On the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data

机译：关于提供安全和私人细粒度访问外包数据的方法的不安全感

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

The protection of sensitive data stored in the cloud is paramount. Among the techniques proposed to provide protection, attribute-based access control, which frequently uses ciphertext-policy attribute-based encryption (CPABE), has received a lot of attention in the last years. Recently, Jahan et al.~(IEEE 40th Conference on Local Computer Networks, 2015) propose a scheme based on CPABE where users have reading and writing access to the outsourced data. We analyze the scheme by Jahan et al. and we show that it has several security vulnerabilities. For instance, the cloud server can get information about encrypted messages by using a stored ciphertext and an update of that ciphertext. As another example, users with writing access are able to decrypt all the messages regardless of their attributes. We discuss the security claims made by Jahan et al. and point out the reasons why they do not hold. We also explain that existing schemes can already provide the advantages claimed by Jahan et al.

机译：保护存储在云中的敏感数据是至关重要的。在提出提供保护的技术中，基于属性的访问控制，通常使用基于密文 - 策略属性的加密（CPABE），在过去几年中受到了很多关注。最近，Jahan等人。〜（IEEE第40届当地计算机网络会议，2015）提出了一种基于CPABE的计划，用户拥有对外包数据的读写访问。我们通过Jahan等人分析该计划。我们表明它有几种安全漏洞。例如，云服务器可以使用存储的密文和该密文的更新获取有关加密消息的信息。作为另一个例子，具有写入访问的用户能够解密所有邮件，无论其属性如何。我们讨论了Jahan等人的安全声明。并指出他们不持有的原因。我们还解释说，现有计划已经可以提供Jahan等人的优势。

著录项

来源
《IEEE International Conference on Cloud Computing Technology and Science》|2016年|1 v.|共7页
会议地点
作者
Alfredo Rial;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Access control; Writing; Servers; Encryption; Cloud computing;

机译：访问控制;写作;服务器;加密;云计算;

相似文献

外文文献
中文文献
专利

1. Secured Fine-Grained Selective Access to Outsourced Cloud Data in IoT Environments [J] . Xia Qi, Sifah Emmanuel Boateng, Agyekum Kwame Opuni-Boachie Obour, Internet of Things Journal, IEEE . 2019,第6期

机译：安全的细粒度选择性地访问IOT环境中的外包云数据
2. Light weight and fine-grained access mechanism for secure access to outsourced data [J] . Mosarrat Jahan, Suranga Seneviratne, Partha Sarathi Roy, Concurrency and computation: practice and experience . 2019,第23期

机译：轻量级和细粒度的访问机制可确保对外包数据的安全访问
3. Securing Outsourced Data in the Multi-Authority Cloud with Fine-Grained Access Control and Efficient Attribute Revocation [J] . Junwei Zhou, Hui Duan, Kaitai Liang, The Computer journal . 2017,第8期

机译：通过细粒度的访问控制和有效的属性撤销来保护多授权云中的外包数据
4. On the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data [C] . Alfredo Rial IEEE International Conference on Cloud Computing Technology and Science . 2016

机译：关于提供对私有数据的安全和私有细粒度访问的方法的不安全性
5. Cryptography for secure and private databases: Enabling practical data access without compromising privacy. [D] . Green, Matthew Daniel. 2009

机译：安全和私有数据库的密码术：在不损害隐私的情况下实现实际数据访问。
6. Detecting referral and selection bias by the anonymous linkage of practice hospital and clinic data using Secure and Private Record Linkage (SAPREL): case study from the evaluation of the Improved Access to Psychological Therapy (IAPT) service [O] . Simon de Lusignan, Rob Navarro, Tom Chan, 2011

机译：使用安全和私人记录链接（SAPREL）通过实践医院和诊所数据的匿名链接来检测转诊和选择偏见：来自改进的心理治疗（IAPT）服务评估的案例研究
7. On the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data [O] . Rial, Alfredo 2016

机译：提供外包数据安全私密细粒度访问方法的不安全性

On the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data

摘要

著录项

相似文献

相关主题

期刊订阅