Loading…
The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds
Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or A...
Saved in:
| Published in: | IEEE access 2020, Vol.8, p.210462-210477 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3 |
| container_end_page | 210477 |
| container_issue | |
| container_start_page | 210462 |
| container_title | IEEE access |
| container_volume | 8 |
| creator | Bakas, Alexandros Dang, Hai-Van Michalas, Antonis Zalitko, Alexandr |
| description | Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or Attribute-Based Encryption (ABE). SSE is an encryption technique that offers security against both internal and external attacks. However, since in an SSE scheme, a single key is used to encrypt everything, revoking a user would imply downloading the entire encrypted database and re-encrypt it with a fresh key. On the other hand, in an ABE scheme, the problem of revocation can be addressed. Unfortunately, though, the proposed solutions are based on the properties of the underlying ABE scheme and hence, the revocation costs grow along with the complexity of the policies. To this end, we use these two cryptographic techniques that squarely fit cloud-based environments to design a hybrid encryption scheme based on ABE and SSE in such a way that we utilize the best out of both of them. Moreover, we exploit the functionalities offered by Intel's SGX to design a revocation mechanism and an access control one, that are agnostic to the cryptographic primitives used in our construction. |
| doi_str_mv | 10.1109/ACCESS.2020.3038838 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9261340</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9261340</ieee_id><doaj_id>oai_doaj_org_article_28018dbf94c740c1a70c732b3d1d9a9d</doaj_id><sourcerecordid>2467298687</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3</originalsourceid><addsrcrecordid>eNpNkd1rwjAUxcvYYLL5F_gS2LMuH20-9iad2wRhD-pew22SzkptXFIZ_verVmT3JZfDOecGfkkyInhCCFbP0zyfLZcTiimeMMykZPImGVDC1ZhljN_-2--TYYxb3I3spEwMkq_VxqG89geLfh1abiC4FzQ1xsWIct-0wdfIN2h53O1cGyoDdX1Es8aE4751Fr1CC6hq0LpzHuJJOXfFx-SuhDq64eV9SNZvs1X-MV58vs_z6WJsUizbMZNCYkaEKwSAMYYLk5VUZtQ6JU0hhLVKASulyzgoXHIFYEXGsSoKKAvLHpJ532s9bPU-VDsIR-2h0mfBh28Noa1M7TSVmEhblCo1IsWGgMBGMFowS6wCdep66rv2wf8cXGz11h9C031f05QLqiSXonOx3mWCjzG48nqVYH3ioXse-sRDX3h0qVGfqpxz14SinLAUsz_TkYZq</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2467298687</pqid></control><display><type>article</type><title>The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds</title><source>IEEE Open Access Journals</source><creator>Bakas, Alexandros ; Dang, Hai-Van ; Michalas, Antonis ; Zalitko, Alexandr</creator><creatorcontrib>Bakas, Alexandros ; Dang, Hai-Van ; Michalas, Antonis ; Zalitko, Alexandr</creatorcontrib><description>Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or Attribute-Based Encryption (ABE). SSE is an encryption technique that offers security against both internal and external attacks. However, since in an SSE scheme, a single key is used to encrypt everything, revoking a user would imply downloading the entire encrypted database and re-encrypt it with a fresh key. On the other hand, in an ABE scheme, the problem of revocation can be addressed. Unfortunately, though, the proposed solutions are based on the properties of the underlying ABE scheme and hence, the revocation costs grow along with the complexity of the policies. To this end, we use these two cryptographic techniques that squarely fit cloud-based environments to design a hybrid encryption scheme based on ABE and SSE in such a way that we utilize the best out of both of them. Moreover, we exploit the functionalities offered by Intel's SGX to design a revocation mechanism and an access control one, that are agnostic to the cryptographic primitives used in our construction.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.3038838</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Access control ; attribute-based encryption ; Business ; cloud ; Cloud computing ; Complexity theory ; Cryptography ; Data encryption ; data sharing ; Data storage ; Encryption ; Permission ; scope ; secure storage ; SGX ; symmetric searchable encryption</subject><ispartof>IEEE access, 2020, Vol.8, p.210462-210477</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3</citedby><cites>FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3</cites><orcidid>0000-0002-8416-5827 ; 0000-0002-0731-1851 ; 0000-0003-2748-0369</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9261340$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,4010,27610,27900,27901,27902,54908</link.rule.ids></links><search><creatorcontrib>Bakas, Alexandros</creatorcontrib><creatorcontrib>Dang, Hai-Van</creatorcontrib><creatorcontrib>Michalas, Antonis</creatorcontrib><creatorcontrib>Zalitko, Alexandr</creatorcontrib><title>The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds</title><title>IEEE access</title><addtitle>Access</addtitle><description>Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or Attribute-Based Encryption (ABE). SSE is an encryption technique that offers security against both internal and external attacks. However, since in an SSE scheme, a single key is used to encrypt everything, revoking a user would imply downloading the entire encrypted database and re-encrypt it with a fresh key. On the other hand, in an ABE scheme, the problem of revocation can be addressed. Unfortunately, though, the proposed solutions are based on the properties of the underlying ABE scheme and hence, the revocation costs grow along with the complexity of the policies. To this end, we use these two cryptographic techniques that squarely fit cloud-based environments to design a hybrid encryption scheme based on ABE and SSE in such a way that we utilize the best out of both of them. Moreover, we exploit the functionalities offered by Intel's SGX to design a revocation mechanism and an access control one, that are agnostic to the cryptographic primitives used in our construction.