An Efficient Solution for Hierarchical Access Control Problem in Cloud Environment

He, Bing-Zhe; Chen, Chien-Ming; Wu, Tsu-Yang; Sun, Hung-Min

doi:https://doi.org/10.1155/2014/569397

Mathematical Problems in Engineering

On this page

Abstract Introduction Related Work Preliminaries Analysis Conclusion Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2014 | Article ID 569397 | https://doi.org/10.1155/2014/569397

An Efficient Solution for Hierarchical Access Control Problem in Cloud Environment

Bing-Zhe He,¹Chien-Ming Chen,^2,3Tsu-Yang Wu,^2,3and Hung-Min Sun¹

Academic Editor: Mohamed A. Seddeek

Received19 Jun 2014

Accepted16 Oct 2014

Published28 Oct 2014

Abstract

The time-bound hierarchical key assignment scheme provides a cryptographic solution for the access control problem in distributed systems (e.g., Pay-TV and cloud computing applications). Most time-bound hierarchical key assignment schemes can be divided into two types: adopting tamper-resistant devices and utilizing public values. Despite the fact that adopting tamper-resistant devices can easily resist to collusion attacks, utilizing public values is much cheaper and more suitable for cloud environment. In this paper, we proposed a new time-bound hierarchical key assignment scheme, which can effectively defeat the collusion attack. Besides, the proposed scheme utilizes public values instead of tamper-resistant devices, which will restrict user’s convenience. Compared with the previous works, our scheme requires fewer public values and has better performance.

1. Introduction

The access control problem refers to control who can access the resources in a system. Members in an organization are divided into several classes and each class has different limitations on these resources. For example, in a computer system, an administrator has the right to access all files, including the sensitive files, but a normal user just can access some common files. Nowadays the access control problem is a widespread problem in our world, especially in the distributed environment.

A hierarchical key assignment scheme can provide a cryptographic solution ([1–5]) for the access control problem. In a hierarchical key assignment scheme, resources are encrypted by encrypting keys. Only the user who holds the corresponding encrypting key can access the resources. In addition, the classes will form hierarchical relations between themselves. If two classes have a relation, the user in the higher class can also access the resources in the lower class, but not vice versa. This relation is called partial-order hierarchy. In the previous example, suppose that the administrator belongs to the manager class and normal users belong to the user class. Obviously, these two classes form a hierarchical relation and the manager class has higher right than the user class. The members in the manager class can access the resources in the user class, but normal user cannot access the resources of manager class. However, in some applications such as Pay-TV systems, a user may subscribe to news and sport channels for a week or a month. When the time expires, the user cannot access the channels anymore. Hence, the key assignment scheme needs to consider not only the partial-order hierarchy but also the key update problem when a user leaves the class.

The time-bound hierarchical key assignment protocol is proposed for the above problem. In the time-bound hierarchical key assignment system, the encrypting key for a class is changed as time goes by. According to the user’s subscription, the vendor generates his key information that can be used to compute the encrypting key and assigns it to the user. The key information only works in the duration of user’s subscription. On the other hand, the user cannot derive the encrypting key except in the duration of his subscription. Since the encrypting key has the time-bound property, we do not need to consider the key update problem when a user leaves the class. As the previous example, suppose that a user subscribes to the news channels in first time slot and then changes his subscription to the sport channels in fifth time slot. The key information can be used to compute the encrypting key of news channels only between first and fifth time slots. Afterwards, this key information can only be used to compute the encrypting key of sport channels.

The time-bound key assignment protocols can be divided into two types: one is based on tamper-resistant devices ([6, 7]) and the other is based on public values. Tamper-resistant devices can protect the secret information and prevent the secrets from revealing. If the encrypting key is stored in the device, the user is hard to reveal the encrypting key to other users. Despite the fact that the tamper-resistant devices can defeat collusion attacks, applying the tamper-resistant devices requires higher costs and is not suitable for the cloud networks. For this reason, some researches ([8–11]) apply public values instead of tamper-resistant devices. Users can download the public values and derive the encrypting key by his key information and these values.

