Privacy-preserving security solution for cloud services

 

L. Malina*, J. Hajny, P. Dzurenda and V. Zeman

 

Department od Telecommunications Brno University of Technology Brno, Czech Republic. *malina@feec.vutbr.cz

 

ABSTRACT

We propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their behavior. However, if a user breaks provider's rules, his access right is revoked.Our solution provides anonymous access, unlinkability and the confidentiality of transmitted data. We implement our solution as a proof of concept applicationand present the experimental results. Further, we analyzecurrent privacy preserving solutions for cloud services and group signature schemes as basic parts of privacy enhancing solutions in cloud services. We compare the performance of our solution with the related solutionsand schemes.

Keywords: Anonymous authentication, Cloud services, Cryptography, Encryption, Group signatures, Privacy, Security.

 

DESCARGAR ARTÍCULO EN FORMATO PDF

 

Acknowledgments

This research work is funded by project SIX CZ.1.05/2.1.00/03.0072; the Technology Agency of the Czech Republic projects TA02011260 and TA03010818; the Ministry of Industry and Trade of the Czech Republic project FR-TI4/647.

 

References

[1] Y. Chen and R. Sion, "On securing untrusted clouds with cryptography" in Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, New Your k,ACM, 2010, pp.109-114.         [ Links ]

[2] C. Wang, et al., "Privacy-preserving public auditing for data storage security in cloud computing", in INFOCOM,2010 Proceedings IEEE, San Diego march 2010, pp. 1-9.         [ Links ]

[3] Q. Wang et al. "Enabling public auditability and data dynamics for storage security in cloud computing", in Parallel and Distributed Systems, IEEE Transactions on, vol. 22, no. 5,IEEE, 2011. pp. 847-859.         [ Links ]

[4] R. Laurikainen, "Secure and anonymous communication in the cloud", in Aalto University School of Science and Technology, Department of Computer Science and Engineering, Tech. Rep. TKK-CSE-B10, 2010, pp. 1-5        [ Links ]

[5] M. Mowbray and S. Pearson, "A client-based privacy manager for cloud computing", in Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middle waRE, ser. COMSWARE '09, New York, ACM, 2009, pp. 5:1-5:8.         [ Links ]

[6] E.M. Hernandez-Ramirez et al. "A Comparison of Redundancy Techniques for Private and Hybrid Cloud Storage", in JART Journal of Applied Research and Technology, vol. 10, no. 6, pp. 1-9, 2012.         [ Links ]

[7] M. Jensen et al., "Towards an anonymous access control and accountability scheme for cloud computing", in Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, Miami, IEEE. 2010, pp. 540 -541.         [ Links ]

[8] D. Chaum and E. Van Heyst, "Group signatures", in Advances in Cryptology EUROCRYPT91. 1991, pp. 257-265.         [ Links ]

[9] P. Angin et al., "An entity-centric approach for privacy and identity management in cloud computing", in Reliable Distributed Systems, 2010 29th IEEE Symposium on, New Delhi, IEEE. 2010, pp. 177-183.         [ Links ]

[10] A. Fiat and A. Shamir, "How to prove yourself: practical solutions to identification and signature problems", in Advances in Cryptology-Crypto86. 1987, pp. 186-194.         [ Links ]

[11] M. Blanton, "Online subscriptions with anonymous access," in Proceedings of the 2008 ACM symposium on Information, computer and communications security, ser. ASIACCS '08, New York, ACM. 2008, pp. 217-227.         [ Links ]

[12] J. Camenisch and A. Lysyanskaya, "Signature schemes and anonymous credentials from bilinear maps", in Advances in Cryptology- CRYPTO2004, 24th Annual International Cryptology Conference, Santa Barbara, California, USA. 2004, pp. 56-72.         [ Links ]

[13] R. Lu et al., "Secure provenance: the essential of bread and butter of data forensics in cloud computing", in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS '10, New York, ACM, 2010, pp. 282-292.         [ Links ]

[14] S. Chow et al., "Spice-simple privacy-preserving identity-management for cloud environment", in Applied Cryptography and Network Security. 2012, pp. 526-543.         [ Links ]

[15] X. Boyen and B. Waters, "Compact group signatures without random oracles", in Advances in Cryptology-EUROCRYPT 2006. 2006, pp. 427-444.         [ Links ]

[16] L. Malina and J. Hajny, "Accelerated modular arithmetic for low-performance devices", in Telecommunications and Signal Processing(TSP), 2011 34th International Conference on, Budapest, IEEE. 2011, pp. 131-135.         [ Links ]

[17] L. Malina and J. Hajny, "Efficient modular multiplication for programmable smart-cards", in TelSys. Telecommunication Systems, pp.1-8. 2013.         [ Links ]

[18] X. Boyen and B. Waters, "Full-domain subgroup hiding and constant-size group signatures", Public Key Cryptography-PKC 2007.Beijing, China. 2007, pp. 1-15.         [ Links ]

[19] J. Hajny and L. Malina, "Unlinkable attribute-based credentials with practical revocation on smart-cards", in Proceedings of the 11th international conference on Smart Card Research and Advanced Applications, ser. CARDIS'12. Springer-Verlag, 2013, pp. 62-76.         [ Links ]

[20] R. Cramer, "Modular design of secure, yet practical cryptographic protocols", Ph.D. dissertation, University of Amsterdam, 1996.         [ Links ]

[21] J. Camenisch and M. Stadler, "Proof systems for general statements about discrete logarithms", Tech. Rep., 1997.         [ Links ]

[22] T. Okamoto and S. Uchiyama, "A new public-key crypto system as secure as factoring", in Advances in Cryptology - EUROCRYPT 98, ser. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, vol.1403, pp. 308-318, 1998.         [ Links ]

[23] J. Hajny and L. Malina, "Practical revocable anonymous credentials", in Communications and Multimedia Security, Canterbury, UK. 2012, pp. 211-213.         [ Links ]

[24] Z. Martinasek et al., "Optimization of differential poweranalysis", Przeglad elektrotechniczny,vol. 87, no. 12, pp. 140-144, 2011.         [ Links ]

[25] L. Martínez-Ramos et al., "Achieving Identity-Based Cryptography in a Personal Digital Assistant Device". JART. Journal of Applied Research and Technology, vol. 9. no. 3, pp. 1-11, 2011.         [ Links ]

[26] J. Camenisch and M. Stadler, "Eficient group signatures chemes for large groups", in Advances in Cryptology — CRYPTO '97, California, USA. 1997, pp. 410-424, 2011.         [ Links ]

[27] G. Ateniese et al., "A practical and provably secure group signature scheme", in proceedings of CRYPTO '00. 2000, pp. 255-270.         [ Links ]

[28] G. Ateniese et al., "Quasi-efficient revocation in group signatures" in proceedings of Financial Cryptography '02. 2002, pp. 183-197.         [ Links ]

[29] G. Tsudik and S. Xu, "Accumulating composites and improved group signing", in proceedings of ASIACRYPT '03. 2003, pp. 269-286.         [ Links ]

[30] D. Boneh and H. Shacham. "Group signatures with verifier-local revocation", in Conference on Computer and Communications Security, Proceedings of the 11th ACM conference on Computer and communications security, Washington DC, USA. 2004, pp. 168 - 177.         [ Links ]

[31] D. Boneh et al.,"Short group signatures", in Advances in Cryptology - CRYPTO 2004, Santa Barbara, California, USA. 2004, pp. 41-55.         [ Links ]

[32] M. Bellare et al., "Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions", in Advances in Cryptology - EUROCRYPT '03, Warsaw, Poland. 2003, pp. 614-629.         [ Links ]

[33] G. Ateniese et al., "Practical group signatures without random oracles", IACR Cryptology ePrint Archive.pp. 1-31, 2005.         [ Links ]

[34] X. Liang et al., "Short group signature without random oracles", in Information and Communications Security, Zhengzhou, ICICS, China. 2007, pp. 69-82.         [ Links ]

[35] J. Groth,"Fully anonymous group signatures without random oracles", in Advances in Cryptology - ASIACRYPT 2007, Kuching, Malaysia. 2007, pp. 164-180.         [ Links ]

[36] L. Nguyen and R. Safavi-Naini, "Efficient and Provably Secure Trapdoor-free Group Signature Schemes from Bilinear Pairings", in Advances in Cryptology - ASIACRYPT 2004, Jeju Island, Korea. 2004, pp. 372-386.         [ Links ]

[37] S. Zhou and D. Lin, "A shorter group signature with verifier-location revocation and backward unlinkability", CryptologyePrint Archive, Report 2006/100. 2006, pp. 1-10.         [ Links ]