Download - Mona Secure Multi-Owner Data Sharing
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
1/25
Mona: Secure Multi-Owner Data Sharing for Dynamic
Groups in the Cloud
ABSTACT:
With the character of low maintenance, cloud computing provides an economical
and efficient solution for sharing group resource among cloud users.
Unfortunately, sharing data in a multi-owner manner while preserving data and
identity privacy from an untrusted cloud is still a challenging issue, due to the
frequent change of the membership. In this paper, we propose a secure multi owner
data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging
group signature and dynamic broadcast encryption techniques, any cloud user can
anonymously share data with others. Meanwhile, the storage overhead and
encryption computation cost of our scheme are independent with the number of
revoed users. In addition, we analy!e the security of our scheme with rigorous
proofs, and demonstrate the efficiency of our scheme in e"periments.
!"#ST#$G S%ST!M:
#everal security schemes for data sharing on untrusted servers have been proposed.
In these approaches, data owners store the encrypted data files in untrusted storage
and distribute the corresponding decryption eys only to authori!ed users. $hus,
unauthori!ed users as well as storage servers cannot learn the content of the data
files because they have no nowledge of the decryption eys %owever, thecomple"ities of user participation and revocation in these schemes are linearly
increasing with the number of data owners and the number of revoed users,
respectively. By setting a group with a single attribute, &u et al. proposed a secure
provenance scheme based on the cipherte"t-policy attribute-based encryption
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
2/25
technique, which allows any member in a group to share data with others.
%owever, the issue of user revocation is not addressed in their scheme. 'u et al.
presented a scalable and fine-grained data access control scheme in cloud
computing based on the ey policy attribute-based encryption ()*-+B
technique. Unfortunately, the single owner manner hinders the adoption of their
scheme into the case, where any user is granted to store and share data.
D#SAD&A$TAG!S O' !"#ST#$G S%ST!M:
Identity privacy is one of the most significant obstacles for the wide
deployment of cloud computing. Without the guarantee of identity privacy,
users may be unwilling to oin in cloud computing systems because their real
identities could be easily disclosed to cloud providers and attacers. /n the
other hand, unconditional identity privacy may incur the abuse of privacy.
It is highly recommended that any member in a group should be able to fully
enoy the data storing and sharing services provided by the cloud, which is
defined as the multiple-owner manner. 0ompared with the single-ownermanner, where only the group manager can store and modify data in the
cloud, the multiple-owner manner is more fle"ible in practical applications.
1roups are normally dynamic in practice, e.g., new staff participation and
current employee revocation in a company. $he changes of membership
mae secure data sharing e"tremely difficult.
(O(OS!D S%ST!M:
In this paper, we propose a secure multiowner data sharing scheme, named Mona,
for dynamic groups in the cloud. By leveraging group signature and dynamic
broadcast encryption techniques, any cloud user can anonymously share data with
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
3/25
others. Meanwhile, the storage overhead and encryption computation cost of our
scheme are independent with the number of revoed users. In addition, we analy!e
the security of our scheme with rigorous proofs, and demonstrate the efficiency of
our scheme in e"periments.
AD&A$TAG!S O' (O(OS!D S%ST!M:
We propose a secure multi-owner data sharing scheme. It implies that any
user in the group can securely share data with others by the untrusted cloud.
/ur proposed scheme is able to support dynamic groups efficiently.
#pecifically, new granted users can directly decrypt data files uploaded
before their participation without contacting with data owners.
We provide secure and privacy-preserving access control to users, which
guarantees any member in a group to anonymously utili!e the cloud
resource.
We provide rigorous security analysis, and perform e"tensive simulations todemonstrate the efficiency of our scheme in terms of storage and
computation overhead.
S%ST!M AC)#T!CT*!:
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
4/25
+#T!AT*! S*&!%
, (lutus: Scala.le Secure 'ile Sharing on *ntrusted Storage
A*T)OS: M. )allahalla, . 2iedel, 2. #waminathan, 3. Wang, and ). 4u
*lutus is a cryptographic storage system that enables secure file sharing without
placing much trust on the file servers. In particular, it maes novel use of
cryptographic primitives to protect and share files. *lutus features highly scalable
ey management while allowing individual users to retain direct control over who
gets access to their files. We e"plain the mechanisms in *lutus to reduce the
number of cryptographic eys e"changed between users by using filegroups,
distinguish file read and write access, handle user revocation efficiently, and allow
an untrusted server to authori!e file writes. We have built a prototype of *lutus on
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
5/25
/pen+4#. Measurements of this prototype show that *lutus achieves strong
security with overhead comparable to systems that encrypt all networ traffic.
