nach oben

Distributed and Parallel Databases

Erschienen in:

01.12.2016

Access control aware data retrieval for secret sharing based database outsourcing

verfasst von: Mohammad Ali Hadavi, Rasool Jalili, Leila Karimi

Erschienen in: Distributed and Parallel Databases | Ausgabe 4/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Enforcing dynamic and confidential access control policies is a challenging issue of data outsourcing to external servers due to the lack of trust towards the servers. In this paper, we propose a scalable yet flexible access control enforcement mechanism when the underlying relational data, on which access policies are defined, has been shared through a secret sharing scheme. For sharing values of an attribute in a relation, the attribute is assigned a secret distribution key and its values are split and distributed among data servers according to a Shamir based secret sharing scheme. Given access control policies over attributes of the relation schema, access to distribution keys, used further for reconstructing original values, is managed using the Chinese remainder theorem. Our solution, in addition to preserving the confidentiality of access control policies, is flexible to efficiently adopt grant and revoke of authorizations. Moreover, it prevents the possibility of information leakage caused by query processing through an access control aware retrieval of data shares. That is, our solution not only enforces access control policies for reconstructing shares and obtaining original values, but also for retrieving shares in query processing scenario. We implemented our mechanism and performed extensive experiments, whose results confirm its efficiency and considerable scalability in practice.

Vorheriger Artikel CloudMdsQL: querying heterogeneous cloud data stores with a common language

Nächster Artikel Sliding window top-k dominating query processing over distributed data streams

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

A function with both one-to-one and onto properties.

Agrawal, D., Abbadi, A., Emekci, F., Metwally, A.: Database management as a service: challenges and opportunities. In: IEEE 25th International Conference on Data Engineering, 2009 (ICDE’09), pp. 1709–1716 (2009)

Agrawal, D., Abbadi, A., Emekci, F., Metwally, A., Wang, S.: Secure data management service on cloud computing infrastructures. In: New Frontiers in Information and Software as Services. Lecture Notes in Business Information Processing, vol. 74, pp. 57–80. Springer, Heidelberg (2011)

Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1–30 (2006)CrossRefMATH

Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)

Bohli, J., Gruschka, N., Jensen, M., Iacono, L.L., Marnau, N.: Security and privacy-enhancing multicloud architectures. IEEE Trans. Dependable Secur. Comput. 10(4), 212–224 (2013)CrossRef

Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 74–83 (2005)

Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. Electron. Notes Theor. Comput. Sci. 168, 127–142 (2007)CrossRef

Dautrich, J.L., Ravishankar, C.V.: Security limitations of using secret sharing for data outsourcing. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’12), pp. 145–160. Springer-Verlag, Berlin (2012)

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control revolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Databases, pp. 123 –134 (2007)

10.

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Preserving confidentiality of security policies in data outsourcing. In: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, pp. 75–84. ACM, New York (2008)

11.

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. 35(2), 1–46 (2010)CrossRef

12.

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Private data indexes for selective access to outsourced data. In: Proceedings of WPES, pp. 69–80 (2011)

13.

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Support for write privileges on outsourced data. In: Information Security and Privacy Research, pp. 199–210. Springer, Berlin (2012)

14.

Emekci, F., Methwally, A., Agrawal, D., Abbadi, A.E.: Dividing secrets to secure data outsourcing. Inf. Sci. 263, 198–210 (2014)MathSciNetCrossRefMATH

15.

Ermakova, T., Fabian, B.: Secret sharing for health data in multi-provider clouds. In: 2013 IEEE 15th Conference on Business Informatics (CBI), pp. 93–100 (2013). doi:10.1109/CBI.2013.22

16.

Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 89–98. ACM, New York (2006)

17.

Hadavi, M.A., Jalili, R.: Secure data outsourcing based on threshold secret sharing; towards a more practical solution. In: Proceeding of VLDB PhD Workshop, pp. 54–59. VLDB Endowment, Singapore (2010)

18.

Hadavi, M.A., Noferesti, M., Jalili, R., Damiani, E.: Database as a service: towards a unified solution for security requirement. In: 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 415–420. IEEE Computer Society, Izmir (2012)

19.

Hadavi, M.A., Damiani, E., Jalili, R., Cimato, S., Ganjei, Z.: AS5: a secure searchable secret sharing scheme for privacy preserving database outsourcing. In: Data Privacy Management and Autonomous Spontaneous Security, pp. 201–216. Springer, Heidelberg (2013)

20.

Hadavi, M.A., Jalili, R., Damiani, E., Cimato, S.: Security and searchability in secret sharing-based data outsourcing. Int. J. Inf. Secur. 1–17 (2015). doi:10.1007/s10207-015-0277-x

21.

Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRef

22.

Jameson, G.J.O.: The prime number theorem. In: London Mathematical Society Student Texts, vol. 53. Cambridge University Press, Cambridge (2003)

23.

Jung, T., Li, X.Y., Wan, Z., Wan, M.: Privacy preserving cloud data access with multi-authorities. In: Proceedings of IEEE on INFOCOM, 2013, pp. 2625–2633 (2013). doi:10.1109/INFCOM.2013.6567070

24.

Kong, Y., Seberry, J., Getta, J.R., Yu, P.: A cryptographic solution for general access control. In: Information Security, pp. 461–473. Springer, Berlin (2005)

25.

Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRef

26.

Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: ASIACCS’09, pp. 276–286. ACM, New York (2009)

27.

Liu, S., Li, W., Wang, L.: Towards efficient over-encryption in outsourced databases using secret sharing. In: New Technologies, Mobility and Security, 2008 (NTMS’08), pp. 1–5. IEEE, New York (2008)

28.

Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-Based Signatures (2010). Cryptology ePrint Archive, Report 2010/595. http://eprint.iacr.org/

29.

Nabeel, M., Bertino, E.: Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9), 2268–2280 (2013). doi:10.1109/TKDE.2013.68

30.

Nabeel, M., Shang, N., Bertino, E.: Privacy preserving policy based content sharing in public clouds. IEEE Trans. Knowl. Data Eng. 25(11), 2602–2614 (2013)CrossRef

31.

Ruggles, S., Alexander, J.T., Genadek, K., Goeken, R., Schroeder, M.B., Sobek, M.: Integrated public use microdata series: Version 5.0 [machine-readable database]. Technical Report, University of Minnesota, Minneapolis (2010)

32.

Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 556–563 (2012). doi:10.1109/CCGrid.2012.92

33.

Sarfraz, M.I., Nabeel, M., Cao, J., Bertino, E.: DBMask: fine-grained access control on encrypted relational databases. In: Fifth ACM Conference on Data and Application Security and Privacy (CODASPY’15), pp. 1–11 (2015). doi:10.1145/2699026.2699101

34.

Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATH

35.

Tian, X., Wang, X., Zhou, A.: DSP re-encryption: a flexible mechanism for access control enforcement management in DaaS. In: 2009 IEEE International Conference on Cloud Computing, pp. 25–32 (2009)

36.

Tian, X., Sha, C., Wang, X., Zhou, A.: Privacy preserving query processing on secret share based data storage. In: Database Systems for Advanced Applications. Lecture Notes in Computer Science, vol. 6587, pp. 108–122. Springer, Berlin (2011)

37.

Tourani, P., Hadavi, M.A., Jalili, R.: Access control enforcement on outsourced data ensuring privacy of access control policies. In: 2011 International Conference on High Performance Computing and Simulation (HPCS), pp. 491–497. IEEE, Istanbul (2011)

38.

Yan, S.Y.: Number Theory for Computing, 2nd edn. Springer, Berlin (2002)CrossRef

39.

Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE on INFOCOM, pp. 1–9 (2010)

40.

Zhao, F., Nishide, T., Sakurai, K.: Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems. In: Bao, F., Weng, J. (eds.) Information Security Practice and Experience. Lecture Notes in Computer Science, vol. 6672, pp. 83–97. Springer, Berlin (2011)

41.

Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role-based access control for secure data storage in the cloud. Comput. J. 54(10), 1675–1687 (2011)CrossRef

42.

Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013). doi:10.1109/TIFS.2013.2286456 CrossRef

43.

Zhu, Y., Huang, D., Hu, C., Wang, X.: From RBAC to ABAC: constructing flexible data access control for cloud storage services. IEEE Trans. Serv. Comput. (2014). doi:10.1109/TSC.2014.2363474

44.

Zych, A., Petkovic, M., Jonker, W.: A key management method for cryptographically enforced access control. In: WOSIS, pp. 9–22 (2007)

Titel: Access control aware data retrieval for secret sharing based database outsourcing
verfasst von: Mohammad Ali Hadavi
Rasool Jalili
Leila Karimi
Publikationsdatum: 01.12.2016
Verlag: Springer US
Erschienen in: Distributed and Parallel Databases / Ausgabe 4/2016
Print ISSN: 0926-8782
Elektronische ISSN: 1573-7578
DOI: https://doi.org/10.1007/s10619-015-7186-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2016

Uncertain top-k query processing in distributed environments

Sliding window top-k dominating query processing over distributed data streams

Identifying defective nodes in wireless sensor networks

CloudMdsQL: querying heterogeneous cloud data stores with a common language