Implementation of Cypher Text- Policy Attribute- Set-Based Encryption (CP-ASBE) in Cloud
Keywords:
Revocation Mechanisms, Dynamic Access Control, Cryptographic Standards, Modern Tools, Java, Attribute-Based Encryption (ABE)Abstract
This research seeks to explore the feasibility of using Attribute-Based Encryption (ABE) techniques, especially Comparative Policy-Based Attribute-Based Encryption (CP-ABE) and Comparative Policy-Attribute-Based Security Environment (CP-ASBE) for accurate access control in cloud computing. The comparison of CP-ABE and CP-ASBE is made based on the following aspects: access policy flexibility, scalability, efficiency, expressiveness, security, revocation mechanisms, and real-world uses. The proposed CP-ASBE architecture is based on dynamic access control at the attribute level. It employs up-to-date tools such as OpenSSL, Perceptome, AWS, Azure, Python, Java, Jenkins, and the ELK Stack. This makes the system scalable, efficient, and cryptographically compliant, which is a solution to cloud security problems. Some assessment methods are system testing, risk assessment, and continuous assessment to ensure the system works effectively and securely. Possible future research directions are the enhancement of homomorphic encryption, blockchain, AI security, and post-quantum cryptography. These developments aim to improve cloud security’s capacity to address new threats and the needs of various regulations, which in turn contributes to the advancement of data protection and privacy in the cloud.
Downloads
References
Wang, C., Wang, Q., Ren, K., Cao, N., & Lou, W. (2011). Toward Secure and Dependable Storage Services in Cloud Computing. IEEE Transactions on Services Computing, 5(2), 220-232.
Zhou, Z., Huang, D., & Wang, Z. (2011). Efficient Privacy-Preserving Cipher Text-Policy Attribute-Based Encryption in Cloud Computing. Proceedings of the 2011 IEEE International Conference on Computer and Information Technology, 17-25.
Yu, S., Ren, K., Lou, W., & Li, J. (2010). Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. Proceedings of the IEEE INFOCOM 2010 Conference on Computer Communications, 1-9.
Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. National Institute of Standards and Technology, Special Publication 800-145.
McCarthy, J. (1961). Speech at the MIT Centennial. Massachusetts Institute of Technology.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599-616.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review, 39(1), 50-55.
Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision Support Systems, 51(1), 176-189.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
Popovic, K., & Hocenski, Z. (2010). Cloud computing security issues and challenges. Proceedings of the 33rd International Convention MIPRO, 344-349.
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7-18.
Mohapi, L., & Mnkandla, E. (2018). Quantum computing: a review of the state of the art. Proceedings of the 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD).
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Daemen, J., & Rijmen, V. (2001). The design of Rijndael: AES-the advanced encryption standard. Springer-Verlag.
FIPS PUB 46-3. (1999). Data Encryption Standard (DES). National Institute of Standards and Technology.
Schneier, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
Miller, V. S. (1985). Use of elliptic curves in cryptography. Advances in Cryptology—CRYPTO '85, 417, 417-426.
Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644-654.
Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press.
Bernstein, D. J., Buchmann, J., & Dahmen, E. (2009). Post-quantum cryptography. Springer-Verlag.
Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. 2007 IEEE Symposium on Security and Privacy (SP '07), 321-334.
Goyal, V., Pandey, O., Sahai, A., & Waters, B. (2006). Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), 89-98.
Chase, M. (2007). Multi-authority attribute-based encryption. Proceedings of the 4th Theory of Cryptography Conference (TCC '07), 515-534.
Lewko, A., & Waters, B. (2011). Decentralizing attribute-based encryption. Advances in Cryptology – EUROCRYPT 2011, 568-588.
Waters, B. (2011). Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. Public Key Cryptography – PKC 2011, 53-70.
Boldyreva, A., Goyal, V., & Kumar, V. (2008). Identity-based encryption with efficient revocation. Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08), 417-426.
Boneh, D., & Boyen, X. (2004). Efficient selective-ID secure identity-based encryption without random oracles. Advances in Cryptology – EUROCRYPT 2004, 223-238.
Sahai, A., & Waters, B. (2005). Fuzzy identity-based encryption. Advances in Cryptology – EUROCRYPT 2005, 457-473.
Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131-143.
Yang, K., Jia, X., Ren, K., Zhang, B., & Xie, R. (2013). DAC-MACS: Effective data access control for multiauthority cloud storage systems. IEEE Transactions on Information Forensics and Security, 8(11), 1790-1801.
Wan, Z., Liu, J., & Deng, R. H. (2012). HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. IEEE Transactions on Information Forensics and Security, 7(2), 743-754.
Boneh, D., Gentry, C., Halevi, S., & Vaikuntanathan, V. (2009). Fully homomorphic encryption without bootstrapping. Proceedings of the 41st Annual ACM Symposium on Theory of Computing, 169-178.
Liu, J. K., Au, M. H., Huang, X., & Susilo, W. (2018). Practical privacy-preserving access control over encrypted data in cloud computing with limited key leakage. IEEE Transactions on Information Forensics and Security, 10(8), 1590-1601.
Amazon Web Services. (2021). AWS. Retrieved from https://aws.amazon.com/
Elastic. (2021). Elastic Stack: Elasticsearch, Kibana, Beats, and Logstash. Retrieved from https://www.elastic.co/
GitLab. (2021). GitLab CI. Retrieved from https://about.gitlab.com/stages-devops-lifecycle/continuous-integration/
Jenkins. (2021). Jenkins. Retrieved from https://www.jenkins.io/
Microsoft Azure. (2021). Azure. Retrieved from https://azure.microsoft.com/
Oracle. (2021). Java. Retrieved from https://www.oracle.com/java/
Prometheus. (2021). Prometheus. Retrieved from https://prometheus.io/
Python Software Foundation. (2021). Python. Retrieved from https://www.python.org/
Raghav, H., & Harit, A. (2020). PyCryptodome: A Python cryptographic library. Journal of Open Source Software, 5(47), 1956. https://doi.org/10.21105/joss.01956
Choi, J., Park, J., & Lee, H. (2018). Effective access control scheme using attribute-based encryption in cloud computing. Journal of Supercomputing, 74(8), 3493-3508. https://doi.org/10.1007/s11227-018-2437-1
EU GDPR. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union. Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj
NIST. (2021). NIST Special Publication 800-175B: Guideline for using attribute-based access control (ABAC) in information sharing environments (ISE). National Institute of Standards and Technology. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-175B/final
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.