access Control List (ACL) based solutions suffer from the drawback that computation complexity grows linearly with the number of data-groups [4] or the number of users in the ACL [5]. Role Based Access Control (RBAC) cannot flexibly support various data access demands that rely on trust [31]. In recent years, access control schemes based on Attribute-Based Encryption (ABE) were proposed for controlling cloud data access based on attributes in order to enhance flexibility [13-15, 18, 19, 22, 24]. However, the computation cost of these solutions is generally high due to the complexity of attribute structure. The time spent on data encryption, decryption and key management is more than symmetric key or asymmetric key encryptions. Critically, most of existing schemes cannot support controlling cloud data access by either the data owner or access control agents or both. This fact greatly influences the practical deployment of existing schemes. Current research is still at the stage of academic study. Little work was proposed to control the access of data stored at the CSP based on the trust evaluated by the data owner or the reputation generated by a trusted third party (e.g., a reputation center) or both in a uniform design.
B. Main Contributions In this paper, we propose a scheme to flexibly control data
access based on trust and reputation in cloud computing. We propose multi-dimensional controls on cloud data access based on the policies and strategies set by the data owner. Concretely, the data owner encrypts its data with a symmetric secret key πΎ. This encryption key can be divided into multiple parts in order to support various control strategies. For example, the data owner can control its data access based on either individual trust evaluation or reputation generated by multiple RCs or according to both above in order to highly ensure data security and privacy in various situations. In more details, the secret encryption key πΎ can be divided into multiple parts πΎ!,πΎ!,β¦ ,πΎ! (π β₯ 0). The data owner encrypts different parts of πΎ with different encryption keys that are respectively managed by the data owner and a number of reputation centers (RCs) regarding different reputation properties in different contexts (e.g., user feedback, brand rank and credibility in medical treatment). Later on, the data owner and/or RCs can control the data access following the way of data encryption handled by the data owner. Specifically, the contributions of this paper can be summarized as below: 1) We motivate securing cloud data by controlling its access based on the trust and reputation evaluated by the data owner and/or multiple reputation centers in a flexible manner. 2) To the best of our knowledge, our scheme is one of the first to flexibly control cloud data access in an efficient way by integrating the concept of trust and reputation evaluation into a
cryptographic system. It can support various control policies and strategies in different scenarios. 3) We prove and justify the security and advanced performance of our scheme through extensive analysis, security proof and implementation.
The rest of the paper is organized as follows. Section II briefly reviews related work. Section III introduces the system and threat models and our design goals. In Section IV, we present the detailed description of the proposed scheme, followed by example approaches of trust evaluation and reputation generation in Section V. In Section VI, we prove scheme security, analyze its computation complexity, and evaluate its performance through implementation. Finally, conclusion is presented in the last section.
II. RELATED WORK In cloud computing, data owners upload personal data to
CSP and allow it to maintain these data. Rather than fully trusting the CSP, existing research [1-3] proposed to only outsource encrypted data to the cloud in order to ensure data privacy. The encrypted data can only be decrypted by authorized entities with permissions.
A. Access Control on Encrypted Data Different cryptographic mechanisms are applied to realize
access control on encrypted data. By adopting a traditional symmetric key cryptographic system, the data owner can classifies data with similar ACLs into a data-group before outsourcing to CSP, and then encrypts each data-group with a symmetric key. The symmetric key will be distributed to the users in the ACL, so that only the users in the ACL can access the corresponding group of data [4]. The main drawback of this approach is that the number of keys managed by the data owner grows linearly with the number of data-groups. The change of trust relationship between one user and the data owner could make the symmetric key revoked, which impacts other users in the same ACLs and increases the burden of key management. Thus, this solution is impractical in many real application scenarios.
Another approach is based on the combination of traditional symmetric key and public key cryptographic systems [5]. The data owner first specifies an ACL for a data, and then encrypts the data with a symmetric key, which is encrypted with the public keys of users in the ACL. Therefore, only the users in the ACL can recover the data using their private keys. The main drawback of this approach is that the cost for encrypting the symmetric key grows linearly with the number of users in the ACL. This approach cannot efficiently handle frequent changes of trust relationships, either.
RBAC has been applied in cloud computing. It provides flexibility on access control management at a level that corresponds closely to an organizationβs policy and structure. Zhou et al. proposed a secure RBAC-based cloud storage system where the access control policies are enforced by Role-Based Encryption (RBE) [31]. This RBE scheme enforces RBAC policies on encrypted data stored in the cloud with an efficient user revocation mechanism, so that only the
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
3
users with appropriate roles specified by a RBAC policy can decrypt the data. Wang et al. proposed a dynamic role based access control framework by integrating trusted computing with RBAC in cloud computing [32]. We can find many RBAC mechanisms for cloud computing in the literature [33, 34], but most of them cannot flexibly satisfy various data access demands that request trust, especially for the same role. Fine-grained access control inside a role cannot be supported.
Attribute based access control is also an important technical division in secure cloud computing. ABE [6-9, 39] is a promising cryptographic technique and an attractive choice when selecting an encryption scheme for cloud computing. In an ABE system, users are identified by a set of attributes rather than an exact identity. Each data is encrypted with an attribute-based access structure, such that only the users whose attributes satisfy the access structure can decrypt the data. ABE has developed into two branches, Key-Policy ABE (KP-ABE) [7] and Ciphertext-Policy ABE (CP-ABE) [6, 8] depending on how attributes and policies are associated with ciphertexts and decryption keys.
ABE is widely applied in secure data storage for cloud computing in order to achieve flexibility, scalability and fine-grained access control [13-15, 18, 19, 22, 24]. Examples are a Hierarchical Attribute-Set-Based Encryption (HASBE) for data access control in cloud computing by extending Ciphertext-Policy Attribute-Set-Based Encryption (ASBE) with a hierarchical structure of users [22]. The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation. Yu et al. proposed an access control mechanism based on KP-ABE for cloud computing, together with Proxy Re-Encryption (PRE) and lazy re-encryption for efficient user revocation [13]. This scheme enables a data owner to delegate most of the computational overhead to cloud servers. It provides user access privilege confidentiality and user secret key accountability. The use of KP-ABE provides fine-grained access control gracefully. Each file is encrypted with a symmetric Data Encryption Key (DEK), which is in turn encrypted by a public key corresponding to a set of attributes in KP-ABE. Wang, Liu and Wu proposed hierarchical ABE (HABE) to achieve fine-grained access control in cloud storage services by combining Hierarchical Identity-Based Encryption (HIBE) and CP-ABE [14, 18]. This scheme fully delegates computation to CSP. Tang et al. presented FADE, a secure overlay cloud storage system that provides fine-grained access control and assured deletion for outsourced data on cloud [28]. In FADE, active data files that remain on the cloud are associated with a set of user-defined file access policies (e.g., time expiration, read/write permissions of authorized users), such that data files are accessible only to users who satisfy the file access policies. In addition, FADE generalizes time-based file assured deletion (i.e., data files are assuredly deleted upon time expiration) into a more fine-grained approach called policy-based file assured deletion, in which
data files are assuredly deleted when the associated file access policies are revoked and become obsolete.
However, existing access control solutions based on ABE applied complicated attribute structure to achieve fine-grained access control, which makes computation load for key and data management heavy. An efficient access control scheme is expected in practice. Notably, little existing work proposed to control cloud data access based on trust and/or reputation that actually play a decisive role in data sharing. Integrating trust/reputation mechanism into a traditional cryptographic system for data access control hasnβt yet been seriously explored. Our work is a useful supplement of prior arts.
Barsoum and Hasan proposed a cloud-based storage scheme that supports outsourcing of dynamic data to cloud [35]. This scheme ensures authorized users to receive the most recent version of the outsourced data. In case of dispute regarding data integrity/newness, a Trusted Third Party is able to determine the dishonest party in order to achieve indirect mutual trust between data owners and CSP. By applying broadcast encryption, lazy revocation, and key rotation, access control for the outsourced data is achieved. Our scheme applies different technologies to control cloud data access based on trust and reputation.