In this paper, we propose a time-bound hierarchical key assignment scheme which is based on a bilinear pairing function. Due to the time-bound property, the user can subscribe to some classes in a certain period of time. Besides, our scheme utilizes public values instead of tamper-resistant devices. Utilizing public values is more suitable for cloud computing since cloud computing emphasizes that users can access resources anywhere through the Internet. If a cloud service requires tamper-resistant devices, this will restrict users’ convenience. On the other hand, the public values can be downloaded anywhere from the cloud. A user can download and use these public values to derive the encrypting key anywhere. Moreover, the number of public values in our scheme is independent of the length of system life time or the number of classes. Compared to the previous works, the proposed scheme has few numbers of the public values and does not need the special requirement for constructing partial-order hierarchy.

The rest of the paper is organized as follows. In Sections 2 and 3, we introduce previous works and present the necessary preliminaries. The proposed scheme is described in Section 4. Then we provide the performance and security analysis of the proposed scheme in Section 5. Finally, we summarize our results.

With the rapid growth of network technology, security issues have been a matter of concern in various network environments ([12–17]) such as wireless sensor networks, social networks, and Internet of things. In this paper, we put emphasis on access control problems in cloud environment.

In 1983, Akl and Taylor [1] first studied the access control problem in a hierarchy and proposed a cryptographic solution for this problem. Then, many researchers also studied this problem and proposed their solutions ([2–5]). However, these schemes do not consider that a user may belong to some classes only in a certain period of time. To solve this problem, Tzeng [8] proposed a time-bound hierarchical key assignment scheme based on Lucas function and RSA problem in 2002. Afterwards, many researchers have concentrated on proposing the time-bound key assignment schemes that either have better performance or can resist collusion attacks. These schemes can be divided into tamper-resistant devices based and public values based schemes. As the tamper-resistant device based schemes, Chien [6] presented his time-bound protocol in 2004 and his scheme is insecure against collusion attacks [18, 19]. Then Bertino et al. [7] also proposed an efficient time-bound hierarchy key management scheme which is based on elliptic curve. However, Sun et al. [20] also show that Bertino et al.’s scheme [7] is insecure against collusion attack and provided the improved scheme. As the public value based scheme, Yeh [11] proposed their public value based protocol in 2005. In 2006, Ateniese et al. [9] not only showed that Yeh’s scheme is vulnerable to collusion attacks, but also introduced two different constructions of time-bound key assignment scheme in a hierarchy. Additionally, they also proved that these schemes are practical and provable-secure. Furthermore, de Santis et al. [10] showed how to construct a provable-secure time-bound hierarchy key assignment protocol and compared their protocol with other pervious works.

3. Preliminaries

In this section, we introduce some preliminaries about the proposed scheme, before describing our protocol.

3.1. Bilinear Mapping

Suppose that and are two cyclic groups with a prime order , where is an additive cyclic group and is a multiplicative cyclic group. A bilinear mapping is a mapping with the following properties:(1)bilinear: , for all and all ;(2)nondegenerative: , ;(3)computable: there exists an efficient algorithm to compute , .

3.2. Partial-Order Hierarchy

In a partial-order hierarchy, a class represents a collection of some resources. Besides, there exists a binary relation “” which partially orders these classes. For any two classes and , “” means that dominates and the security level of is higher than of . In other words, the users of can access the resources in but not vice versa. For example, assume that and is an independent class. If a user belongs to , this means that the user can access all of the resources in , , and , but he does not have the access right of . In other words, the user only holds the encrypting keys for , , and . Moreover, we usually use a directed acyclic graph to represent a partial-order hierarchy, where denotes the set of classes and denotes the set of partial-order relations.

3.3. Time-Bound Property

A key assignment system with the time-bound property means that the encrypting keys in a class are different as time goes by. The user can only derive the encrypting keys that are within the duration of his subscription. Assume that a user belongs to from to and . The user can just derive the encrypting key and at if and only if . Nevertheless, he cannot derive the encrypting key at when .

4. The Proposed Scheme

The detail of the proposed scheme is introduced in this section. The proposed scheme consists of three phases: initialization, user subscription, and encrypting key derivation. Each phase is described in the following. Then, we use a concrete example to explain our scheme. Finally, the notation is shown in the notation section.

