Privacy Protection based Access Control Scheme in

Cloud-based Services
Kai Fan, Qiong Tian, Nana Yue Wang Hui Li Yintang Yang
Huang School of Information State Key Laboratory of Key Lab. of the Minist. of
State Key Laboratory of Engineering Integrated Service Networks Educ. for Wide Band-Gap
Integrated Service Networks Xi’an University Xidian University Semiconductor Materials and
Xidian University Xi’an, China Xi’an, China Devices
Xi’an, China [email protected] [email protected] Xidian University
[email protected] Xi’an, China
[email protected] [email protected]
[email protected]

Abstract—With the rapid development of the computer [4] used multi authority ABE (MA-ABE) to solve key escrow
technology, cloud-based services have become a hot topic. Cloud- issue. But the access policy is not flexible. Li et al [5]
based services not only provide users with convenience, but also presented data sharing scheme based on systemic attribute
bring many security issues. Therefore, the study of access control encryption, which endows different users’ different access
scheme to protect users' privacy in cloud environment is of great rights. But it is not efficient from the complexity and efficiency.
significance. In this paper, we present an access control system In 2014, Chen et al. [6] proposed Key-Aggregate Encryption
with privilege separation based on privacy protection (PS-ACS). algorithm, effectively shortening the length of the ciphertext
In the PS-ACS scheme, we divide the users into personal domain and the key, but only for the situation where the data owner
(PSD) and public domain (PUD) logically. In the PSD, we set
knows the user's identity. These schemes above only focus on
read and write access permissions for users respectively. The
Key-Aggregate Encryption (KAE) is exploited to implement the
one aspect of the research, and do not have a strict uniform
read access permission which improves the access efficiency. A standards either. In this paper, we present a more systematic,
high degree of patient privacy is guaranteed simultaneously by flexible and efficient access control scheme. To this end, we
exploiting an Improved Attribute-based Signature (IABS) which make the following main contributions:
can determine the users’ write access. For the users of PUD, a 1. We propose a novel access control system called PS-
hierarchical attribute-based encryption (HABE) is applied to ACS, which is privilege separation based on privacy protection.
avoid the issues of single point of failure and complicated key
The system uses Key-Aggregate Encryption (KAE) scheme
distribution. Function and performance testing result shows that
and Hierarchy Attribute-based Encryption (HABE) scheme to
the PS-ACS scheme can achieve privacy protection in cloud-
based services.
implement read access control scheme in the PSD and PUD
respectively. The KAE scheme greatly improves access
Keywords- access control; data sharing; privacy protection; efficiency and the HABE scheme largely reduces the task of a
cloud-based services single authority and protects the privacy of user data.
2. Compared with the MAH-ABE scheme which does not
I. INTRODUCTION refer to the write access control, we exploit an Improved
With the rapid development of cloud computing, big data Attribute-based Signature (IABS) [7-9] scheme to enforce
and public cloud services have been widely used. The user can write access control in the PSD. In this way, the user can pass
store his data in the cloud service. Although cloud computing the cloud server’s signature verification without disclosing the
brings great convenience to enterprises and users, the cloud identity, and successfully modify the file.
computing security has always been a major hazard. For users, 3. We provide a thorough analysis of security and