B. User Revocation User revocation is not a trivial task. The key problem is that
the revoked users still retain the keys issued earlier, and thus can still decrypt ciphertexts. Therefore, whenever a user is revoked, the re-keying and re-encryption operations need to be executed by the data owner to prevent the revoked user from accessing the future data. For example, when ABE is adopted to encrypt data, the work in [10] proposed to require the data owner to periodically re-encrypt the data, and re-distribute new keys to authorized users. This approach is very inefficient due to the heavy workload introduced to the data owner.
A better solution is to let the data owner delegate a third party to execute some computational intensive tasks, e.g., re-encryption, while leaking the least information. Proxy Re-Encryption (PRE) [11, 12] is a good choice, where a semi-trusted proxy is able to convert a ciphertext that can be decrypted by Alice into another ciphertext that can be decrypted by Bob, without knowing the underlying data and user secret keys. For example, the work in [13] is one of the first to combine KP-ABE and PRE to delegate most of the computation tasks involved in user revocation to CSP. The work in [14] combined PRE and a CP-ABE system to achieve a scalable revocation mechanism in cloud computing. Attribute revocation was supported in [15]. It requires that once a user is revoked from a system, the data owner should send PRE keys to the CSP, with which the CSP can be delegated to execute re-encryption. The main problem of this approach is that the data owner should be online in order to send the PRE keys to the CSP in a timely fashion, to prevent the revoked user from accessing the data. The delay of issuing PRE keys may cause a potential security risk. Yang et al. constructed a new multi-authority CP-ABE scheme with efficient decryption and proposed an efficient attribute
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
4
revocation method for it. This scheme can be applied into access control for multi-authority cloud storage systems [37]. But this scheme cannot flexibly control data access by either the data owner or authorized parties or both at the same time.
In our proposed scheme, revocation is implemented through the cooperation between the data owner, CSP and RCs based on a reputation mechanism. Policy based access control is applied at CSP and RCs. Key re-generation is conducted if necessary by the data owner. Thus, the computation complexity is reduced and at the same time flexibility is ensured for access control.
C. Reputation System Building a mutual trust relationship between users and
cloud platform is the key to implement new access control methods in cloud. There are many reputation management systems available nowadays [16]. Some work proposes to compose a number of services together based on trust and select services based on reputation [17]. Lin et al. proposed a mutual trust based access control (MTBAC) model [36]. It takes both user's behavior trust and cloud service credibility into consideration. Trust relationships between users and CSPs are established by mutual trust mechanism. However, most existing reputation management systems didnβt consider how to control personal data access based on reputation over the cloud. Access control at CSP based on trust and reputation was seldom studied.
In our previous work, we propose using trust level to control data access, e.g., in pervasive social networking [21]. But the scheme in [21] is not about controlling access to the data stored in CSP. In [29], we proposed using trust level assessed in mobile social networking to control personal data access at CSP. But this scheme cannot control data access in the case that the data owner has no idea of the trust/reputation of a data requester or when the data owner is offline. Therefore, we further propose introducing one or more RCs to delegate a data owner for data access control when it cannot justify the reputation of a data requester or when it is not available. We advocate that a flexible and heterogeneous approach is expected in the fulfillment of various practical demands over the cloud.
III. PROBLEM STATEMENT
A. System and Threat Models The following scenario illustrates the problem we are going
to solve. A mobile userβs personal health data (e.g., collected by his on-body wearable devices) are stored at the data center of CSP. In order to avoid the data to be disclosed to the CSP and unauthorized entities, the user encrypts the data to limit access. He would like to assign the people he trusts to access these data. He also prefers to assign the entity (e.g., a CSP) reputable for health treatment to access these data if CSP collaboration is needed for a health treatment. How to ensure secure personal data access by a trustworthy entity (e.g., a user, a service provider, or a service) is an important issue. The user trusts some people or CSPs based on his own
experiences. But in many cases, it is hard for him to judge the trustworthiness of all entities involved into service provision. In this case, the data owner cannot properly control the data access by itself. Particularly, we hope to support such a case that a medical treatment can be conducted in an urgent situation based on historical health records, e.g., for a patient who falls into an accident when travelling abroad. In this case, personal health data access can be issued based on reputation according to the data ownerβs policies. Meanwhile, compensation or insurance should be provided for personal data disclosure. How to flexibly ensure trustworthy data access in the above situations is critical in practice.
Fig. 1: A system model
We consider such a system involving three different kinds of entities, as illustrated in Figure 1: the cloud user that interacts with CSPs for consuming various services (e.g., data storage and data access). The user can be a data owner or a data requester; the reputation center (RC) that has functions and capability that the user does not have and is trusted to generate and provide reputation certificates for system entities regarding different data access contexts; the CSP that can be either private for specific users or public for all users and other CSPs. The private and public CSPs can collaborate together in order to provide a service requested by a user. For example, when a private CSP cannot satisfy a userβs demand, it could collaborate with other public or private CSPs. The data owned by a system entity and stored at the CSP could be accessed by another system entity during the fulfillment of a cloud service. Users are not only human beings, but also CSPs. Each CSP has its own data center for data storage, a resource center that can offer various services and a management center that is responsible for service request and provision.
The system design holds the following assumptions. RC is a trusted party for reputation generation in different data access contexts. It can collect sufficient information to conduct accurate reputation evaluation, thus provide accurate reputation information of each system entity. Multiple RCs could exist in the system. An insurance company can operate RC. It compensates loss of data disclosure. In order to earn reputation and business profits, RC should behave honestly (based on an analysis with game theory). The data owner (that is also a cloud user) has a trustworthy personal device that can directly control personal data access based on individual trust
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
5
evaluation on different system entities, e.g., according to social networking experiences. The CSP offers data storage services. But it could be curious to seek the privacy of other parties based on stored data and may disclose it. CSP provides stored data to a requester according to the instruction of RC and/or the data owner due to business incentive. RC is always available for registration and authorization of data access rights. But RC is not allowed to access the stored data by CSPs. RCs and CSPs donβt collude with each other due to business reasons since collusion may make both of them lose profits. This is assumed based on a game theoretic study. Concretely, if a collusion strategy is applied, CSP cannot earn revenue due to loss of data storage users and RC will lose its business since finally it cannot collect data insurance fee. The communications between the system entities are secured by applying an existing security protocol. Each cloud user registers at its delegating RCs with a unique identifier and personal data access policies. Our scheme follows existing regulations, e.g., relevant identities and qualification certificates (e.g., health physician certifications) should be registered and verified before executing our scheme.
We further assume context-aware trust evaluation is applied to support our scheme. We only consider the trust or reputation required in the context of data access. Notably, the trust level sufficient for different data access could be different. In different contexts, different trust evaluation algorithms could be applied for supporting access control. The data owner can choose RCs based on their reputations, which can be evaluated based on data owner feedback, the QoS of RC services, and so on.
B. Design Goals To achieve trustworthy data access and avoid potential risks
in cloud storage services, our design should achieve the following security and performance goals: 1) security and safety: the data stored in CSP can only be accessed by eligible system entities that are trustworthy enough; the control of data access is based on trust and reputation with a minimum risk; 2) heterogeneity: the proposed scheme can support various data access demands. It can support data access directly controlled by the data owner and/or by one or more RCs in an indirect way when the data owner is not available or cannot make an access decision; 3) flexibility: the proposed scheme can be flexibly applied to satisfy different access control scenarios, strategies and policies; 4) lightweight: the scheme controls cloud data access with minimum computation and communication overhead.
IV. THE PROPOSED SCHEME
A. Notations/Preliminaries and Definitions Bilinear pairing: Let πΎ and πΎ! be two cyclic multiplicative
groups with the same prime order π, that is, πΎ = |πΎ!| = π. Let π be a generator of πΎ . Let us have a bilinear map β― βΆ πΎ Γ πΎ β πΎ!, with the following properties:
β’ Bilinear: for all π’, π£ β πΎ and π, π β π! , β―(π’! , π£!) =β―(π’, π£)!".
β’ Non-degenerate: β―(π,π) β 1 for the generator π. β’ Computable: there is an efficient algorithm to compute
β―(π’, π£) for any π’, π£ β πΎ. Definition: Individual Trust Level (TL) is the trust
evaluated by a data owner based on personal interaction and experiences (e.g., in social networking activities). Herein, we divide trust into discrete levels according to its value, e.g., ππΏ! represents the i-th level of TL, π β (0, πΌ!" , where πΌ!" is the maximum level of TL.