/ Sirius: Securing emote *ntrusted Storage
A*T)OS:. 1oh, %. #hacham, 5. Modadugu, and 6. Boneh
$his paper presents #i2iU#, a secure file system designed to be layered over
insecure networ and *7* file systems such as 54#, 0I4#, /cean#tore, and
'ahoo8 Briefcase. #i2iU# assumes the networ storage is untrusted and provides
its own read-write cryptographic access control for file level sharing. )ey
management and revocation is simple with minimal out-of-band communication.
4ile system freshness guarantees are supported by #i2iU# using hash tree
constructions. #i2iU# contains a novel method of performing file random access
in a cryptographic file system without the use of a bloc server. "tensions to
#i2iU# include large scale group sharing using the 55& ey revocation
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
6/25
construction. /ur implementation of #i2iU# performs well relative to the
underlying file system despite using cryptographic operations.
0 #mpro1ed (ro2y e-!ncryption Schemes with Applications to Secure
Distri.uted Storage
A*T)OS: 1. +teniese, ). 4u, M. 1reen, and #. %ohenberger
In 9::;, Bla!e, Bleumer, and #trauss (BB# proposed an application called atomic
proxy re-encryption, in which a semitrusted pro"y converts a cipherte"t for +lice
into a cipherte"t for Bob withoutseeing the underlying plainte"t. We predict that
fast and secure re-encryption will become increasingly popular as a method for
managing encrypted file systems. +lthough efficiently computable, the wide-
spread adoption of BB# re-encryption has been hindered by considerable security
riss. 4ollowing recent wor of 6odis and Ivan, we present new re-encryption
schemes that reali!e a stronger notion of security and demonstrate the usefulness of
pro"y re-encryption as a method of adding access control to a secure file system.
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
7/25
*erformance measurements of our e"perimental file system demonstrate that pro"y
re-encryption can wor effectively in practice.
3 Secure (ro1enance: The !ssential of Bread and Butter of Data 'orensics in
Cloud Computing
A*T)OS: 2. &u,
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
8/25
documents. With the provable security techniques, we formally demonstrate the
proposed scheme is secure in the standard model.
4 Cipherte2t-(olicy Attri.ute-Based !ncryption: An !2pressi1e5 !fficient5
and (ro1a.ly Secure eali6ation
A*T)OS:B. Waters
We present a new methodology for reali!ing 0ipherte"t-*olicy +ttribute
ncryption (0*-+B under concrete and noninteractive cryptographic
assumptions in the standard model. /ur solutions allow any encryptor to specify
access control in terms of any access formula over the attributes in the system. In
our most efficient system, cipherte"t si!e, encryption, and decryption time scales
linearly with the comple"ity of the access formula. $he only previous wor to
achieve these parameters was limited to a proof in the generic group model.
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
9/25
We present three constructions within our framewor. /ur first system is proven
selectively secure under a assumption that we call the decisional *arallel Bilinear
6iffie-%ellman "ponent (*B6% assumption which can be viewed as a
generali!ation of the B6% assumption. /ur ne"t two constructions provide
performance tradeoffs to achieve provable security respectively under the (weaer
decisional Bilinear-6iffie-%ellman "ponent and decisional Bilinear 6iffie-
%ellman assumptions.
A+GO#T)MS *S!D:
#ignature 1eneration
#ignature =erification
2evocation =erification
A+GO#T)MS D!SC#(T#O$:
Signature Generation:
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
10/25
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
11/25
Signature &erification:
e1ocation &erification
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
12/25
MOD*+!S:
9.0loud Module
7.1roup Manager Module
>.1roup Member Module
?.4ile #ecurity Module
@.1roup #ignature Module
A. User 2evocation Module .
MOD*+!S D!SC#(T#O$:
,7Cloud Module :
In this module, we create a local 0loud and provide priced abundant storage
services. $he users can upload their data in the cloud. We develop this module,
where the cloud storage can be made secure. %owever, the cloud is not fully
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
13/25
trusted by users since the 0#*s are very liely to be outside of the cloud users
trusted domain. #imilar to we assume that the cloud server is honest but curious.