4.1. Initialization

In this phase, we suppose that the vendor has already constructed a partial-order hierarchy. The system parameters are initialized as following steps.(1)The vendor chooses an elliptic curve over a finite field and then selects a generating point , where the order of is .(2)Afterwards, the vendor constructs a bilinear map .(3)Suppose that the maximum duration of each subscription for a user is and the system lifetime is , where . The system selects two random values and from and generates , where and .(4)For every class , the vendor randomly generates and , where . Then, the vendor computes the public values if and only if .(5)Finally, the public system parameters are and the vendor keeps in secret. Besides, the encrypting key is computed by .

When completing these steps, the vendor publishes and on an authenticated board. These public values can be downloaded through the Internet and used to compute the encrypting key.

4.2. User Subscription

In this phase, the system generates the key information for a user according to his subscription request. Then this key information is issued to the user through a secure channel. If a user subscribes class from to , the key information can be computed by .

Afterwards, the user uses and to compute the encrypting key at time slot if . Moreover, if and are dominated by (), the user can use , , and (or ) to compute the encrypting key of class (or ) from to . Otherwise, the system has to issue and to the user.

4.3. Encrypting Key Derivation

In this phase, we show how a user derives an encrypting key. This phase can be divided into two cases: the class which is not dominated by any other classes and the class which is dominated by some other classes.

Case 1. Suppose that a user subscribes to class which is not dominated by other classes. The user can use and to compute , where and . The encrypting key for the class at can be computed as follows:

Case 2. Suppose that the user subscribes to and is dominated by (). In order to derive the encrypting key for , the user first computes . Then, the encrypting key for can be computed as follows:

Now, we show the correctness of equations in both cases. The temporal encrypting key for class in time slot is , where .

The following is the correctness of Case 1:

The correctness of Case 2 is shown as follows:

4.4. Example

Here, we use an example to describe the proposed scheme. Suppose that system lifetime is 70 and the maximum duration of each subscription is 5. Therefore, we set to be 70 and to be 5 here. As shown in Figure 1, the partial-order hierarchy has five classes to . Besides, dominates , , and . The vendor generates random values for each class and computes if dominates . In this example, the public values are , , , , and . Then, the vendor publishes and keeps in secret, where is over , , and is a generating point with order . Moreover, the public value is shown as follows: where , and .

If a user subscribes to and from to , then he will hold the public parameters , , and . Now suppose the user desires to access the resources in at time slot and . The encrypting key can be computed as follows:

In a similar way, the temporal key of at can be computed by .

Now assume that the user desires to compute and . The encrypting key can be computed by the following:

5. Analysis

In this section, we not only analyze the security and performance of the proposed scheme but also discuss the applications for the time-bound key assignment scheme in a hierarchy. Compared with previous works, users do not need large storage capacity and perform many times of decryption, and our scheme has fewer broadcasting messages over the network.

5.1. Security against Possible Attacks

In the following, the security analysis will be divided into two parts: the security of key information and the security of encrypting key. For convenience, we first define two mathematical assumptions as follows.(i)Discrete logarithm assumption: given for , no probabilistic polynomial-time algorithm can compute the value .(ii)Computational Diffie-Hellman (CDH) assumption: given for , no probabilistic polynomial-time algorithm can compute .

5.1.1. Security of Key Information

Now, we consider the two types of attackers: outside and inside attackers.

Lemma 1. Under the computational Diffie-Hellman (CDH) assumption, any outside attacker cannot compute the key information of some classes in the proposed scheme even if has obtained all public information and .

Proof. Without loss of generality, we assume that wants to compute the key information of class from to . Since and are secret values held by vendor, cannot obtain the individual values and from . Meanwhile, attacker cannot obtain the values and under the CDH assumption. Hence, any outside attacker is infeasible to compute key information of some classes in the proposed scheme.

Lemma 2. In the proposed scheme, any inside attackers (malicious subscribers) cannot compute unauthorized key information of some class.

Proof. Without loss of generality, we consider the following two cases to prove this lemma.
Case I. We assume that a subscriber in class from to tries to compute unauthorized key information of class for some index and . If wants to compute , he must find a value such that . Since and are secret values held by vendor, cannot compute the value . Thus, it is infeasible to compute unauthorized key information from for the case .
Case II. We assume that a subscriber in class from to tries to compute unauthorized key information of class , where . By similar way to Case I, must find a value such that . Although owns the value , he still cannot compute by the same reason in Case I. Thus, it is infeasible to compute from for the case .

