[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2087522.2087531acmconferencesArticle/Chapter ViewAbstractPublication PagesscConference Proceedingsconference-collections
research-article

OAuth and ABE based authorization in semi-trusted cloud computing: aauth

Published: 14 November 2011 Publication History

Abstract

In cloud computing, inter-operations between data-storage and web-application providers can protect users from locking their data and applications into a single cloud provider. Currently, web-based access control standards are applicable only when data owners and cloud service providers are in the same trusted domain. Unfortunately, this condition cannot be satisfied in untrusted clouds, where cloud providers may access sensitive information without authorization. Most previous studies require end-user certificates or specific APIs and depart from existing standards. In this paper, we propose a new authorization scheme (AAuth) that builds on the OAuth standard by leveraging ciphertext-policy attribute based encryption and an ElGamal-like mask over the HTTP protocol. Our scheme provides end-to-end encryption and ABE-based tokens to enable authorization by both authorities and owners and to move policy enforcement from clouds to destinations. With our user-centric approach, owners can take control of their data when it rests in semi-untrusted cloud storage. Moreover, with most cryptographic functions delegated from owners to authorities, owners can gain computation power from clouds. Security analysis shows that our scheme maintains the same security level as the original encryption scheme and protects users from exposing their credential to application providers. In our extensive simulation, AAuth's greater overhead was balanced by greater security than OAuth's. Furthermore, our scheme works seamlessly with storage providers by retaining the providers' APIs in the usual way.

References

[1]
. Bethencourt, A. Sahai and B. Waters, Ciphertext-Policy Attribute-Based Encryption, In IEEE Symposium on Security and Privacy, pp. 321--334, 2007.
[2]
. Blaze, G. Bleumer, and M. Strauss, Divertible protocol and atomic proxy cryptography, In Proceedings of EUROCRYPT'98, vol. 1402, pp. 127--144, 1998.
[3]
. D. Bowers, A. Juels and A. Opera, Proof of Retrievability: Theory and Implementation, In ACM CCSW 2009, 2009.
[4]
. D. Bowers, A. Juels and A. Opera, HAIL: A High-Availability and Integrity Layer for cloud Storage, In ACM CCS 2009, 2009.
[5]
. Hammer-Lahav, The OAuth 1.0 Protocol (RFC 5849), Internet Engineering Task Force (IETF), April 2010.
[6]
. Hammer-Lahav, D. Recordon, D. Hardt, The OAuth 2.0 Authorization Protocol (Draft-ietf-oauth-v2-15), Internet Engineering Task Force (IETF), April 2011.
[7]
. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus-scalable secure file sharing on untrusted storage, In Proceedings of Second USENIX Conference on File and Storage Technologies, March 2003.
[8]
. Neuman, S. Hartman and K. Raeburn, The Kerberos Network Authentication Service (V5) (RFC 4120), Internet Engineering Task Force (IETF), July 2005.
[9]
[email protected], The OpenID Authentication 2.0-Final http://openid.net/specs/openid-authentication-2\_0.html, December 2007.
[10]
. Waters, Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization, In Public Key Cryptography--PKC, vol 6571 of LNCS, pp. 53--70, Springer, 2011
[11]
. Wang, Z. Li, R. Ownes and B. Bhargava, Secure and Efficient Access to Outsource Data, In ACM CCSW 2009, 2009.
[12]
. Yu, C. Wang, K. Ren, and W. Lou, Acieveing Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing, In Proceceeding of IEEE INFOCOM'10, pp. 534--542, 2010.
[13]
. Yun, C. Shi and Y. Kim, On Protecting Integrity and Confidentiality of Cryptographic File System for Outsource Storage, In ACM CCSW 2009, 2009.
[14]
. Zarandioon, D. Yao, and V. Ganapathy, K2C: Crytographic Cloud Storage with Lazy Revocation and Anonymous Access, In International ICST Conference on Security and Privacy in Communication Networks (Securecomm'11), 2011.

Cited By

View all
  • (2020)DropletProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489351(2469-2486)Online publication date: 12-Aug-2020
  • (2019)A highly secured and streamlined cloud collaborative editing scheme along with an efficient user revocation in cloud computingSoftware: Practice and Experience10.1002/spe.275449:12(1728-1747)Online publication date: 18-Oct-2019
  • (2018)On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical SystemsIEEE Internet of Things Journal10.1109/JIOT.2018.28643005:6(5190-5204)Online publication date: Dec-2018
  • Show More Cited By

Index Terms

  1. OAuth and ABE based authorization in semi-trusted cloud computing: aauth

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      DataCloud-SC '11: Proceedings of the second international workshop on Data intensive computing in the clouds
      November 2011
      98 pages
      ISBN:9781450311441
      DOI:10.1145/2087522
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 14 November 2011

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. access control
      2. authorization
      3. cloud computing

      Qualifiers

      • Research-article

      Conference

      SC '11
      Sponsor:

      Upcoming Conference

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)2
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 20 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2020)DropletProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489351(2469-2486)Online publication date: 12-Aug-2020
      • (2019)A highly secured and streamlined cloud collaborative editing scheme along with an efficient user revocation in cloud computingSoftware: Practice and Experience10.1002/spe.275449:12(1728-1747)Online publication date: 18-Oct-2019
      • (2018)On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical SystemsIEEE Internet of Things Journal10.1109/JIOT.2018.28643005:6(5190-5204)Online publication date: Dec-2018
      • (2018)Giving wings to your dataFuture Generation Computer Systems10.1016/j.future.2017.01.02778:P3(1055-1070)Online publication date: 1-Jan-2018
      • (2018)An Implementation of the OAuth 2.0 for an Enterprise Service BusComputational Science and Its Applications – ICCSA 201810.1007/978-3-319-95162-1_32(469-484)Online publication date: 4-Jul-2018
      • (2017)An Efficient KP-ABE with Short Ciphertexts in Prime OrderGroups under Standard AssumptionProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053003(823-834)Online publication date: 2-Apr-2017
      • (2017)A hybrid approach to enhance data security in cloud storageProceedings of the Second International Conference on Internet of things, Data and Cloud Computing10.1145/3018896.3025138(1-6)Online publication date: 22-Mar-2017
      • (2016)SieveProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation10.5555/2930611.2930651(611-626)Online publication date: 16-Mar-2016
      • (2016)A Cryptographically Enforced Access Control with a Flexible User Revocation on Untrusted Cloud StorageData Science and Engineering10.1007/s41019-016-0014-01:3(149-160)Online publication date: 6-Sep-2016
      • (2015)A Study of OAuth 2.0 Risk Notification and Token Revocation from Resource ServerRevised Selected Papers of the 16th International Workshop on Information Security Applications - Volume 950310.1007/978-3-319-31875-2_23(281-287)Online publication date: 20-Aug-2015
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media