</description><subject>Access control</subject><subject>attribute-based encryption</subject><subject>Business</subject><subject>cloud</subject><subject>Cloud computing</subject><subject>Complexity theory</subject><subject>Cryptography</subject><subject>Data encryption</subject><subject>data sharing</subject><subject>Data storage</subject><subject>Encryption</subject><subject>Permission</subject><subject>scope</subject><subject>secure storage</subject><subject>SGX</subject><subject>symmetric searchable encryption</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNkd1rwjAUxcvYYLL5F_gS2LMuH20-9iad2wRhD-pew22SzkptXFIZ_verVmT3JZfDOecGfkkyInhCCFbP0zyfLZcTiimeMMykZPImGVDC1ZhljN_-2--TYYxb3I3spEwMkq_VxqG89geLfh1abiC4FzQ1xsWIct-0wdfIN2h53O1cGyoDdX1Es8aE4751Fr1CC6hq0LpzHuJJOXfFx-SuhDq64eV9SNZvs1X-MV58vs_z6WJsUizbMZNCYkaEKwSAMYYLk5VUZtQ6JU0hhLVKASulyzgoXHIFYEXGsSoKKAvLHpJ532s9bPU-VDsIR-2h0mfBh28Noa1M7TSVmEhblCo1IsWGgMBGMFowS6wCdep66rv2wf8cXGz11h9C031f05QLqiSXonOx3mWCjzG48nqVYH3ioXse-sRDX3h0qVGfqpxz14SinLAUsz_TkYZq</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Bakas, Alexandros</creator><creator>Dang, Hai-Van</creator><creator>Michalas, Antonis</creator><creator>Zalitko, Alexandr</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-8416-5827</orcidid><orcidid>https://orcid.org/0000-0002-0731-1851</orcidid><orcidid>https://orcid.org/0000-0003-2748-0369</orcidid></search><sort><creationdate>2020</creationdate><title>The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds</title><author>Bakas, Alexandros ; Dang, Hai-Van ; Michalas, Antonis ; Zalitko, Alexandr</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Access control</topic><topic>attribute-based encryption</topic><topic>Business</topic><topic>cloud</topic><topic>Cloud computing</topic><topic>Complexity theory</topic><topic>Cryptography</topic><topic>Data encryption</topic><topic>data sharing</topic><topic>Data storage</topic><topic>Encryption</topic><topic>Permission</topic><topic>scope</topic><topic>secure storage</topic><topic>SGX</topic><topic>symmetric searchable encryption</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Bakas, Alexandros</creatorcontrib><creatorcontrib>Dang, Hai-Van</creatorcontrib><creatorcontrib>Michalas, Antonis</creatorcontrib><creatorcontrib>Zalitko, Alexandr</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998–Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Bakas, Alexandros</au><au>Dang, Hai-Van</au><au>Michalas, Antonis</au><au>Zalitko, Alexandr</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>210462</spage><epage>210477</epage><pages>210462-210477</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or Attribute-Based Encryption (ABE). SSE is an encryption technique that offers security against both internal and external attacks. However, since in an SSE scheme, a single key is used to encrypt everything, revoking a user would imply downloading the entire encrypted database and re-encrypt it with a fresh key. On the other hand, in an ABE scheme, the problem of revocation can be addressed. Unfortunately, though, the proposed solutions are based on the properties of the underlying ABE scheme and hence, the revocation costs grow along with the complexity of the policies. To this end, we use these two cryptographic techniques that squarely fit cloud-based environments to design a hybrid encryption scheme based on ABE and SSE in such a way that we utilize the best out of both of them. Moreover, we exploit the functionalities offered by Intel's SGX to design a revocation mechanism and an access control one, that are agnostic to the cryptographic primitives used in our construction.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.3038838</doi><tpages>16</tpages><orcidid>https://orcid.org/0000-0002-8416-5827</orcidid><orcidid>https://orcid.org/0000-0002-0731-1851</orcidid><orcidid>https://orcid.org/0000-0003-2748-0369</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2169-3536 |
| ispartof | IEEE access, 2020, Vol.8, p.210462-210477 |
| issn | 2169-3536 2169-3536 |
| language | eng |
| recordid | cdi_ieee_primary_9261340 |
| source | IEEE Open Access Journals |
| subjects | Access control attribute-based encryption Business cloud Cloud computing Complexity theory Cryptography Data encryption data sharing Data storage Encryption Permission scope secure storage SGX symmetric searchable encryption |
| title | The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T03%3A12%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=The%20Cloud%20we%20Share:%20Access%20Control%20on%20Symmetrically%20Encrypted%20Data%20in%20Untrusted%20Clouds&rft.jtitle=IEEE%20access&rft.au=Bakas,%20Alexandros&rft.date=2020&rft.volume=8&rft.spage=210462&rft.epage=210477&rft.pages=210462-210477&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.3038838&rft_dat=%3Cproquest_ieee_%3E2467298687%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c408t-38780317eb7aaccc67c5f2852de98cb77dd99a3f8e56a90f69aad75609bbafbd3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2467298687&rft_id=info:pmid/&rft_ieee_id=9261340&rfr_iscdi=true |