Lemma 3. In the proposed scheme, any inside attackers (malicious subscribers) cannot collude to compute unauthorized key information in some class.

Proof. Without loss of generality, we consider the following two cases to prove this lemma.
Case I. We assume that two subscribers and collude to compute the unauthorized key information in class from to , where subscribes to from to and subscribes to from to with , , and . As mentioned in Lemma 2, two malicious subscribers must find a value such that or a value such that . Even if they have and , they still cannot compute and . Since and are secret values held by vendor, they cannot obtain the individual values and . Thus, it is infeasible to compute from to with , , and .
Case II. We assume that three subscribers , , and collude to compute the unauthorized key information in class from to , where subscribes to from to , subscribes to from to , and subscribes to from to with and . If they want to compute , they must find the two values and such that . However, it is infeasible to find and from , , and under the discrete logarithm and the computational Diffie-Hellman assumptions.

By Lemmas 1–3, we can obtain Theorem 4.

Theorem 4. Under the discrete logarithm and the computational Diffie-Hellman assumptions, any attackers (including inside and outside) cannot compute the unauthorized key information of some class in the proposed scheme.

5.1.2. Security of Temporal Encryption Key

The security of temporal encryption key is relying on the security of key information. Hence, we have the following result.

Theorem 5. Under the discrete logarithm and the computational Diffie-Hellman assumptions, any attacker (including inside and outside) cannot compute the unauthorized temporal encryption key to access some class in the proposed scheme.

5.2. Performance Evaluation

The performance of our scheme is evaluated in terms of storage requirements and computation costs. The storage requirements consist of three parts: private parameters, public values, and key information. These public values, including , , and , are published on an authentic board. Since does not affect the storage complexity, we only discuss and . All users can download and store these public values. Then, a user can use his key information and these public values to compute the encrypting key for accessing the resources. The private parameters are security parameters in the proposed scheme and are kept secret in the server. The vendor uses these private parameters to generate all key information and encrypting keys. The private parameters include , , and . Finally, the key information is generated according to a user’s subscription.

Table 1 shows the comparison of storage requirements between our scheme and other previous works. In the table, means the system lifetime and the maximum duration of each subscription for a user is . We also denote the number of edges and classes in by and .

In the proposed scheme, the vendor randomly selects secret values for each class in the partial-order hierarchy, where can be used to generate and . Therefore, the space complexity of the private parameters in the server side is . Now, we consider the space complexity of the public values in the client side. The public values in our scheme are and . Since the maximum duration of each subscription for a user is , the number of is equal to and the number of is . Consequently, the space complexity of public values is . In fact, the storage requirements in our protocol are irrelevant to . Otherwise, if the storage requirements are related to , the space complexity will rise dramatically when is very large. Compared to other schemes (as shown in Table 1), our scheme has better performance on the space complexity and the space complexity is irrelevant to . Although the number of public values in Bertino et al.’s scheme [7] is fewer than in our scheme, Bertino et al.’s protocol requires tamper-resistant devices, which require extra costs in the deployment phase and are not suitable for cloud computing.

The number of key information in our scheme depends on partial-order hierarchy and the number of classes which a user subscribes to. After a user registers to the system, the server will issue some key information to the user. Unlike some works ([9, 21]) which require that a user only belongs to one class, our scheme allows that a user can subscribe to many classes. The worst case is that every class is irrelevant to the other classes. In this case, the space complexity of the key information for a user is . However, generally, the number of key information for a user is equal to a constant number.

We use a concrete example to show the space requirements for the proposed scheme. First, we suppose that each time slot is one day. Then, we set the system lifetime to be 10 years () and the maximum duration of each subscription for a user is one month (). Finally, we assume that there are 250 channels in the system. To put it simply, we set and to be both equal to 300 in the partial-order hierarchy. According to the previous analysis, the space requirements for the public values are related to the number of and . Since the number of is equal to 495 and the number of is 300, we can compute that the space requirements for the public values are KB. The space requirement for the private parameters depends on the number of . Hence the space complexity for the private parameters is equal to KB. Finally, the size of each key information is 160 bits.

