SecRBAC: Secure data in the Clouds
2 likes719 views
The document presents a data-centric access control solution for securing cloud data, addressing concerns over user control and security amidst cloud computing. It introduces enriched role-based expressiveness and employs cryptographic techniques, including identity-based and proxy re-encryption, to protect authorization models and user data from service provider access. A proof of concept has been implemented, showcasing advanced rule management and conflict detection through semantic web technologies.
![CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249)
MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com
Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com
novel cryptographic techniques that could enable the secure modification and
deletion of data in the Cloud. This would allow to extend the privileges of the
authorization model with more actions like modify and delete. Another
interesting point is the obfuscation of the authorization model for privacy
reasons. Although the usage of pseudonyms is proposed, but more advanced
obfuscation techniques can be researched to achieve a higher level of privacy.
REFERENCES
[1] Cloud Security Alliance, “Security guidance for critical areas of focus in
cloud computing v3.0,” CSA, Tech. Rep., 2003.
[2] Y. Zhang, J. Chen, R. Du, L. Deng, Y. Xiang, and Q. Zhou, “Feacs: A flexible
and efficient access control scheme for cloud computing,” in Trust, Security
and Privacy in Computing and Communications, 2014 IEEE 13th International
Conference on, Sept 2014, pp. 310–319.
[3] B. Waters, “Ciphertext-policy attribute-based encryption: An expressive,
efficient, and provably secure realization,” in Public Key Cryptography - PKC
2011, 2011, vol. 6571, pp. 53–70.
[4] B. B and V. P, “Extensive survey on usage of attribute based encryption in
cloud,” Journal of Emerging Technologies in Web Intelligence, vol. 6, no. 3,
2014.
[5] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption
for fine-grained access control of encrypted data,” in Proceedings of the 13th](https://image.slidesharecdn.com/secrbacsecuredataintheclou-160722051654/85/SecRBAC-Secure-data-in-the-Clouds-3-320.jpg)
![CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249)
MAIL ID: sunsid1989@gmail.com, praveen@nexgenproject.com
Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com
ACM Conference on Computer and Communications Security, ser. CCS ’06,
New York, NY, USA, 2006, pp. 89–98.
[6] InterNational Committee for Information Technology Standards, “INCITS
494-2012 - information technology - role based access control - policy
enhanced,” INCITS, Standard, Jul. 2012.
[7] E. Coyne and T. R. Weil, “Abac and rbac: Scalable, flexible, and auditable
access management,” IT Professional, vol. 15, no. 3, pp. 14–16, 2013.
[8] Empower ID, “Best practices in enterprise authorization: The RBAC/ABAC
hybrid approach,” Empower ID, White paper, 2013.
[9] D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding attributes to rolebased
access control,” Computer, vol. 43, no. 6, pp. 79–81, 2010.
[10] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-
encryption schemes with applications to secure distributed storage,” ACM
Transactions on Information and System Security, vol. 9, no. 1, pp. 1–30, 2006.
[11] F. Wang, Z. Liu, and C. Wang, “Full secure identity-based encryption
scheme with short public key size over lattices in the standard model,” Intl.
Journal of Computer Mathematics, pp. 1–10, 2015.
[12] M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in
Proceedings of the 5th International Conference on Applied Cryptography and
Network Security, ser. ACNS ’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp.
288–306. [](https://image.slidesharecdn.com/secrbacsecuredataintheclou-160722051654/85/SecRBAC-Secure-data-in-the-Clouds-4-320.jpg)
SecRBAC: Secure data in the Clouds
- 1. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: [email protected], [email protected] Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com SecRBAC: Secure data in the Clouds ABSTRACT: Most current security solutions are based on perimeter security. However, Cloud computing breaks the organization perimeters. When data resides in the Cloud, they reside outside the organizational bounds. This leads users to a loos of control over their data and raises reasonable security concerns that slow down the adoption of Cloud computing. Is the Cloud service provider accessing the data? Is it legitimately applying the access control policy defined by the user? This paper presents a data-centric access control solution with enriched role-based expressiveness in which security is focused on protecting user data regardless the Cloud service provider that holds it. Novel identity-based and proxy re-encryption techniques are used to protect the authorization model. Data is encrypted and authorization rules are cryptographically protected to preserve user data against the service provider access or misbehavior. The authorization model provides high expressiveness with role hierarchy and resource hierarchy support. The solution takes advantage of the logic formalism provided by Semantic Web technologies, which enables advanced rule management like semantic conflict detection. A proof of concept implementation has been developed and a working prototypical deployment of the proposal has been integrated within Google services.
