Abstract
Cloud storage provides convenient storage services with data leaking risk while the encryption and decryption keys are supported by cloud service. However, the traditional CP-ABE scheme cannot solve the problem of integrity of could service provider according to single attributes rules. In this paper, we design a prototype system for secure cloud storage which separates storage services and security service using Attribute node mapping based on CP-ABE scheme. The prototype system consists of four parts: a client, a key generation center, a security proxy and a storage system. We propose an innovative convergence encryption method and a shared access mechanism to improve the encryption against guessing attack. Hierarchical eliminate redundancy and parallel data access technologies are also proposed improving the data transmission efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, p. 9. ACM (2008)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)
Bobbarjung, D.R., Jagannathan, S., Dubnicki, C.: Improving duplicate elimination in storage systems. ACM Trans. Storage (TOS) 2(4), 424–448 (2006)
Daza, V., Herranz, J., Morillo, P., Rà fols, C.: Extensions of access structures and their cryptographic applications. Appl. Algebra Eng. Commun. Comput. 21(4), 257–284 (2010)
Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 13–23. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00843-6_2
Ford, D., Labelle, F., Popovici, F.I., Stokely, M., Truong, V.A., Barroso, L., Grimes, C., Quinlan, S.: Availability in globally distributed storage systems. In: OSDI, pp. 61–74 (2010)
Hashem, I.A.T., Yaqoob, I., Anuar, N.B., Mokhtar, S., Gani, A., Khan, S.U.: The rise of big data on cloud computing: review and open research issues. Inf. Syst. 47, 98–115 (2015)
Hwang, G.H., Lin, H.F., Sy, C.C., Chang, C.Y., et al.: The design and implementation of appointed file prefetching for distributed file systems. J. Res. Pract. Inf. Technol. 40(2), 91 (2008)
Khasnabish, B., Jin, W., Li, M.: Content de-duplication for CDNI optimization. Internet-Draft (2013)
Li, J., Tan, X., Chen, X., Wong, D., Xhafa, F.: OPoR: enabling proof of retrievability in cloud computing with resource-constrained devices. IEEE Trans. Cloud Comput. 3(2), 195–205 (2015)
Liu, C., Yang, C., Zhang, X., Chen, J.: External integrity verification for outsourced big data in cloud and IoT: a big picture. Future Gener. Comput. Syst. 49, 58–67 (2015)
Policroniades, C., Pratt, I.: Alternatives for detecting redundancy in storage systems data. In: USENIX Annual Technical Conference, General Track, pp. 73–86 (2004)
Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960)
Rodrigues, R., Liskov, B.: High availability in DHTs: erasure coding vs. replication. In: Castro, M., Renesse, R. (eds.) IPTPS 2005. LNCS, vol. 3640, pp. 226–239. Springer, Heidelberg (2005). doi:10.1007/11558989_21
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). doi:10.1007/11426639_27
Singh, R., Kumar, S., Agrahari, S.K.: Ensuring data storage security in cloud computing. Int. J. Eng. Comput. 2(12), 17–21 (2012)
Ungureanu, C., Atkin, B., Aranya, A., Gokhale, S., Rago, S., Calkowski, G., Dubnicki, C., Bohra, A.: Hydrafs: a high-throughput file system for the hydrastor content-addressable storage system. In: FAST, pp. 225–238 (2010)
Wan, Z., Liu, J., Deng, R.H.: Hasbe: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)
Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: 2010 IEEE Proceedings of INFOCOM, pp. 1–9. IEEE (2010)
Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)
Wang, Y., Li, S.: Research and performance evaluation of data replication technology in distributed storage systems. Comput. Math. Appl. 51(11), 1625–1632 (2006)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19379-8_4
Weatherspoon, H., Kubiatowicz, J.D.: Erasure coding vs. replication: a quantitative comparison. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 328–337. Springer, Heidelberg (2002). doi:10.1007/3-540-45748-8_31
Yang, K., Jia, X., Ren, K.: Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 523–528. ACM (2013)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE Proceedings INFOCOM, pp. 1–9. IEEE (2010)
Acknowledgments
This work was supported by the Foundation of Nanjing University of Posts and Telecommunications (Grant No. NY213085 and No. NY214069), the NSFC (No. 61502247, 11501302, 61502243), Natural Science Foundation of Jiangsu Province (BK20140895, BK20130417).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Li, H., Wang, Z., Yang, Y., Sun, G. (2016). A Security Proxy Scheme Based on Attribute Node Mapping for Cloud Storage. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)