Now, we consider the computation cost of encrypting key derivation. In our scheme, a user only computes two pairing operations at most when he derives the encrypting key. In [22], the results show that the computation cost of pairing operation for a smartphone (HTC Desire HD A9191, Android 2.2) is affordable. Therefore, it is feasible that our scheme can be executed on low-power devices such as phone and set-top box.

5.3. Application

Cloud computing means that applications migrate from local PCs to Internet and sometimes is referred to as Software as a Service (SaaS) [23, 24]. Users can obtain the computing and storage capacities through Internet. Users pay for the network traffic or CPU utilization time instead of paying for software. When a cloud is only made available to some specific members in an organization, this cloud is called private cloud and only authorized users can access the cloud. For example, enterprises usually construct private data storage service for the employees.

Since security threats can influence the development of cloud computing, many security issues are discussed [25], especially the access control problem. In this section, we introduce two examples, data storage service and video-on-demand (VoD) service, and explain the access control problem in both examples. First application, cloud storage service, allows users to store their files on the remote servers and share their files with other users. Obviously, enterprises can gain great benefits from cloud storage services. However, enterprises always construct their own private cloud services instead of public cloud services because of the privacy and security consideration. In an enterprise or a government, data are always classified into several classes, for example, to , and members are also categorized into these classes. Assume that , where means that a user which belongs to can access the data in and . In this case, a user which belongs to cannot access the data in the , , and . Therefore, we can apply a key assignment scheme to solve the access control problem. A key assignment scheme can distribute encrypting keys to each member according to their access rights in the organization. Unfortunately, a user may only subscribe to some classes for a certain period of time. Traditional key assignment protocol cannot satisfy the time-bound requirement, but the proposed scheme can solve this problem easily. Besides, utilizing public values is more suitable for cloud computing than adopting tamper-resistant devices. Cloud computing claims that users can access the resources anywhere without any limitations, but adopting tamper-resistant devices in cloud services will restrict users’ convenience. We use an example to explain how to apply the proposed scheme to enhance the cloud service. For example, an employee may become an agent of his manager when his manager takes a vacation. Suppose that the manager belongs to and the employee belongs to . In addition, we also assume that the manger is on vacation from to . Hence, the manager only needs to escalate the privilege of his agent into when he is on a vacation ( to ) and our time-bound protocol can easily achieve this requirement. The manager just gives the agent the key information, . This means that the agent can only access the data which belong to from to . On the other hand, the agent cannot derivate the encrypting key of except for the specific periods of time ( to ).

The second application is the video-on-demand (VoD) system. Recently, many researchers discuss how to utilize cloud services to support large-scale Internet-based applications such as video-on-demand (VoD) [26, 27]. In VoD systems, users can watch video content on demand. Video content can be either streamed or downloaded through a set-top box, a computer, or a mobile device. Users can subscribe to the content that they like and access the content in the duration of subscription. Video content is always encrypted in VoD systems and users must use his encrypting key to access the content. In addition, a user usually subscribes to a program only for a limited period such as a week or a month. Beyond the duration of subscription, users are not allowed to access the content. The proposed time-bound protocol can be easily deployed into VoD systems to manage the users’ subscription. In the initial phase, the vender organizes all contents into several classes and constructs a partial-order hierarchy. For every class, the encrypting key will be used to protect the content and be changed as time goes by. A user in the system will obtain some key information according to his subscription. Finally, the user can compute the correct encrypting key through his key information and public values to access the encrypted contents.

6. Conclusion

We have presented a time-bound key assignment scheme for a partial-order hierarchy. Since our scheme has the time-bound property, the vendor can offer great flexibility in the user subscription. Each user can only use his key information to compute the corresponding encrypting key in the duration of his subscription. Therefore our scheme can easily solve the key update problem without higher costs. In addition, our scheme applies public values instead of tamper-resistant devices, which is more suitable for cloud computing. Unlike previous schemes, the number of public values or key information does not depend on the length of system time. As a result, our scheme has lower space complexity and acceptable performance compared with previous works. Moreover, we also present that our scheme can defeat the collusion attacks.