To effectively secure private data over the cloud, we resort to controlling the data access based on trust levels assessed by the data owner by applying ABE. The advance is the owner can issue to a number of eligible users by performing encryption computation only once. But different users cannot collude with each other because their decryption keys are personalized. Herein, we illustrate our scheme with CP-ABE. Notably, KP-ABE can also be applied to implement our scheme. Adopting CP-ABE saves efforts of key management, while applying KP-ABE can save the computation cost of data encryption.
Definition: Reputation Value (RV) is the trust evaluated by a reputation center based on public feedback and extensive performance monitoring and reporting. π !(π‘) denotes the reputation value of entity e at time t. π !(π‘) β [0, 1 , scaling from fully disreputable to fully reputable.
Proxy Re-Encryption: A PRE scheme is represented as a tuple of (possibly probabilistic) polynomial time algorithms (KG; RG; E; R; D) [25]:
β’ (KG; E; D) are the standard key generation, encryption, and decryption algorithms for an underlying public key encryption scheme. On input of a security parameter 1!, KG outputs a public and private key pair (ππ! , π π! ) for entity A. On input ππ! and data M, E outputs a ciphertext C_A = E(ππ! ; M). On input π π! and ciphertext C_A, D outputs the plain data M = D(π π! ; C_A).
β’ On input ( ππ! ; π π! ; ππ! ), the re-encryption key generation algorithm, RG, outputs a re-encryption key rk_AβB for entity B.
β’ On input rk_AβB and ciphertext C_A, the re-encryption function R, outputs R(rk_AβB; C_A) = E(ππ! ; M) = C_B, which can be decrypted with private key π π! .
We further resort to controlling data access based on the reputation evaluated by one or more RCs by applying PRE to convert encrypted data to the form that can be decrypted by eligible and reputable requesters according to the pre-defined policy of the data owner. Introducing RCs can ensure the control availability even though the data owner is not available or has no idea how to control the access. Meanwhile, RCs cannot get the plaintext of data in PRE.
B. Scheme Summary We propose multi-dimensional data access control based on
individual trust evaluated by the data owner and/or public reputation evaluated by one or more RCs during the fulfillment of a cloud service. Taking two-dimensional control as an example, the data owner encrypts its data with a
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
6
symmetric secret key πΎ. It divides πΎ into two parts: πΎ! and πΎ!. It respectively encrypts πΎ! with RCβs public key ππ_π πΆ and πΎ! with a public attribute key ππ_ππΏ with regard to an individual trust attribute. It uploads the encrypted data and the above two encrypted partial keys to CSP. When a user requests accessing the data, the CSP checks if the user (i.e., a requestor) is in a greylist. If the check is negative, CSP forwards its request to RC and the data owner based on the ownerβs access policy. RC checks the userβs reputation and generates a re-encryption key for the user to decrypt πΎ! if it is eligible based on the policy defined by the data owner (e.g., the reputation of user π is over a pre-defined threshold π‘βπ at the checking time π‘ , π ! π‘ > π‘βπ ). Meanwhile, the owner issues a personalized secret key to the requestor to allow it to get πΎ! if its trust level satisfies the access policy. By achieving both πΎ! and πΎ!, the requestor can access the encrypted data.
In case that the requestor is not eligible to access the data (e.g., the reputation/trust level of the requestor is below a threshold), RC and/or the data owner will inform CSP to put it into a greylist. Thus CSP will block this requestorβs access in the future. If the requestor later on becomes eligible, RC and/or the data owner inform CSP to remove it from the greylist. We will discuss how to ensure CSP to process as expectation in Section IV. πΎ! and πΎ! can be flexibly set based on different application
scenarios and access strategies of the data owner. If the data owner would like to control data access only by itself, πΎ! is ππ’ππ and πΎ! = πΎ. If it would like to control data access only by RC, πΎ! = πΎ and πΎ! = ππ’ππ. If the data owner would like to control its data access by both individual trust and public reputation (i.e., by both the data owner and RC), neither πΎ! nor πΎ! is null, and aggregating πΎ! and πΎ! can get πΎ. If the data owner would like to control its data access by either individual trust or public reputation (i.e., by either the data owner or RC), πΎ! = πΎ! = πΎ β ππ’ππ. If the data owner doesnβt want to control its data access, πΎ! = πΎ! = πΎ = ππ’ππ . That means plain data are stored at the data center of CSP.
Notably, the data encryption key πΎ can be divided into multiple parts in order to really support multi-dimensional data access control. For example, the data owner can set the access control strategy such as controlling its data access based on the reputations evaluated by multiple RCs in order to highly ensure data security and privacy, especially when it is off-line. In this case πΎ is separated into multiple parts πΎ!,πΎ!, β¦, πΎ! (π β₯ 2). The data owner encrypts different parts of πΎ with different RCβs public keys ππ_π πΆ!. Later on, the data access can be controlled by all RCs (e.g., with regard to different reputation properties or contexts) by issuing re-encryption keys to decrypt different parts of πΎ. Obviously, our scheme can flexibly support controlling cloud data access by not only the data owner, but also a number of RCs.
The data owner manages the policy of data access control. It decides who has rights to control the data access. Our scheme is very flexible to handle many cases: data is controlled by the owner itself, or only one RC, or multiple RCs or all above at the same time. Their control relationship
could be βorβ, not only βandβ, in order to ensure control availability. In case some control party is not always online, another party can delegate the duty. We achieve this by issuing the same partial key to multiple parties (e.g., RCs).
C. Required Keys Table I summaries the keys related to the proposed scheme.
TABLE I. SUMMARY OF APPLIED KEYS
Keys Description Usage πΎ The data encryption key Encrypting data πΎ!, πΎ!, β¦ The different parts of πΎ Aggregating all parts of
πΎ can get a complete πΎ ππΎ The global public key Input for ABE operations ππΎ The master key Creation of user keys ππ_π’ The public key of user π’
w.r.t. ABE Unique ID of user and the key for verification of the userβs attributes; used for personalized secret attribute key generation for π’
π π_π’ The secret key of user π’ w.r.t. ABE
Generation of public key of TL for π’ and used for issuing secret attribute keys to π’β² based on TL eligibility
ππ_(ππΏ,π’) The public key of attribute TL generated by user π’
Encryption of πΎ! generated by user π’
π π_(ππΏ,π’,π’β²) The secret key of attribute TL for user π’β² issued by π’
Decryption of πΎ! generated by user π’ for π’β²
ππ!" The public key of RC w.r.t. PRE
Encryption of partial πΎ
π π!" The secret key of RC w.r.t. PRE
Generation of re-encryption key at RC
ππ! The public key of entity u w.r.t. PRE
Generation of a re-encryption key for u
π π! The private key of entity u w.r.t. PRE
Decryption of re-encrypted partial key for u
ππ_π πΆ β π’ Re-encryption key to re-encrypt a ciphertext computed under RCβs public key into one that can be decrypted using π’βs privacy key.
Re-encryption of partial symmetric key πΎ
D. Scheme The proposed scheme consists of a number of fundamental
algorithms as described below. Setup. The Setup algorithm takes as input the implicit
security parameter 1! . It chooses a bilinear multiplicative group πΎ of prime order π with generator π and a pairing β― βΆ πΎ Γ πΎ β πΎ!. Next it chooses a random point π β πΎ, and a random exponent π¦ β β€!. Then it outputs the public key ππΎ = πΎ,πΎ! , π,π,π, π π,π ! , and the master key ππΎ =π! . This process is conducted at the user device or a trustworthy user agent. Meanwhile, each RC generates its public and private keys ππ!" and π π!" for the purpose of PRE.
ABEUserKeyGeneration(PK, MK, u). This algorithm takes as input the public key ππΎ, the master key ππΎ, and a unique user identity π’ . It chooses a random secret ππ! β β€! and outputs a public user key ππ_π’ = π!"!, that will be used to issue secret attribute keys for π’ , and a secret user key
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
7
π π_π’ = ππΎ β π!"! = π! β π!"!, used for the decryption of ciphertexts. It also uniformly and randomly chooses a hash function π»!"_! βΆ 0,1 β β β€! from the finite family of hash functions. This process is also conducted at the user device or a trustworthy user agent.
