Information Technology Reference
In-Depth Information
privacy of the user. Users cannot just read from already stored data but can
be given the right to modify the data. Attribute-based signatures (ABSs) [25]
are used for this purpose. In ABSs, users have a claim predicate associated
with a message. The claim predicate helps to identify the user as an autho-
rized one without revealing the user's identity. Other users or the cloud can
verify the user and the validity of the message stored. An ABS can be com-
bined with ABE to achieve authenticated access control without disclosing
the identity of the user to the cloud (see TableĀ 3.1).
Attribute-based encryption involves expensive operations, which might
be burdensome on resource-constrained devices like smartphones and the
like. To address this problem, Green et al. [16] proposed a technique to out-
source the decryption to a proxy, such that the operations performed by the
user can be done efficiently and the complex computations are delegated to
the proxy. The proxy, however, cannot decrypt the information.
We present a comparison in TableĀ 3.1 of access control schemes used in
the literature. Some schemes are centralized (have a single KDC), and some
are decentralized (have multiple KDCs). We look for the type of operations
supported, that is,
x
-Write-
y
-Reads (denoted x-W-y-R). Some schemes have
authentication and some do not. Only the Green et al. [16] scheme outsources
decryption. We also check if revocation of users is permitted or not.
3.4 Data Auditing
A big challenge is to ensure that the integrity of the data is preserved. Cloud
servers are prone to Byzantine failure, in which they can fail in arbitrary ways.
Generally, the cloud protects data integrity by making redundant copies of
data. To reduce storage space, the CSP might not offer the same degree of
redundancy as presented in the SLA. The CSP might also discard rarely used
data, without informing the client, just to save storage space. Thus, data audit-
ing is needed to verify that the cloud has not tampered with the stored data.
Data auditing is mostly done in a probabilistic way, in which a few blocks
are chosen and verified. The commonly used techniques are as follows:
1. Provable data possession (PDP): Allows the client to verify that the
cloud has stored the original data faithfully without retrieving it.
2. Proofs of retrievability (PoR): The cloud should be able to prove that
it has stored the client's data correctly, and the client is able to extract
the data from the cloud.
We note that the difference between PDP and PoR techniques is that PDP
techniques only produce a proof for recoverable data possession, but PoR
Search WWH ::
Custom Search