Notation Used in Our Scheme

	The elliptic curve that the vendor selects
:	A bilinear mapping function, where
:	An one-way hash function
:	Additive cyclic group
:	Multiplicative cyclic group
:	Generating point of with large order
:	Secret random values
:	The secure class
:	Secret value of
:	User’s key information which can be used to compute encrypting key of from to
:	Temporal encrypting key of at time
:	Public values and only used in the improved scheme, where if
:	Public values, where , and .

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

The work of Chien-Ming Chen was supported in part by the Project HIT.NSRIF.2014098 supported by Natural Scientific Research Innovation Foundation in Harbin Institute of Technology and in part by Shenzhen Strategic Emerging Industries Program under Grant ZDSY20120613125016389. The work of Hung-Min Sun was supported in part by the National Science Council, Taiwan, under Grant NSC 101–2221-E-007-026-MY3.

References

S. G. Akl and P. D. Taylor, “Cryptographic solution to a problem of access control in a hierarchy,” ACM Transactions on Computer Systems, vol. 1, no. 3, pp. 239–248, 1983.
View at: Publisher Site | Google Scholar
F. Kuo, V. Shen, T. Chen, and F. Lai, “Cryptographic key assignment scheme for dynamic access control in a user hierarchy,” IEE Proceedings—Computers and Digital Techniques, vol. 146, no. 5, pp. 235–240.
View at: Publisher Site | Google Scholar
C.-C. Chang, R.-J. Hwang, and T.-C. Wu, “Cryptographic key assignment scheme for access control in a hierarchy,” Information Systems, vol. 17, no. 3, pp. 243–247, 1992.
View at: Publisher Site | Google Scholar
A. de Santis, A. L. Ferrara, and B. Masucci, “Cryptographic key assignment schemes for any access control policy,” Information Processing Letters, vol. 92, no. 4, pp. 199–205, 2004.
View at: Publisher Site | Google Scholar | MathSciNet
I.-C. Lin, M.-S. Hwang, and C.-C. Chang, “A new key assignment scheme for enforcing complicated access control policies in hierarchy,” Future Generation Computer Systems, vol. 19, no. 4, pp. 457–462, 2003.
View at: Publisher Site | Google Scholar
H.-Y. Chen, “Efficient time-bound hierarchical key assignment scheme,” IEEE Transactions on Knowledge and Data Engineering, vol. 16, no. 10, pp. 1301–1304, 2004.
View at: Publisher Site | Google Scholar
E. Bertino, N. Shang, and S. S. Wagstaff Jr., “An efficient time-bound hierarchical key management scheme for secure broadcasting,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 2, pp. 65–70, 2008.
View at: Publisher Site | Google Scholar
W.-G. Tzeng, “A time-bound cryptographic key assignment scheme for access control in a hierarchy,” IEEE Transactions on Knowledge and Data Engineering, vol. 14, no. 1, pp. 182–188, 2002.
View at: Publisher Site | Google Scholar
G. Ateniese, A. de Santis, A. L. Ferrara, and B. Masucci, “Provably-secure time-bound hierarchical key assignment schemes,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), pp. 288–297, November 2006.
View at: Publisher Site | Google Scholar
A. de Santis, A. L. Ferrara, and B. Masucci, “New constructions for provably-secure time-bound hierarchical key assignment schemes,” Theoretical Computer Science, vol. 407, no. 1–3, pp. 213–230, 2008.
View at: Publisher Site | Google Scholar | MathSciNet
J.-H. Yeh, “An RSA-based time-bound hierarchical key assignment scheme for electronic article subscription,” in Proceedings of the 14th ACM International Conference on Information and Knowledge Management (CIKM '05), pp. 285–286, November 2005.
View at: Google Scholar
C.-M. Chen, K.-H. Wang, T.-Y. Wu, J.-S. Pan, and H.-M. Sun, “A scalable transitive human-verifiable authentication protocol for mobile devices,” IEEE Transactions on Information Forensics and Security, vol. 8, no. 8, pp. 1318–1330, 2013.
View at: Publisher Site | Google Scholar