it is necessary to take full advantage of cloud storage service, complexity of our proposed PS-ACS scheme. The functionality
and also to ensure data privacy. Therefore, we need to develop and simulation results provide data security in acceptable
an effective access control solution. Since the traditional access performance impact, and prove the feasibility of the scheme.
control strategy [1] cannot effectively solve the security
problems that exist in data sharing. Data security issues
II. SYSTEM MODEL
brought by data sharing have seriously hindered the
development of cloud computing, various solutions to achieve As shown in Fig.1, our system model consists of Data
encryption and decryption of data sharing have been proposed. owner, users in PSD, and users in PUD, root authority CA,
In 2007, Bethencourt et al. [2] first proposed the ciphertext regional authority AA and cloud service provider, which are
policy attribute-based encryption (CP-ABE). However, this defined as follows.
scheme does not consider the revocation of access permissions. 1. The cloud service provider consists of two parts: data
In 2011, Hur et al. [3] put forward a fine-grained revocation storage server and data service management. Data storage
scheme but it can easily cause key escrow issue. Lewko et al.
server is responsible for storing confidential data files, and data have a close relationship with the owner and the number is
service management is in charge of controlling external users’ small, there is no need to use the CP-ABE which is applicable
access to secret data and returning the corresponding ciphertext. to the scenario which has a lot of users, and their identities are
unknown to the owner, while the KAE scheme is set for the
2. In the actual cloud environment, CA manages multiple small users with certain identities. Besides, the distribution and
AA, and AA each manages attributes in their own field. The management of keys and attributes, encryption and decryption
attributes owned by the user are issued by different authority. process of CP-ABE are much more complex compared with
3. Personal domain (PSD), in which users have special the KAE scheme. Therefore, the KAE is exploited to
privileges, such as family, personal assistant, close friends and implement the read access permission which improves the
partners. This domain has a small number of users and small access efficiency.
scale attributes, and the data owner knows the user's identity, Based on the above analysis, the paper uses the Aggregate
which is easy to manage. Key Encryption scheme to encrypt the data files to realize
4. Public domain (PUD), which owns a huge number of different read access control. The specific application process
users with unknown identity and a lot of attributes owned by of the KAE algorithm is as follows.
the user. 1. System setup and file encryption. The system first runs
5. Data Owner, based on the characteristics of users in Setup of KAE to establish the public system parameter and
public and personal domain to develop different access control master key. Each owner classified the file by its data attribute,
strategy, encrypt uploaded files using the corresponding such as “photo files”, “blog files” and “game files”. Fig.2
encryption method and then send to the cloud server. shows the way to classify the files. Choose and label the files,
˅5HTXHVWILOH
denoted by i i  ^1, 2 ,..., n ` , note that a file class i cannot be
&ORXG6HUYLFH3URYLGHU ˅5HWXUQFLSKHUWH[W
˅0RGLI\ILOH the subset of another file class j  j  ^1, 2 ,..., n ` . Then the
˅6LJQDWXUHDQG8SORDG
WKHHQFU\SWHGILOH owner’s client application runs Encrypt of KAE using the
˅6LJQDWXUHYHULILFDWLRQ
˅8VHUVUHYRFDWLRQ public key and the number of classification file to encrypt the
'DWDILOH 'DWD
'DWDVHUYLFH
˅'HOHWHILOHV
˅$VVLJQDWWULEXWHV PHR files and sends them to the cloud.
6HUYHU ˅'LVWULEXWLRQNH\V
PDQDJHU