- 2. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: [email protected], [email protected] Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com CONCLUSION A data-centric authorization solution has been proposed for the secure protection of data in the Cloud. SecRBAC allows managing authorization following a rule-based approach and provides enriched role-based expressiveness including role and object hierarchies. Access control computations are delegated to the CSP, being this not only unable to access the data, but also unable to release it to unauthorized parties. Advanced cryptographic techniques have been applied to protect the authorization model. A re-encryption key complements each authorization rule as cryptographic token to protect data against CSP misbehavior. The solution is independent of any PRE scheme or implementation as far as three specific features are supported. A concrete IBPRE scheme has been used in this paper in order to provide a comprehensive and feasible solution. A proposal based on Semantic Web technologies has been exposed for the representation and evaluation of the authorization model. It makes use of the semantic features of ontologies and the computational capabilities of reasoners to specify and evaluate the model. This also enables the application of advanced techniques such as conflict detection and resolution methods. Guidelines for deployment in a Cloud Service Provider have been also given, including an hybrid approach compatible with Public Key Cryptography that enables the usage of standard PKI for key management and distribution. A prototypical implementation of the proposal has been also developed and exposed in this paper, together with some experimental results. Future lines of research include the analysis of
- 3. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: [email protected], [email protected] Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com novel cryptographic techniques that could enable the secure modification and deletion of data in the Cloud. This would allow to extend the privileges of the authorization model with more actions like modify and delete. Another interesting point is the obfuscation of the authorization model for privacy reasons. Although the usage of pseudonyms is proposed, but more advanced obfuscation techniques can be researched to achieve a higher level of privacy. REFERENCES [1] Cloud Security Alliance, “Security guidance for critical areas of focus in cloud computing v3.0,” CSA, Tech. Rep., 2003. [2] Y. Zhang, J. Chen, R. Du, L. Deng, Y. Xiang, and Q. Zhou, “Feacs: A flexible and efficient access control scheme for cloud computing,” in Trust, Security and Privacy in Computing and Communications, 2014 IEEE 13th International Conference on, Sept 2014, pp. 310–319. [3] B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization,” in Public Key Cryptography - PKC 2011, 2011, vol. 6571, pp. 53–70. [4] B. B and V. P, “Extensive survey on usage of attribute based encryption in cloud,” Journal of Emerging Technologies in Web Intelligence, vol. 6, no. 3, 2014. [5] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th
- 4. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: [email protected], [email protected] Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com ACM Conference on Computer and Communications Security, ser. CCS ’06, New York, NY, USA, 2006, pp. 89–98. [6] InterNational Committee for Information Technology Standards, “INCITS 494-2012 - information technology - role based access control - policy enhanced,” INCITS, Standard, Jul. 2012. [7] E. Coyne and T. R. Weil, “Abac and rbac: Scalable, flexible, and auditable access management,” IT Professional, vol. 15, no. 3, pp. 14–16, 2013. [8] Empower ID, “Best practices in enterprise authorization: The RBAC/ABAC hybrid approach,” Empower ID, White paper, 2013. [9] D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding attributes to rolebased access control,” Computer, vol. 43, no. 6, pp. 79–81, 2010. [10] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re- encryption schemes with applications to secure distributed storage,” ACM Transactions on Information and System Security, vol. 9, no. 1, pp. 1–30, 2006. [11] F. Wang, Z. Liu, and C. Wang, “Full secure identity-based encryption scheme with short public key size over lattices in the standard model,” Intl. Journal of Computer Mathematics, pp. 1–10, 2015. [12] M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Proceedings of the 5th International Conference on Applied Cryptography and Network Security, ser. ACNS ’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 288–306. [
- 5. CONTACT: PRAVEEN KUMAR. L (, +91 – 9791938249) MAIL ID: [email protected], [email protected] Web: www.nexgenproject.com, www.finalyear-ieeeprojects.com