Formal analysis of a private access control protocol to a cloud storage

摘要

Cloud storage provides an attractive solution for many organisations and enterprises due to its features such as scalability, availability and reduced costs. However, storing data in the cloud is challenging if we want to ensure data security and user privacy. To address these security issues cryptographic protocols are usually used. Such protocols rely on cryptographic primitives which have to guarantee some security properties such that data and user privacy or authentication. Attribute-based signature (ABS) and attribute-based encryption (ABE) are very adapted for storing data on an untrusted remote entity. In this work, we enhance the security of cloud storage systems through a formal analysis of a cloud storage protocol based on ABS and ABE schemes. We clarify several ambiguities in the design of this protocol and model the protocol and its security properties with ProVerif an automatic tool for the verification of cryptographic protocols. We discover an unknown attack against user privacy in the Ruj et al. (2012) protocol. We propose a correction, and automatically prove the security of the corrected protocol with ProVerif.