 2. Access and key distribution. When the user send access
request to the cloud server, and his file index number is i , then





˄˅
the cloud server returns the corresponding encrypted


 ˄˅
˄˅ ˄˅ ˄˅ ˄˅˄˅
˄˅

classification file to the user. The owner authorized users

˄˅
.H\
access permission with the file index number denoted by j and
8VHU sent the collection S of all the index number j to CA, CA
8VHU 8VHU
generate an aggregate decryption key for a set of ciphertext
76,*
˄˅ ˄˅
8VHU
classes via Extract of KAE and sent it to the corresponding
$$
user, Finally, any user with an aggregate key can decrypt any
8VHUV 
$$ ˄˅
ciphertext whose class is contained in the aggregate key via
˄˅  ˄˅ 
˄˅ ˄˅
Decrypt of KAE.
$$ $$
˄˅

˄˅ 
2ZQHU ˄˅
˄˅
˄˅
&$
3ULYDWH$UHD 3XEOLF$UHD

Figure 1. System framework

III. ACCESS CONTROL SCHEME IN PSD

A. Read Access Control

The PSD has a small number of users, and their identities
are known to the owner. In general, the data owner only wants
Figure 2. Data file classification
the users to access or modify parts of data files, and different
users can access and modify different parts of the data. For
example, the blogger can allow his friend to browse part of his B. Write Access Control
private photos; enterprises can also authorize employees to As Chen’s MAH-ABE scheme does not refer to the write
access or modify part of sensitive data. This requires the data access control, and in the PSD some cases exist, for example,
owner to grant users read or write access permission to some the owner needs his friends to modify his file after he read it.
data. In Chen’s MAH-ABE scheme, the CP-ABE is used to So we proposed the write access permission in the PSD. For
achieve the read access permission, but there are some defects the user, the public key and file class label are all known, he
to be considered. Firstly, since in the PSD, the users are all
can implement the algorithm to encrypt the files after he the attribute-based encryption scheme (CP-ABE) can achieve
modified, and then upload them to the cloud. But whether the access control, it cannot meet the needs of complex cloud
cloud server saves the modified file is decided by the write environment. In traditional CP-ABE scheme, there is only one
access control policy. On the one hand, in the complex cloud authorized agency responsible for the management of attributes
environment, if a user’s modification operations are very and distribution of keys. The authority may be a university
frequent, maybe he is very important to the user, so that the registrar's office, the company's HR department or government
user may be stricken from outside attacks. Therefore, the user educational organizations and so on. The data owner defines
worries the leak of identity after the signature. On the other access policies and encrypts the data files in accordance with
hand, in the data sharing scheme, the separate access of read this policy. Each user is distributed a key related to his attribute.
and write to the file is extremely important. In PSD, not all As long as the user's attributes meet the access policy he can
users who have read permissions also have write permissions decrypt the file. However, if there is only one authority in the
to the files. Whether the user has write permissions to the file is system and all public and private keys are issued by the
decided by the data owner. Therefore, this paper selects the authority. Two problems will appear in the practical application:
improved attribute-based signature (IABS) to determine the
user's write permission. 1. In the practical cloud environment, there are a lot of
authorities and each authority in their own field manages part
The main structure of the scheme includes five parts: an of users’ attributes. The attributes owned by the user are issued
authentication center (CA), the data owner, users, mediator and from different authorities. For example, a data owner may want
cloud servers. The CA is responsible for generating master key to share his medical data with a user who owns the doctor
which is sent to the owner and system parameters which are attribute issued by medical institutions and the medical
shared for all users. The mediator holds part components of the researcher attribute by the clinic practice management.
signature keys and is responsible for the validity check of Therefore, exploiting multi authority is more realistic in the
attributes and users. The data owner produces the signature tree practical scenarios.
and sends it directly to the cloud server. The user encrypts the
modified files and signs them using the attribute-based 2. If there is only one authority, all the distribution of the
signature, then uploads them to the cloud server. The cloud keys are handed over by one trusted authority. The frequent
server verifies the attribute-based signature, if the interaction between the user and trust authority will not only
authentication is successful, the user has permission to modify bring bottlenecks for the system load capacity, but also
files and the cloud server stores the file. Own to the limited increase the potential security risks. Therefore, multi authority
space we will omit the specific description of the IABS scheme ABE (MA-ABE) is used in this paper.
in PSD. Users in PUD do not need to interact directly with the data
owner, and the attributes of the user are called role attributes.
IV. ACCESS CONTROL SCHEME IN PUD Firstly the data owner uploads the attribute-based encrypted
data files to the cloud server. Then after authorized, the data
Before introducing our proposed secure authentication owner receives the corresponding decryption key and sends a
protocol, we first make a statement for the notations used in data file access request directly from the cloud server. Finally,
the later, all of them are listed in Table I. after the cloud server returns the ciphertext, users can use their
own decryption key to decrypt the ciphertext. The framework
Notation Description of this area is shown in Fig.3.
PUD Public Domain
PRD Private Domain &ORXG6HUYHU
CP-ABE Ciphertext-policy Attribute-Based Encryption GDWDDFFHVV
HQFLSKHUHG
GDWD
MA-ABE Multi-authority Attribute-based Encryption
HABE Hierarchical Attribute Encryption
GDWDRZQHU $XWKRUL]HG XVHU
'$
CK Encryption Key
$WWULEXWH $WWULEXWH
K Key Space GLVWULEXWLRQ GLVWULEXWLRQ
DQGNH\  '$ DQGNH\
PK Public Key

DXWKRUL]DWLRQ

DXWKRUL]DWLRQ
SK Secret Key '$N
KAE Key-Aggregate Encryption
CA Authorization Center Figure 3. Access control framework of PUD
Table I

A. Scheme Design B. Access Control Process

The PUD is characterized by a huge number of users, a lot Based on the above analysis, we use a hierarchical attribute
of attributes owned by the user, complexity management, and encryption scheme (HABE) to implement access control in
indefinite users’ identity. In view of the above characteristics, PUD.
the user can only have the read access permission. Although
 1. Files creation: The creating of files is completed by the the data owner and sent directly to the cloud server. The CA
data owner. In general, in order to protect the privacy of the does not know the signature policy. Assuming that CA cannot
data file, the data owner firstly encrypts data file, and then give itself authorization, as long as the attributes of CA cannot
stores it in the cloud. To reduce the ciphertext size and meet the access policy, it is not valid to modify the file. Thus,
complexity, the data owner combines the symmetric encryption the write access permissions still belong to the data owner. In
scheme with public key encryption scheme, namely that each the process of the users’ signature, the signature key is only
file is firstly encrypted with symmetric encryption key called related to the users’ attributes, so the user's identity is safe. On
CK, then CK is encrypted with the HABE program. Before the the whole, the IABS scheme can protect users’ identity privacy.
data file uploaded to the cloud, the process of creating a data
file is as follows: In PUD, this paper employs the HABE scheme for the large
number of users with uncertain identity in this region. For the
1) Select a unique ID for the data file. trusted CA, it can only issue the private key and the
corresponding attribute structure to the authority in the first
2) Choose a random symmetric encryption level not to the users, so that the CA does not directly control
key CK m
R
 K . K means key space, and encrypt the data file
the user's private key, thus reducing the trust in CA. In addition,
with CK. the user's private keys are managed by multiple authorized
3) Define access tree T, use the agencies, which can avoid users’ privacy leakage.
algorithm H A B E . E n c r y p t  P K e , C K , T  to encrypt CK
and return the CT. B. Simulation Analysis
In our KAE scheme in the PSD, the system parameters are
4) The data owner computes the CT by hash operations and generated by the trusted authority, which is not within our
signs h(CT) to get the signature SG , on the one hand to consideration. Furthermore, the ˄eˆ g 1 , g n˅can be calculated in
ensure the integrity of the data, on the other hand to facilitate
the cloud and user to authenticate the identity of the data the system setup. In addition, the aggregate key only needs one
owner. pairing operation, and to calculate a pairing operation is very
fast, the specific comparison can be seen in Fig.4.
2. Data access: If the user wants to access a data file, he
should get the file from the cloud server and decrypt the 0.45
encrypted data file, which corresponds to the decryption Total time of KAE
process. There are two stages: firstly use the algorithm 0.4 Total time of ABE

HABE ˜ Encrypt PK e , CK , T  to decrypt the symmetric 0.35

encryption key CK, then use the key CK to decrypt the data file.
0.3
Time consuming (s)

3. Files deletion: If the data owner wants to delete a file,

0.25
he can send the file ID and his signature SG to the cloud
server, then the cloud servers delete the files after verifying the 0.2
signature of the data owner.
0.15
4. Attribute revocation: The authority assigns attributes to
each user and attaches the set of attributes with an expiration 0.1

time T . The attributes of access control tree contain a time 0.05

attribute T c , if T ! T c and the attributes match, then this file
can be access to. So the data owner can restrict users’ access 0
15 20 25 30 35 40 45 50
permissions by changing the time attributes. The number of file attributes

5. Users’ attributes Revocation: The DA calculates the

Figure 4. Total time of KAE and ABE
minimum set of attributes A min that allows users’ access
revocation, and A new A  A min , making T  A min  returns In Fig.4, the attribute-based encryption algorithm of the
null. Set a new expiration time to each attribute set, generate MAH-ABE scheme spent much more time than the KAE
new private key components and return it to the client. algorithm used in our scheme. If the attribute revocation occurs,
the ABE algorithm will be more time-consuming. More
V. SYSTEM SIMULATION AND PERFORMANCE importantly, the growth rate of time spent with the number of
file attributes is much higher than KAE algorithm. The
ANALYSIS
simulation results show the high efficiency of our scheme.
A. Security Analysis In Fig.5, the user only needs a very short time to sign the
In PSD, the user can only decrypt the files corresponding to modified files. While, the authentication time only makes up a
the received aggregate keys and do not have access to other small part, so the process of signature and authentication
files, so that the data owner controls the users’ access consume a very small time. Therefore, from the client's
permissions. When the data file is modified, although CA is perspective, the program is efficient.
trusted, also the system parameters and revocation instructions
are generated by the CA. The signature policy is formulated by
 ACKNOWLEDGMENT
1.6
Signature time This paper is supported by the National Natural Science
1.4 Certification time Foundation of China (No. 61303216, No. 61272457, No.
Total time of IABS
U1401251, and No. 61373172), the National High Technology
1.2
Research and Development Program of China (863 Program)
(No. 2012AA013102), the China Postdoctoral Science
Time consuming (s)

1
Foundation funded project (No.2013M542328), and National
0.8 111 Program of China B16037 and B08038.

0.6
REFERENCES
0.4 [1] S. Yu, C. Wang, K. Ren, “Achieving secure, scalable, and fine-grained
data access control in cloud computing,” Proc. IEEE INFOCOM, pp. 1-9,
0.2 2010.
[2] J. Bethencourt, A. Sahai, B. Waters, “Ciphertext-policy attribute-based
0 encryption,” Proc. Security and Privacy, pp. 321-334, 2007.
10 30 50 70 90 110
The number of leaf nodes [3] J. Hur, D.K. Noh, “Attribute-based access control with efficient
revocation in data outsourcing systems,” IEEE Transactions on Parallel
and Distributed Systems, vol. 22, no. 7 pp. 1214-1221, 2011.
Figure 5. The signature and authenticationtime of IABS [4] A. Lewko, B. Waters, “Decentralizing attribute-Based encryption,” Proc.
Advances in Cryptology-EUROCRYPT, pp. 568-588, 2011.
[5] M. Li, S. Yu, Y. Zheng, “Scalable and secure sharing of personal health
VI. CONCLUSIONS
records in cloud computing using attribute-Based Encryption,” IEEE
In this paper, we propose access control system (PS-ACS), Transactions on Parallel and Distributed System, vol. 24, no. 1, pp. 131-
143, 2013.
which is privilege separation based on privacy protection.
Through the analysis of cloud environment and the [6] C.K. Chu, S.S.M. Chow, W.G. Tzeng, “Key-aggregate cryptosystem for
scalable data sharing in cloud storage,” IEEE Transactions on Parallel
characteristics of the user, we divide the users into personal and Distributed Systems, vol. 25, no. 2, pp.468-477, 2014.
domain (PSD) and public domain(PUD) logically. In the PSD, [7] J. Li, K. Kim, “Hidden attribute-based signatures without anonymity
the KAE algorithm is applied to implement users read access revocation,” Information Sciences, vol. 180, no. 9, pp. 1681-1689, 2010.
permissions and greatly improved efficiency. The IABS [8] H.K. Maji, M. Prabhakaran, M. Rosulek, “Attribute-Based Signatures,”
scheme is employed to achieve the write permissions and the Proc. Topics in Cryptology - CT-RSA, pp. 376-392, 2011.
separation of read and write permissions to protect the privacy [9] S. Kumar, S. Agrawal, S. Balaraman, “Attribute based signatures for
of the user's identity. In the PUD, we use the HABE scheme to bounded multi-level threshold circuits,” Proc. Public Key Infrastructures,
avoid the issues of single point of failure and to achieve data Services and Applications, pp. 141-154, 2011.
sharing. Furthermore, the paper analyzes the scheme from
security and efficiency, and the simulation results are given. By
comparing with the MAH-ABE scheme, the proposed scheme
shows the feasibility and superiority to protect the privacy of
data in cloud-based services.