$hat is, the cloud server will not maliciously delete or modify user data due to the
protection of data auditing schemes, but will try to learn the content of the stored
data and the identities of cloud users.
/7Group Manager Module :
1roup manager taes charge of followings,
9. #ystem parameters generation,
7. User registration,
>. User revocation, and
?. 2evealing the real identity of a dispute data owner.
$herefore, we assume that the group manager is fully trusted by the other
parties. $he 1roup manager is the admin. $he group manager has the logs of each
and every process in the cloud. $he group manager is responsible for user
registration and also user revocation too.
07Group Mem.er Module :
1roup members are a set of registered users that will
9. store their private data into the cloud server and
7. #hare them with others in the group.
5ote that, the group membership is dynamically changed, due to the staff
resignation and new employee participation in the company. $he group member
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
14/25
has the ownership of changing the files in the group. Whoever in the group can
view the files which are uploaded in their group and also modify it. $he group
meme
37'ile Security Module :
9. ncrypting the data file.
7. 4ile stored in the cloud can be deleted by either the group manager or the
data owner.
(i.e., the member who uploaded the file into the server.
47Group Signature Module :
+ group signature scheme allows any member of the group to sign messages
while eeping the identity secret from verifiers. Besides, the designated group
manager can reveal the identity of the signatures originator when a dispute occurs,
which is denoted as traceability.
87 *ser e1ocation Module :
User revocation is performed by the group manager via a public available
revocation list (2&, based on which group members can encrypt their data files
and ensure the confidentiality against the revoed users.
S%ST!M !9*#!M!$TS:
)ADA! !9*#!M!$TS:
#ystem C *entium I= 7.? 1%!.
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
15/25
%ard 6is C ?D 1B.
Monitor C 9@ inch =1+ 0olour.
Mouse C &ogitech Mouse.
2am C @97 MB
)eyboard C #tandard )eyboard
SO'TA! !9*#!M!$TS:
/perating #ystem C Windows
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
16/25
%ome pageC
G86/0$'* html *UB&I0 H-FFW>0FF6$6 .orgF$2F"html9F6$6F"html9-strict.dtdH
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
17/25
Ghtml "mlnsJHhttpCFFwww.w>.orgF9:::F"htmlH
Ghead
Gmeta nameJHeywordsH contentJHH F
Gmeta nameJHdescriptionH contentJHH F
Gmeta http-equivJHcontent-typeH contentJHte"tFhtmlK charsetJutf-;H F
Gtitle0loudGFtitle
Glin hrefJHhttpCFFfonts.googleapis.comFcssLfamilyJ+rvoH relJHstylesheetH
typeJHte"tFcssH F
Glin hrefJHhttpCFFfonts.googleapis.comFcssLfamilyJ0odaC?DD,;DDH
relJHstylesheetH typeJHte"tFcssH F
Glin hrefJHcssFstyle.cssH relJHstylesheetH typeJHte"tFcssH mediaJHscreenH F
GFhead
Gbody
Gdiv idJHmenu-wrapperH
Gdiv idJHmenuH
Gul
Gli classJHcurrentpageitemHGa hrefJHNH%omeGFaGFli
GliGa hrefJHadmin.spH+dminGFaGFli
GliGa hrefJHnewUser.spHMember 2egisterGFaGFli
GliGa hrefJHuser&ogin.spH1roup MemberGFaGFli
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
18/25
GliGa hrefJHH1roup ManagerGFaGFli
GFul
GFdiv
G8-- end Nmenu --
GFdiv
Gdiv idJHheader-wrapperH
Gdiv idJHheaderH
Gdiv idJHlogoH
Gh9Ga hrefJHNH0loud 0omputing #ecurityC GspanMona #ecure
Multi-/wner 6ata #haringGFspanGFaGFh9
GFdiv
GFdiv
GFdiv
Gdiv idJHbannerHGimg srcJHimagesFimgD?.pgH widthJH9DDDH heightJH>@DH
altJHH FGFdiv
Gdiv idJHwrapperH
G8-- end Nheader --
Gdiv idJHpageH
Gdiv idJHpage-bgtopH
Gdiv idJHpage-bgbtmH
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
19/25
Gdiv idJHcontentH
Gdiv classJHpostH
Gh7 classJHtitleHGa hrefJHNHWelcome to 0loud 0omputing#ecurityGFaGFh7
Gdiv styleJHclearC bothKHOnbspKGFdiv
Gdiv classJHentryH
Gp$he use of cloud computing has increased rapidly in
many organi!ations. 0loud computing provides many benefits in terms of low costand accessibility of data. nsuring the security of cloud computing is a maor
factor in the cloud computing environment, as users often store sensitive
information with cloud storage providers but these providers may be untrusted.