Y. Liu, C.-C. Chang, and S.-C. Chang, “A secure and efficient t-out-of-n oblivious transfer based on the generalized aryabhata remainder theorem,” Journal of Information Hiding and Multimedia Signal Processing, vol. 5, no. 2, pp. 223–233, 2014.
View at: Google Scholar
T.-Y. Wu and Y.-M. Tseng, “Publicly verifiable multi-secret sharing scheme from bilinear pairings,” IET Information Security, vol. 7, no. 3, pp. 239–246, 2013.
View at: Publisher Site | Google Scholar
E. K. Wang, Y. Ye, and X. Xu, “Location-based distributed group key agreement scheme for vehicular AD hoc network,” International Journal of Distributed Sensor Networks, vol. 2014, Article ID 759601, 8 pages, 2014.
View at: Publisher Site | Google Scholar
C.-M. Chen, Y.-H. Lin, Y.-C. Lin, and H.-M. Sun, “RCDA: recoverable concealed data aggregation for data integrity in wireless sensor networks,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 4, pp. 727–734, 2012.
View at: Publisher Site | Google Scholar
D. Taghaddos and A. Latif, “Visual cryptography for gray-scale images using bit-level,” Journal of Information Hiding and Multimedia Signal Processing, vol. 5, no. 1, pp. 90–97, 2014.
View at: Google Scholar
X. Yi and Y. Ye, “Security of Tzeng's time-bound key assignment scheme for access control in a hierarchy,” IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 4, pp. 1054–1055, 2003.
View at: Publisher Site | Google Scholar
X. Yi, “Security of Chien's efficient time-bound hierarchical key assignment scheme,” IEEE Transactions on Knowledge and Data Engineering, vol. 17, no. 9, pp. 1298–1299, 2005.
View at: Publisher Site | Google Scholar
H.-M. Sun, K.-H. Wang, and C.-M. Chen, “On the security of an efficient time-bound hierarchical key management scheme,” IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 159–160, 2009.
View at: Publisher Site | Google Scholar
S.-Y. Wang and C.-S. Laih, “Merging: an efficient solution for a time-bound hierarchical key assignment scheme,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 1, pp. 91–100, 2006.
View at: Publisher Site | Google Scholar
A. de Caro and V. Iovino, “jPBC: Java pairing based cryptography,” in Proceedings of the 16th IEEE Symposium on Computers and Communications (ISCC '11), pp. 850–855, July 2011.
View at: Publisher Site | Google Scholar
B. Hayes, “Cloud computing,” Communications of the ACM, vol. 51, no. 7, pp. 9–11, 2008.
View at: Google Scholar
M. Armbrust, A. Fox, R. Griffith et al., “A view of cloud computing,” Communications of the ACM, vol. 53, no. 4, pp. 50–58, 2010.
View at: Publisher Site | Google Scholar
S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2011.
View at: Publisher Site | Google Scholar
B.-J. Sun and K.-J. Wu, “Research on cloud computing application in the peer-to-peer based video-on-demand systems,” in Proceedings of the 3rd International Workshop on Intelligent Systems and Applications (ISA '11), pp. 1–4, Wuhan, China, May 2011.
View at: Publisher Site | Google Scholar
Y. Wu, C. Wu, B. Li, X. Qiu, and F. C. M. Lau, “CloudMedia: when cloud on demand meets video on demand,” in Proceedings of the 31st International Conference on Distributed Computing Systems (ICDCS '11), pp. 268–277, Minneapolis, Minn, USA, June 2011.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2014 Bing-Zhe He et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1456

Downloads

783

Citations

Mathematical Problems in Engineering

An Efficient Solution for Hierarchical Access Control Problem in Cloud Environment

Abstract

1. Introduction

2. Related Work

3. Preliminaries

3.1. Bilinear Mapping

3.2. Partial-Order Hierarchy

3.3. Time-Bound Property

4. The Proposed Scheme

4.1. Initialization

4.2. User Subscription

4.3. Encrypting Key Derivation

4.4. Example

5. Analysis

5.1. Security against Possible Attacks

5.1.1. Security of Key Information

5.1.2. Security of Temporal Encryption Key

5.2. Performance Evaluation

5.3. Application

6. Conclusion

Notation Used in Our Scheme

Conflict of Interests

Acknowledgments

References

Copyright