PREUserKeyGeneration(u). This algorithm generates pubic key ππ! and private key π π! for PRE [26].
ππ! = π!! ,πβ²!! , π π! = π!, π! . The system parameters are random generators πβ² β πΎ ,
π = π(π,π) β πΎ! , and π!, π! β β€! . ππ! is used for generating the re-encryption key at RC for π’. This algorithm is still conducted at the user device or a trustworthy user agent.
CreateEncryptionKey(). The algorithm generates a symmetric key πΎ for data encryption and is performed by the data owner. In our implementation, Advanced Encryption Standard (AES) is applied.
DivideKey(K, n). The DivideKey algorithm divides input πΎ into π + 1 parts, where π β₯ 0.
CombineKey(πΎ!,πΎ!, β¦,πΎ! ). The CombineKey algorithm aggregates partial keys (πΎ!,πΎ!,β¦ ,πΎ!) to get a complete key πΎ.
CreateIndividualTrustPK(PK, TL, sk_u). The algorithm is executed by the user device whenever user π’ would like to control the access of its data based on individual trust evaluation. The algorithm checks the TL related policies. If this is the case, the algorithm outputs a public attribute key of the TL for user π’, denoted ππ_(ππΏ, π’), which consists two parts: ππ_(ππΏ! , π’) = < ππ_(ππΏ! , π’)β² = π!sk_u !"! , ππ_(ππΏ! , π’)β²β² =
π π,π !!sk_u(!"!) >, otherwise outputs NULL. Note that pk_ ππΏ, π’) = ππ_ ππΏ! , π’ , (π β 0, I!" , where I!" is the maximum level of TL.
IssueIndividualTrustSK(PK, TL, sk_u, pk_uβ). The algorithm is executed at the user device by checking the eligibility of π’β². The algorithm checks whether π’β² with public key ππ_π’β² is eligible of the attribute TL (i.e., it checks in which trust level π’β² is located). If π’β² is located in the trust level π!" (π!" is an integer and π!"β[0, I!"]), we said π’β² is eligible for attribute ππΏ! , (π β€ π!"). Then the algorithm outputs a secret TL key π π_(ππΏ, π’, π’β²) for user π’': π π_ ππΏ! , π’, π’β² = ππ_π’β²!!"_!(!"!) = π!"!!!!"_!(!"!), (π = π!").
Otherwise, the algorithm outputs NULL. Encrypt0(ππΎ,πΎ!,π΄π΄,ππ_(ππΏ, π’)). This algorithm takes as
input the partial key πΎ! and the public keys ππ_(ππΏ, π’) , corresponding to the individual trust occurring in the data access policy π΄π΄ of user π’. The algorithm encrypts πΎ! with the policy π΄π΄ and outputs the cipher-key πΆπΎ!.
The access policy π΄π΄ can be described as π΄π΄ = ππΏ_π!!!! ,
where m represents the number of selected TL. ππΏ! represents an individual trust level set by π’ to control the access. ππΏ_π = ππΏ! means that π’ gives the users with ππΏ! the authority to decrypt the cipher-key. For example, πΌ!" = 5, π΄ =ππΏ! ππΏ! means the users with ππΏ β₯ 4 can be granted access rights. The Encrypt0 algorithm iterates over all π = 1,β¦ ,π. It
generates a random value π ! β β€!, for each required TL level ππΏ! in the policy and constructs πΆπΎ!! as:
πΆπΎ!! = πΈ! = πΎ! β ππ_(ππΏ! , π’)!!!!
πΈ!! = π!!οΌπΈ!!! = ππ_(ππΏ! , π’)!
!! .
This process is conducted at the device of a data owner. The owner publishes the output of the algorithm along with its encrypted data to CSP.
Decrypt0 (ππΎ,π΄π΄,πΆπΎ!, π π_π’β², π π_(ππΏ, π’, π’!)) . The Decrypt0 algorithm takes as input a cipher-key produced by the Encrypt0 algorithm and a key ring π π!! , π π_(ππΏ, π’, π’!) for user π’! . It decrypts the cipher-key πΆπΎ! and outputs the corresponding plain key πΎ! if the attribute is sufficient to satisfy the policy π΄π΄ used for encryption.
πΎ! = πΈ! β! !!!,!"_(!"!,!,!!)
! !!!!,!"_!'.
Otherwise it outputs NULL. It is easy to verify that the decryption is correct [8]. Let
a!:= Hsk_!(ππΏ!). Then, E! = πΎ! β e(g, g)!!!!!, E!!! = g!!!! and
πΈ! β! !!!,!"_(!"!,!,!!)
! !!!!,!!!'= πΎ! β π π,π !!!!! β
! !!! ,!!"!!!!
! !!!!! ,!!β!!"!!=
πΎ! β π π,π !!!!! β ! !,! !!!"!!!!
! !,! !!!"!!!! β! !,! !!!!!= πΎ!.
ReencryptionKeyGeneration( ππ!" , π π!" , ππ!! ). This algorithm is defined in [26], the output ππ_π πΆ β π’β =πβ²!!!! = ππ!!
!! , where π! is part of π π!" and π! is part of π π!!. On input ππ!" , π π!" , and ππ!!, the algorithm generates the re-encryption key rk_RCβ π’β for π’β if it satisfies the access policy of the data owner based on the latest reputation evaluation at RC. The RC then forwards rk_RCβ π’β to CSP.
Encrypt1(ππ!" ,πΎ! ). As defined in [26], a data owner encrypts its partial secret key πΎ! (π β₯ 1) using the public key of RC to obtain the encrypted πΎ! by ππ!" , denoted πΈ(ππ!";πΎ!),
πΈ(ππ!" ,πΎ!) = (πβ²! ,πΎ!π!!!), where π!! is part of ππ!" and π₯ β β€!. The owner publishes πΈ(ππ!" ,πΎ!) along with its encrypted data to CSP.
RE(rk_RCβ π’β,πΈ(ππ!" ,πΎ!)). If an entity π’β² is allowed to access the data, CSP conducts π πΈ(ππ_π πΆ β π’β,πΈ(ππ!" ,πΎ!)) = πΈ(ππ!! ,πΎ!) = π!!!!! ,
πΎ!π!!! = πΆπΎ!, and gives it to π’β² . User π’! decrypts πΈ(ππ!! ,πΎ!) using its private key π π!! to obtain πΎ!. In the proposed scheme, CSP functions as the proxy in terms of PRE [26]. It indirectly distributes the partial secret key πΎ! to authorized entities without learning anything about these secrets (e.g., πΎ! and the plain data).
Decrypt1(π π!!, πΈ(ππ!! ,πΎ!)). The algorithm takes as input a cipher-key produced by the RE algorithm and π π!! and decrypts the cipher-key πΈ(ππ!! ,πΎ!),
πΎ! = !!!!!!
(!!!!!!)!!!
.
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
8
Encrypt(K, M). This algorithm takes as input K and data M to get encrypted data CT. The data owner publishes CT to CSP. In our implementation AES is applied.
Decrypt(CT, K). The algorithm takes as input a cipher-text CT produced by the Encrypt algorithm and the complete encryption key πΎ to output the plaintext π.
E. Procedure Figure 2 illustrates the procedure of data access control
based on the proposed scheme. We suppose that user 1 (π’!) saved its sensitive personal data at CSP, while user 2 (π’!) requests to access it with the authorization of π’! and one RC.
Fig. 2: A procedure of data access control
Step 0: System setups by calling Setup. Step 1: π’! generates an encryption key πΎ and separates it
into two parts πΎ! and πΎ!. It encrypts data M with the secret key πΎ to get CT. It generates the data access policy π΄π΄ with regard to individual trust level threshold, public reputation threshold for accessing M. π’! uploads the encrypted data CT, policy π΄π΄ and encrypted πΎ! (πΆπΎ!) by applying Encrypt1 and encrypted πΎ! (πΆπΎ! ) by applying Encrypt0 to CSP; π’! also sends π΄π΄ to RC.