6ealing with Lsingle cloudL providers is predicted to become less popular with
customers due to riss of service availability failure and the possibility of
malicious insiders in the single cloud. + movement towards Lmulti-cloudsL, or in
other words, LintercloudsL or Lcloud-of-cloudsL has emerged recently. $his paper
surveys recent research related to single and multi-cloud security and addresses
possible solutions. It is found that the research into the use of multi-cloud
providers to maintain security has received less attention from the research
community than has the use of single clouds. $his wor aims to promote the use of
multi-clouds due to its ability to reduce security riss that affect the cloud
computing user.GFp
Gimg srcJHimagesFlogo.pngHF
GFdiv
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
20/25
GFdiv
Gdiv styleJHclearC bothKHOnbspKGFdiv
GFdiv
G8-- end Ncontent --
G8-- end Nsidebar --
Gdiv styleJHclearC bothKHOnbspKGFdiv
GFdiv
GFdiv
GFdiv
G8-- end Npage --
GFdiv
Gdiv idJHfooterH
Gp0opyright OcopyK 7D9? . +ll rights 2eserved.GFp
GFdiv
G8-- end Nfooter --
GFbody
GFhtml
#ource codeC
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
21/25
FP
P $o change this template, choose $ools Q $emplates
P and open the template in the editor.
PF
pacage com.+ctionK
import ava.io.I/"ceptionK
import ava.io.*rintWriterK
import ava".servlet.#ervlet"ceptionK
import ava".servlet.http.%ttp#ervletK
import ava".servlet.http.%ttp#ervlet2equestK
import ava".servlet.http.%ttp#ervlet2esponseK
FPP
P
P Rauthor #abari
PF
public class +dmin&ogin e"tends %ttp#ervlet S
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
22/25
FPP
P *rocesses requests for both %$$* Gcode1$GFcode and
Gcode*/#$GFcode methods.
P Rparam request servlet request
P Rparam response servlet response
P Rthrows #ervlet"ception if a servlet-specific error occurs
P Rthrows I/"ception if an IF/ error occurs
PF
protected void process2equest(%ttp#ervlet2equest request,
%ttp#ervlet2esponse response
throws #ervlet"ception, I/"ception S
response.set0ontent$ype(Hte"tFhtmlKcharsetJU$4-;HK
FF*rintWriter out J response.getWriter(K
try S
#ystem.out.println(request.get*arameter(HnameH
TH-------HTrequest.get*arameter(HpasswordHK
if ( request.get*arameter(HnameH.equals(HadminH OO
request.get*arameter(HpasswordH.equals(HadminH S
response.send2edirect(Hadmin%ome.spHK
else S
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
23/25
response.send2edirect(Hinde".spLmsgJ0hec Userid or *asswordHK
catch("ception eS
e.print#tac$race(K
FF Geditor-fold defaultstateJHcollapsedH descJH%ttp#ervlet methods. 0lic on the
T sign on the left to edit the code.H
FPP
P %andles the %$$* Gcode1$GFcode method.
P Rparam request servlet request
P Rparam response servlet response
P Rthrows #ervlet"ception if a servlet-specific error occurs
P Rthrows I/"ception if an IF/ error occurs
PF
R/verride
protected void do1et(%ttp#ervlet2equest request, %ttp#ervlet2esponse
response
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
24/25
throws #ervlet"ception, I/"ception S
process2equest(request, responseK
FPP
P %andles the %$$* Gcode*/#$GFcode method.
P Rparam request servlet request
P Rparam response servlet response
P Rthrows #ervlet"ception if a servlet-specific error occurs
P Rthrows I/"ception if an IF/ error occurs
PF
R/verride
protected void do*ost(%ttp#ervlet2equest request, %ttp#ervlet2esponse
response
throws #ervlet"ception, I/"ception S
process2equest(request, responseK
FPP
-
5/28/2018 Mona Secure Multi-Owner Data Sharing
25/25
P 2eturns a short description of the servlet.
P Rreturn a #tring containing servlet description
PF
R/verride
public #tring get#ervletInfo( S
return H#hort descriptionHK
FF GFeditor-fold
!'!!$C!: