• DocumentCode
    2897569
  • Title

    DACC: Distributed Access Control in Clouds

  • Author

    Ruj, Sushmita ; Nayak, Amiya ; Stojmenovic, Ivan

  • Author_Institution
    SEECS, Univ. of Ottawa, Ottawa, ON, Canada
  • fYear
    2011
  • fDate
    16-18 Nov. 2011
  • Firstpage
    91
  • Lastpage
    98
  • Abstract
    We propose a new model for data storage and access in clouds. Our scheme avoids storing multiple encrypted copies of same data. In our framework for secure data storage, cloud stores encrypted data (without being able to decrypt them). The main novelty of our model is addition of key distribution centers (KDCs). We propose DACC (Distributed Access Control in Clouds) algorithm, where one or more KDCs distribute keys to data owners and users. KDC may provide access to particular fields in all records. Thus, a single key replaces separate keys from owners. Owners and users are assigned certain set of attributes. Owner encrypts the data with the attributes it has and stores them in the cloud. The users with matching set of attributes can retrieve the data from the cloud. We apply attribute-based encryption based on bilinear pairings on elliptic curves. The scheme is collusion secure; two users cannot together decode any data that none of them has individual right to access. DACC also supports revocation of users, without redistributing keys to all the users of cloud services. We show that our approach results in lower communication, computation and storage overheads, compared to existing models and schemes.
  • Keywords
    authorisation; cloud computing; public key cryptography; DACC; KDC; copies encryption; data storage; data storage security; distributed access control in clouds; elliptic curves; key distribution centers; Access control; Cloud computing; Encryption; Hospitals; Protocols; Vectors; Access control; Bilinear maps; Decentralized attribute-based encryption; Storage in Clouds;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on
  • Conference_Location
    Changsha
  • Print_ISBN
    978-1-4577-2135-9
  • Type

    conf

  • DOI
    10.1109/TrustCom.2011.15
  • Filename
    6120807