Step 2: π’! would like to access π’!βs data by requesting CSP. The CSP checks the validity of its ID and the package of encrypted πΎ in order to decide if forwarding this request to π’! and/or RC if it is not in the greylist. Based on the content in π΄π΄, the CSP decides whether to contact π’! and/or RC.
Step 3: If RC is contacted, RC evaluates π’!βs reputation and checks if it satisfies with Mβs access policy π΄π΄. Based on the reputation level, RC generates ππ_π πΆ β π’! if access is allowed; meanwhile, if π’! is contacted, it checks the eligibility of π’! in order to generate a personalized secret key π π_(ππΏ, π’!, π’!) for π’! to decrypt πΆπΎ!.
Step 4: RC issues ππ_π πΆ β π’! to the CSP that re-encrypts the πΆπΎ! to get πΈ(ππ!! ,πΎ!) if the re-encryption was never conducted; meanwhile, π’! issues π π_(ππΏ, π’!, π’!) to π’!.
Step 5: CSP allows π’! to access requested data by providing corresponding encrypted data CT and encrypted keys (πΆπΎ! and πΆπΎ!) to π’!.
Step 6: π’! decrypts πΆπΎ! and πΆπΎ! with the issued secret keys from π’! and its private key π π!!. By combining πΎ! and πΎ!, π’! can get the complete πΎ to decrypt CT and get M.
Step 7: π’! re-evaluates the trust based on past and newly accumulated experiences regarding the data access context. If π’! has been issued the secret keys and is not eligible at present, π’! will put them into its underlying data access greylist and inform the CSP. RC can re-generate reputation of different entities based on newly collected data. If RC indicates that π’! doesnβt satisfy with access policy π΄π΄, RC will inform the CSP to block π’!βs access to π’!βs data.
Note that the greylist is data-oriented since different data access may request different trust levels. Its content is dynamically upgraded based on timely trust and reputation evaluation.
F. Revocation Due to the dynamic change of trust and reputation, the data
access right should be dynamically managed. The proposed scheme applies three ways of revocation.
First, CSP follows the notification of the data owner and/or RCs to block data access if the data requestorβs trust and/or reputation levels donβt satisfy the access policy. When, the data requesterβs trust and/or reputation levels reach the access threshold, the block will be released by the CSP. This approach is appropriate in the situation that CSP cooperates with the data owner and the RCs on access control. A way to ensure CSP to perform the above additional access control is applying a reputation mechanism, as illustrated in [29]. Each CSPβs reputation is evaluated according to the userβs feedback and published in order to encourage and ensure good behaviors of CSPs. For a disreputable CSP, the user will not use its services, thus the CSP will lose its users and profits.
Second, the data owner re-encrypts πΎ! with a new TL attributeβs public key if its policy about πΎ! is changed and sends the new πΆπΎ! to the CSP. The data owner will also inform the RCs to update the new policy about πΎ! (π β₯ 1) if there is any change. Thus, later re-encryption key generation will follow the new policy at the RCs. This approach is suitable in the situation that the access policy of the data owner is updated.
Third, the data owner refresh data encryption key πΎ and applies a new key πΎβ² to encrypt new data stored at the CSP. This approaches is suitable in the case that the old key could be disclosed to the CSP (e.g., by a malicious data requester or guessed by the CSP). One protection strategy is different symmetric keys are applied to encrypt different data. Another strategy is the data owner updates the symmetric key for data encryption periodically and uploading newly encrypted data to CSP. (We assume deletion of old data can be performed by CSP honestly.)
In another line of our work, we proved with game theory that CSP normally would not cooperate with malicious data requesters when applying a reputation and punishment mechanism because it will lose users and profits due to reputation loss. Due to paper size limitation, this study with a number of simulation results will be reported in another paper.
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
9
V. TRUST EVALUATION & REPUTATION GENERATION Trust can be assessed based on the clue showed in mobile
social networking. Herein, we apply a concrete approach for automatic trust evaluation based on mobile social networking in order to gain usability in trust evaluation. The function to calculate the trust value ππΏ(π’! , π’!) of two persons π’! and π’! based on mobile social networking is proposed in our previous work [29]. Notably, other methods can also be applied and cooperate with the proposed scheme.
User feedback, performance monitoring and reporting contribute reputation generation. In [30], we proposed a concrete algorithm to support data access control in cloud computing. Notably, the trust evaluation and reputation generation are context-aware. For data access in a concrete context (e.g., health treatment), the trust is evaluated and the reputation is generated. In this paper, we focus on heterogeneous cloud data access control scheme design and evaluation.
VI. SECURITY ANALYSIS & PERFORMANCE EVALUATION
A. Security Proofs The security goal of our scheme is to guarantee that only
the users whose trust and reputation satisfy the access control policies of the data owner can access the data saved in the cloud. The proposed scheme achieves security as analyzed below. Fine-Grainedness of Access Control
Our scheme can achieve fine-grained access control. Various access policies regarding trust and/or reputation can be defined and enforced. We remove the complexity of hierarchical attribute-based fine-grained access control [22] by replacing it with trust-reputation based one. We evaluate the trust levels according to many factors and simplify the ABE attribute structure by only considering one attribute: trust levels. This design not only reduces the complexity of access policy description, but also keeps its expressivity. The computation of trust evaluation is much less complicated than embedding the trust-factor related attributes into the attribute structure of an ABE scheme. The reputation generation is performed at RC, which can release the computation burden of data owners. Apart from the above, the proposed scheme can be flexibly applied into many scenarios by cooperating with a trust management framework. Context-awareness can be easily achieved by applying context-aware trust evaluation and reputation generation. Data confidentiality
The security of this scheme is ensured by the PRE theory, ABE theory, symmetric encryption theory and public key encryption theory. In particular, we apply trust and reputation to control data access in a heterogeneous manner to enhance both security and flexibility in cloud computing.
Data confidentiality is achieved by symmetric key encryption (e.g., AES), ABE, and PRE. Assuming that the symmetric key algorithm is secure, the security of the proposed scheme relies on the security of our architecture design based on the PRE and ABE. RCs are unable to access
the user data stored in CSP even though they hold the partial encryption key (refer to πΈ(ππ!" ,πΎ!) ) in the case that πΎ! β πΎ!, πΎ! β ππ’ππ . Meanwhile, the plaintext of the user data is also hidden from CSP since it could only gain the re-encryption keys and the CSP, alone, cannot re-delegate the decryption rights from, for example, rk_RCβA and rk_AβB to produce rk_RCβB, because of the non-transitive property of PRE. Even though the CSP colludes with user B who has been issued the decryption right, they can only recover the weak secret ga1 instead of the private key of RC, π π!" . The standard security and master key security have been proved in [26], which shows that the PRE used in our scheme is secure.
In addition to the security of the encryption algorithm, the reputation mechanism encourages the system entities to behave properly in order to retain or improve their reputation levels. User accountability can also be achieved by setting up a punishment rate according to their reputation levels when RCs issue re-encryption keys for data requesters [30]. Security Proof of ABE
We analyze the security of ABE used in our scheme by, firstly, defining a security model, which we call Game 1, and then comparing it with a modified model, Game 2, which has already been proved as secure in our previous work [21] in order to prove the security of Game 1. We sketch these two games firstly and describe the reduction procedure subsequently. It is customary to define security in a context like ours by using a model involving a game between two parties where one of the parties is an adversary who tries to get an advantage in the game. More specifically, we define the security model of our scheme as follows between an adversary π and a challenger π. Game 1
Setup. A challenger π, who plays the role of the data owner or a trustworthy user agent, runs the Setup algorithm and gives the public key ππΎ to an adversary π.
Phase 1. The adversary π asks the challenger π for an arbitrary number of user keys. Herein, the users include all kind of data consumer, such as users and CPSs who want to access the data. The challenger π calls the ABEUserKeyGeneration algorithm for each requesting user and returns the resulting public and private user keys to π. Meanwhile, for each user, π can request the secret and public attribute keys that π creates by calling key generation algorithms, i.e., IssueIndividualTrustPK and IssueIndividualTrustSK algorithms, respectively.
Challenge. The adversary π submits two messages π! and π! and an access policy π΄π΄ such that none of the users he created in Phase 1 satisfy π΄π΄. (If any user from Phase 1 satisfies π΄, the challenger aborts.) The challenger π flips a coin π, encrypts π! under π΄π΄, and gives the cipher text CT to the adversary.
Phase 2. Like in Phase 1, the adversary may create an arbitrary number of users. He can also request more secret attribute keys for the users he created in Phase 1 and Phase 2. The only restriction is if any secret attribute key would give the respective user trust level that would satisfy π΄π΄, then the
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
10
challenger aborts. As described before, π can always request any public attribute keys.
Guess. The adversary π outputs a guess π! of π΄π΄ . The advantage of adversary π is defined as: Advantage = ππ π! = π β 0.5. We claim that our scheme is secure in Game 1 if the advantage of the adversary π is negligible whenever the adversary operates in probabilistic polynomial time. Game 2
The phases Setup, Phase 1, and Phase 2 are equal to the Game 1. In the Challenge phase, the adversary π submits an access policy π΄π΄ such that none of the users that he created in Phase 1 satisfy π΄π΄ (but unlike the Game 1, π! and M!are not submitted). The challenger π flips a coin π , and creates a ciphertext for the access policy π΄π΄, but instead of computing πΈ! β π β π π,π !!!!! (We replace πΎ! with π here for convenience) according to our encryption algorithm, he computes E! as
πΈ! =π π,π !!!!! , ππ π = 1π π,π !! , ππ π = 0
,
where all elements π! are uniformly and independently chosen random numbers from β€!.
Then we make the assumption that there exists a polynomial-time adversary π1 who has a non-negligible advantage in Game 1. With the help of π1 we are then able to construct another polynomial-time adversary π2 who has a non-negligible advantage in Game 2. In our previous work [21], it has been showed that Game 2 is secure under polynomial-time adversary. Then, we can draw a conclusion that the ABE used in our scheme is provable secure. Next, we show how to construct π2 from π1.
Given now an adversary π1 that has an advantage π in Game 1, we can construct π2 as follows: in the phases Setup, Phase 1, and Phase 2, π2 forwards all messages he receives from π1 to the challenger (of the Game 2) and all messages from the challenger to π1 . In the Challenge phase, π2 receives two messages π! and π! from π1 and the challenge πΆ , which is either π π,π !!!!! or π π,π !! , from the challenger π. Now π2 has to play the role of the challenger in Game 1 and therefore he flips a coin π½ and sends πΆ! β π! β πΆ to π1. When π1 outputs a guess π½!, π2 outputs as its own guess 1 if π½! = π½, or 0 if π½! β π½. If πΆ = π π,π !!!!!, then π2 βs challenge (in the game against π1 ) is πΆ! β π! βπ π,π !!!!!, which is a random encryption of π! under the public keys ππ_ πΏπ, π’ , and consequently π1 has advantage π of guessing the correct π½! = π½ . It follows that π2 has the same advantage in its own game. If πΆ = π π,π !!, then the challenge πΆ! is nominally dependent of π½ but in fact πΆ! could result from each of the messages π! and π!, with a suitable choice of the parameter π!. This implies that π1 cannot have any advantage in guessing π½ so the advantage of π2 is also 0. Thus, the overall advantage of π2 is !
!ππ π½! = π½|π = 1 +
!!ππ π½! β π½|π = 0 β !
!= !
!!!+ π + !
!!!β !
!= !
!π.
Now the existence of any π1 having a non-negligible advantage in Game 1 implies the existence of an adversary π2 who succeeds with non-negligible advantage as well in Game 2. However, in [21], it is shown that no polynomial time adversary can have a non-negligible advantage in Game 2. So we can conclude that no π1 can have non-negligible advantage in Game 1.
According to the analysis above, we can conclude that the data confidentiality of our proposed scheme is provably secure under the protection of ABE.
B. Performance Analysis Computation Complexity
We analyze the computation complexity of the following operations: setup, CP-ABE user key generation, PRE user key generation, individual trust public key and secret key generation, re-encryption key generation and re-encryption, encryption and decryption, as well as revocation.
The setup and key generations, including the generation of the CP-ABE user key pair, the PRE user key pair and the re-encryption key, are not affected by either the specified access policy or attributes. Therefore, the computation complexity of the above operations is πͺ 1 .
When individual trust level is considered in the access authorization, the data owner needs to generate the individual Trust Level public key for encryption and issue the private key to eligible data requesters. The computation complexity of TL public key generation depends on the total number of specified TL levels, thus the complexity is πͺ 2πΌ!" , where πΌ!" refers to the maximum number of TL levels. Note that each level of TL public key generation contains two exponentiations. The TL private key issuing is only related to the authorized attribute, and the computation complexity is πͺ 1 .
The encryption contains several parts: Encrypt, Encrypt0 and Encrypt1. The first is the encryption of the data using symmetric key πΎ, and the rest is the encryption of partial key using either CP-ABE or PRE, or both depending on the data ownerβs access policy. The complexity of Encrypt depends on the size of the underlying data and it is inevitable in any cryptographic method. The complexity of Encrypt0 and Encrypt1 depends on the data ownerβs policy on key division and the required TL level in the access policy. For each CP-ABE encryption operation, the complexity is πͺ πΏ , where L is the number of conjunction in the specified access policy and πΏ β€ πΌ!". For each PRE encryption operation that contains two exponentiations, the complexity is πͺ 1 . For n pieces of partial keys for RC management, the complexity is πͺ π .
The Decryption also contains two parts. One is decrypting divided pieces of encrypted partial keys, and the other is the decryption of the data using the plain key πΎ . For each decryption operation in either CP-ABE or PRE, the complexity is πͺ 1 . Thus the total computation complexity of Decryption depends on the number of divided key pieces, i.e., πͺ π + 2 .
The computation complexity for applying the first approach of revocation is πͺ 1 since there is no need to calculate new keys and perform encryption. However, communications are
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
11
needed between the CSP and the data owner and/or the RCs. The computation complexity for applying the second approach of revocation is πͺ πΏ , where L is the number of conjunction in the ABE. In addition, communications are needed between the data owner, CSP and RCs. In the third approach, the computation complexity is πͺ πΏ + π , where n is the number of divided pieces of the symmetric key for RC management. Obviously, the computation complexity of our scheme is more efficient than existing work [10, 14, 15], especially for the first approach.
Table II summarizes the computation complexity of each system operation in our proposed scheme and compares it with two existing schemes: a KP-ABE based scheme [13] and a CP-ABE based scheme [22]. Considering the value of n and L is small in practice, e.g., n = 1 or 2, L = 5, our scheme is efficient with essential flexibility.
TABLE II. COMPUTATION COMPLEXITY
Operation Our scheme HASBE [22] Yuβs scheme [13] Setup
User Grant Encryption Decryption
User Revocation
πͺ 1 πͺ 1 + π πͺ πΏ + π πͺ π + 2
πͺ 1 or πͺ πΏ or πͺ πΏ + π
πͺ 1 πͺ 2π + π πͺ 2 Y + X
varied πͺ 1
πͺ Y πͺ Y πͺ S
πͺ max ( Y ,N) πͺ Y
πΌ!": The maximum number of individual Trust Levels n: The number of divided pieces of the symmetric key for RC management L: The number of conjunction in specified access policy, πΏ β€ πΌ!" Y: The number of leaf nodes in an access policy tree S: The attribute set M: The number of attributes in S X: The set of translating nodes of access policy tree N: The number of group multiplication operations Communication Cost
The main cost of communications includes the transmission of the cipher text and the issue of TL private key and re-encryption keys. The cipher text transmission is inevitable in a cryptographic method. The cost of the latter part is reasonable, since the TL private key only contains one type of attribute and it is not needed every time if the access right of the user is legitimate and the data owner does not revoke the user right. Issuing the re-encryption key happens between RC and CSP, which is not repeated for each data if the re-encryption key has been issued and the user is still eligible. Additionally, the communication cost can be flexibly adjusted because the data owner can choose to use either of two kinds of access control methods handled by itself or RCs.
C. Implementation and Evaluation We implemented the proposed scheme based on Pairing
Based Cryptography (PBC) Library [27], MIRACL and JHU-MIT Libraries. The experiments were conducted on a workstation with Intel Xeon CPU E31235 and 2-GB RAM, running Ubuntu 12.04 on Oracle VirtualBox. In the experiment, we set πΌ!" = 5.
Figure 3 shows the execution time of CP-ABE setup, CP-ABE key pair generation, PRE key pair setup and generation, TL public/secret key generation (πΌ!" = 5), and re-encryption key generation. The execution time of these operations except TL public key generation is not affected by
either the userβs preference of key division or the required individual TL. This fact consists with the analysis result shown in Table II. The PRE key pair generation takes longer time than others, about 58 milliseconds.
Fig.3: Execution time of CP-ABE setup, CP-ABE key pair generation, PRE key pair setup and generation, TL public key (I!" = 5) generation, TL secret key generation, and re-encryption key generation
The TL public key generation process varies with different number of maximum trust levels, shown in Figure 4. The TL public key generation time is changed linearly with the maximum number of trust levels. The execution time of TL secret key generation stays constant and it is about 3 milliseconds, which implies that the TL secret key issuing should be very efficient.
Fig.4: Execution time of CP-ABE TL public key and secret key generation with different maximum TL levels
Figure 5 shows the execution time of reputation generation with policy check and trust evaluation by applying the algorithms described in [29, 30]. We observe that the number of votes used in the generation influences the execution time of reputation generation at RC mainly. We also find that the processing time of individual trust evaluation is very low (refer to Figure 5(b)), which implies that the computation load is reasonable for data owners even though the number of evaluation requests is very big.
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
12
(a)
(b) Fig.5: (a) Execution time of reputation generation and policy check; (b) Execution time of trust evaluation
(a)
(b)
Fig.6: (a) CP-ABE encryption time of AES keys; (b): CP-ABE decryption time of AES keys
In the implementation, we used AES for symmetric encryption and tested three different sized AES keys: 128-bit, 192-bit and 256-bit. Figure 6 shows the CP-ABE encryption and decryption time of each sized AES key, regarding to different access policies (i.e., authorized individual TLs). We find that the AES key size has no much effect on the performance of CP-ABE encryption and decryption. For different individual TLs requested for data access, the encryption time varies because different numbers of authorized TLs are enabled in the access policy. The higher the required TL is, the less time the encryption process spends, shown in Figure 6(a). But the decryption time is consistent around 6.50 milliseconds, shown in Figure 6(b).
Figure 7 presents the performance of PRE operations including encryption, decryption and re-encryption. We observe that the PRE operations are also not clearly affected
by the size of (partial) AES key. This fact could benefit the data owners to choose a suitable sized symmetric key to satisfy its security requirement.
The re-encryption key generation can be skipped at RC if the re-encryption key has been already generated and the userβs reputation remains. Figure 8 compares the processing time at RC in two cases: with the re-encryption key generation in each request and without generation by fetching it from a previously stored record. The processing time includes access policy check, reputation generation and re-encryption key generation. We observed that the higher the number of requests from the requesters that have the re-encryption key issued by RC, the more time can be saved. Because a user could access cloud services many times in a same context, skipping the re-encryption key generation can greatly improve the efficiency and capacity of our scheme.
Fig.7: Execution time of PRE operations
Fig.8: Time comparison with rk_RCβu key generation for each request and without rk_RCβu key generation for old entities
D. Further Discussions Flexibility and comprehensiveness: The scheme supports
various control strategies. The data owner can set access control strategies through the way of data and key encryption. It supports hybrid access control based on either individual trust or public reputation or both. Either the data owner, the reputation centers or both can participate in the data access control, which is decided by the data owner. Free control of access can also be supported without changing the system design by setting πΎ! = πΎ! = πΎ = ππ’ππ. The proposed scheme
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
13
doesnβt request the data owner to be always online. In this case, one or multiple RCs can delegate the data owner to control data access based on reputation. Our scheme offers a comprehensive and flexible solution to support various scenarios and different data access policies or strategies.
Efficiency: Due to large-scale data management, CSPβs computational load should not be heavy from its efficiency point of view. Our scheme can release the re-encryption load of CSP. If the re-encryption has been conducted and the reputation of the data requestor remains, CSP doesnβt need to repeat this operation. In addition, there is no need for the CSP to re-encrypt the data on behalf of the data owner. We apply a greylist to control access at the CSP when a user is revoked or re-authorized.
Multi-dimensional access control: In the proposed scheme, data access is controlled by the trust individually evaluated by the data owner, and/or public reputations evaluated by one or more RCs. Note that other control attributes or reputation properties can be applied in the scheme, one example implementation approach is applying ABE to introduce new control attributes by the data owner and adopting multiple RCs to control different attributes or reputation properties in different contexts. A more efficient way is inducing the control attributes and reputation properties into the trust and reputation evaluation algorithms. In both methods, there is no need to change the structure of the proposed scheme.
Privacy: The proposed scheme supports data storage at CSP in a secure way and enhances user data privacy by hiding the plain data from the CSP and RCs. It is hard for the CSP to know the plaintext of the user data. Valid access is only allowed to the system entities that are trusted by the data owner and/or reputable based on public evidence even though the data owner may not have any direct experiences or interactions with them. If the data owner wants to control its data access directly, RC only knows a partial key at most. In this case, even though CSP and RC really collude, it is still impossible for the RC to know the complete key and get the plain data.
VII. CONCLUSION In this paper, we proposed a scheme to control cloud data
access based on trust and reputation. The scheme incorporates with a trust/reputation management framework for securing cloud computing by applying ABE, PRE and a reputation-based revocation mechanism. Our scheme can flexibly support controlling cloud data access based on trust and reputation in order to support various access strategies and scenarios. Meanwhile, it also achieves low communication and computation costs. The cloud service can be automatically secured since the related cryptographic keys can be automatically generated, issued and managed based on trust evaluation and/or reputation generation. We formally proved the security of the proposed scheme based on the security of ABE and PRE. Extensive analysis, comparison with existing work, and scheme implementation further show that our
scheme is highly efficient, very flexible and provably secure under the existing security model.
Regarding the future work, we plan to apply our scheme in real applications of cloud data protection in eHealth services and Internet of Things.
REFERENCES [1] R. Chow, et al., βControlling data in the cloud: outsourcing computation
without outsourcing controlβ, Proc. of the ACM Workshop on Cloud Computing Security, 2009, pp. 85β90.
[2] S. Kamara, K. Lauter, βCryptographic cloud storageβ, Proc. of Financial Cryptography and Data Security (FC), 2010, pp. 136β149.
[3] Q. Liu, C. Tan, J. Wu, G. Wang, βEfficient information retrieval for ranked queries in cost-effective cloud environmentsβ, Proc. of INFOCOM, 2012, pp. 2581-2585.
[4] M. Kallahalla, et al., βPlutus: Scalable secure file sharing on untrusted storageβ, Proc. of the USENIX Conference on File and Storage Technologies (FAST), 2003, pp. 29β42.
[5] E. Goh, H. Shacham, N. Modadugu, D. Boneh, βSirius: Securing remote untrusted storageβ, Proc. of NDSS, 2003, pp. 131β145.
[6] J. Bethencourt, A. Sahai, B. Waters, βCiphertext-policy attribute based encryptionβ, Proc. of IEEE S&P, 2007, pp. 321β334.
[7] V. Goyal, O. Pandey, A. Sahai, B. Waters, βAttribute-based encryption for fine-grained access control of encrypted dataβ, Proc. of the 13th ACM CCS, 2006, pp. 89β98.
[8] S. Muller, S. Katzenbeisser, C. Eckert, βDistributed attribute-based encryptionβ, Proc. of the 11th Annual Int. Conf. on Information Security and Cryptology, 2008, pp. 20β36.
[9] A. Sahai, B. Waters, βFuzzy identity-based encryptionβ, Proc. of 24th International Conference on the Theory and Application of Cryptographic Techniques, 2005, pp. 457β473.
[10] M. Pirretti, P. Traynor, P. McDaniel, B. Waters, βSecure attribute based systemsβ, Journal of Computer Security, vol. 18, no. 5, pp. 799β837, 2010.
[11] M. Blaze, G. Bleumer, M. Strauss, βDivertible protocols and atomic proxy cryptographyβ, Proc. of EUROCRYPT, 1998, pp. 127β144.
[12] M. Green, G. Ateniese, βIdentity-based proxy re-encryptionβ, Proc. of ACNS, 2007, pp. 288β306.
[13] S. Yu, C. Wang, K. Ren, W. Lou, βAchieving secure, scalable, and fine-grained data access control in cloud computingβ, Proc. of the IEEE INFOCOM, 2010, pp. 534β542.
[14] G. Wang, Q. Liu, J. Wu, M. Guo, βHierarchical attribute-based encryption and scalable user revocation for sharing data in cloud serversβ, Computers & Security, vol. 30, no. 5, pp. 320β331, 2011.
[15] S. Yu, C. Wang, K. Ren, W. Lou, βAttribute based data sharing with attribute revocationβ, Proc. of the ACM ASIACCS, 2010, pp. 261β270.
[16] Z. Yan (ed.), Trust Modeling and Management in Digital Environments: from Social Concept to System Development, IGI Global, Hershey, Pennsylvania, 2010.
[17] Z. Yan, βA Comprehensive Trust Model for Component Softwareβ, IEEE SecPerUβ08, Italy, 2008, pp. 1-6.
[18] G. Wang, Q. Liu, J. Wu, βHierarchical attribute-based encryption for fine-grained access control in cloud storage servicesβ, Proc. of the 17th ACM CCS, 2010, pp. 735β737.
[19] M. Zhou, Y. Mu, W. Susilo, J. Yan, βPiracy-preserved access control for cloud computingβ, Proc. of IEEE TrustCom11, 2011, pp. 83-90.
[20] G. Ateniese, K. Fu, M. Green, S. Hohenberger, βImproved proxy re-encryption schemes with applications to secure distributed storage,β Proc. of the 12th Annual Network and Distributed System Security Symposium, 2005, pp. 29β43.
[21] Z. Yan, M. Wang, V. Niemi, R. Kantola, βSecure pervasive social networking based on multi-dimensional trust levelsβ, IEEE CNS 2013, 2013, pp.100-108.
[22] Z. Wan, J. Liu, R.H. Deng, βHASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computingβ,
2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TCC.2015.2469662, IEEE Transactions on Cloud Computing
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
14
IEEE Trans. on Info. Forensics & Security, vol. 7, no. 2, pp. 743-754, 2012.
[23] Z. Yan, Y. Chen, Y. Shen, βA practical reputation system for pervasive social chattingβ, Computer and System Sciences, vol. 79, no. 5, pp. 556-572, 2013.
[24] Z. Yan, Trust Management in Mobile Environments β Usable and Autonomic Models, IGI Global, Hershey, Pennsylvania, 2013.
[25] G. Ateniese, K. Fu, M. Green, S. Hohenberger, βImproved proxy re-encryption schemes with applications to secure distributed storage,β in Proc. of the 12th Annual Network and Distributed System Security Symposium, 2005, pp. 29β43.
[26] G. Ateniese, K. Fu, M. Green, S. Hohenberger, βImproved proxy re-encryption schemes with applications to secure distributed storage,β ACM Trans. on Information and System Security, vol. 9, no. 1, pp.1-30, February 2006.
[27] Pairing-Based Cryptography (PBC) library. Available: http://crypto.stanford.edu/pbc/
[28] Y. Tang, P.P.C. Lee, J.C.S. Lui, R. Perlman, βSecure overlay cloud storage with access control and assured deletion,β IEEE Trans. on Dependable and Secure Computing, vol. 9, no. 6, pp. 903-916, 2012.
[29] Z. Yan, X. Li, R. Kantola, βPersonal data access based on trust assessment in mobile social networkingβ, in Proc. of IEEE TrustCom2014, 2014, pp. 989 - 994.
[30] Z. Yan, X. Li, R. Kantola, βControlling cloud data access based on reputationβ, Mobile Networks and Applications, Springer, 2015, Doi: 10.1007/s11036-015-0591-6.
[31] L. Zhou, V. Varadharajan, M. Hitchens, βAchieving secure role-based access control on encrypted data in cloud storageβ, IEEE Trans. on Information Forensics and Security, vol. 8, no. 12, pp. 1947-1960, 2013.
[32] W. Wang, J. Han, M. Song, X. Wang, βThe design of a trust and role based access control model in cloud computingβ, in Proc. of 6th International Conference on Pervasive Computing and Applications, 2011, pp. 300-334.
[33] T. Zhu, W. Liu, J. Song, βAn efficient role based access control system for cloud computingβ, Proc. of IEEE CIT2011, 2011, pp. 97-102.
[34] S. Yang, P. Lai, J. Lin, βDesign role-based multi-tenancy access control scheme for cloud servicesβ, Proc. of International Symposium on Biometrics and Security Technologies, 2013, pp. 273-279.
[35] A. Barsoum, A. Hasan, βEnabling dynamic data and indirect mutual trust for cloud computing storage systemsβ, IEEE Trans. on Parallel and Distributed Systems, vol. 24, no. 12, pp. 2375-2385, 2013.
[36] G. Lin, D. Wang, Y. Bie, M. Lei, βMTBAC: a mutual trust based access control model in cloud computingβ, China Communications, vol. 11, no. 4, pp. 154 β 162, 2014.
[37] K. Yang, X. Jia, K. Ren, B. Zhang, R. Xie, βDAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systemsβ, IEEE Trans. on Information Forensics and Security, vol. 8, no. 11, pp. 1790-1801, 2013.
[38] C. Ardagna, M. Conti, M. Leone, J. Stefa, βAn anonymous end-to-end communication protocol for mobile cloud environmentsβ, IEEE Trans. on Services Computing, vol. 7, no. 3, pp. 373-386, 2014
[39] M. Ambrosin, M. Conti, T. Dargahi, βOn the feasibility of attribute-based encryption on smartphone devicesβ, Proc. of IoT-Sysβ15, 2015, pp. 49-54.
Zheng Yan (Mβ06, SMβ14) received the BEng degree in electrical engineering and the MEng degree in computer science and
engineering from the Xiβan Jiaotong University, Xiβan, China in 1994 and 1997, respectively, the second MEng degree in information security from the National University of Singapore, Singapore in 2000, and the licentiate of science and the doctor of science in technology in electrical engineering from Helsinki University of Technology, Helsinki, Finland in 2005 and 2007. She is currently a professor at the Xidian University, Xiβan, China and a visiting professor at the Aalto University, Espoo, Finland. She authored more than 100 publications and solely authored two books. She is the inventor and co-inventor of 37 patents and patent applications. Her research interests are in trust, security and privacy, social networking, cloud computing, networking systems, and data mining. Prof. Yan serves as an organization and program committee member for numerous international conferences and workshops. She is a senior member of the IEEE.
Xueyun Li received the BSc degree in electrical engineering from Beijing Jiaotong University, Beijing, China, and the second degree in Computer Engineering from Mid Sweden University, Sweden in 2011. She received the MSc degree from the Department of Communications and Networking, Aalto University, Espoo,
Finland. Her research interests are in cloud computing security and privacy.
Mingjun Wang received the BSc degree in communication and information systems from Henan Normal University, Xinxiang, China, 2011. He is currently a PhD student major in information security at the Xidian University, Xi'an, China. His research interests are in security, privacy and trust management in social networking, 5G and
cloud computing.
Athanasios V. Vasilakos (Mβ00βSMβ11) is currently a professor with Lulea University of Technology, Sweden. He served or is serving as an Editor or/and Guest Editor for many technical journals, such as the IEEE Transactions on Network and Service Management; IEEE Transactions on Cloud
Computing, IEEE Transactions on Information Forensics and Security; IEEE Transactions on Cybernetics; IEEE Transactions on Information Technology in Biomedicine; ACM Transactions on Autonomous and Adaptive Systems; IEEE Journal on Selected Area in Communications. He is also a General Chair of the European Alliances for Innovation (www.eai.eu).