05-10-2016, 04:00 PM
A Time-Based Group Key Management Algorithm Based on Proxy Re-encryption for Cloud Storage
1457949898-Timebasedgroupkeymanagementalgorithmincloud1.pdf (Size: 618.54 KB / Downloads: 8)
Abstract.Users are motivated to outsource their data into the cloud for its great
flexibility and economic saving. However, outsourcingdata to cloud also increases
the risk of privacy leak.A straightforward method to protect the users’privacy
is to encrypt the files before outsourcing.The existing group key
management methods always presume that the server is trustworthy, but cloud
storage applications do not meet this condition. Therefore, how to manage the
group key to enable authenticated usersto access the files securely and efficientlyis
still a challenging problem.In our paper, wepropose a Time-basedGroup
Key Management (TGKM)algorithmforcryptographiccloud storage applications,
which uses the proxy re-encryption algorithm to transfermajorcomputingtask
of the group key management to the cloud server.So, the proposed TGKM
scheme greatly reduces the user’s computation and storage overhead and makes
full use of cloud server to achieve an efficient group key management for the
cryptographic cloud storage applications.Moreover, we introduce a key seed
mechanism to generate a time-based dynamic group key which effectively
strengthens the cloud data security. Our security analysis and performance
evaluations both show that the proposed TGKM scheme is a secure and efficient
group key management protocol for the cloud storage applications with
low overheads of computation and communication.
Introduction
Cloud storage is a typical service model of online outsourcing storage where data is
stored in virtualized pools which are generally hosted by third parties. Companies
need only pay for the storage they actually use. But when data is stored into cloud,
user simultaneously loses the control of his data. It makes that the unauthorized accesses
from hackers even cloud service providers is inevitable. Security is one of the
most important problems that should be addressed in cloud storage applications
In recent years, many scholars have proposed the use of encryption methods to protect
users' privacy in cloud storage applications [2-6]. In cryptographic cloud storage
application framework data owner encrypts files before outsourcing to protect his
privacy. Because the authorized users have the key, they could decrypt the files after
downloading. Obviously, unauthorized users, attackers, even the cloud service provider
can’t breach user’s privacy without authentication. In cryptographic cloud storage,
data owner need not only store files on the cloud but also shares these files to
some group users. Therefore, group key management is an important problem in
cloud storage, and it is also the main motivation of our paper.
The problem of group key management in cryptographic cloud storage environment
is different from the traditional one. In a cryptographic cloud storage model,
computing tasks should be transferred to the cloud as much as possible and ensure
user privacy at the same time. The main contributions of our work are:
─ We propose a suitable group key management method of cloud storage,
which transfers calculations to the cloud computing service providers, who can’t
get the group key.
─ The data owner and authorized group users compute different group keys in
different phases with the same seed, rather than always using the same group key,
so our method is safer. Besides, because group key in a phase is computed by key
seed, the distribute group key number of times is less than traditional method
The remainder of this paper is organized as follows: in Section 2, we discuss the
related work. Then we introduce several cryptographic primitives in Section 3.
Section 4 details the TGKM. Security analyses of TGKM will be given in Section 5.
Finally, we evaluate the performance of our mechanism in Section 6, and conclude
this paper in Section 7.
2 Related Work
There are many group key management algorithms to address the problem of group
key management in the network environments, some are depended on a trusted group
key server, and others don’t need any trusted group key servers.
Xiao proposes a cryptographic file system called CKS-CFS based on the security
assumption that the CKS-CFS is trusted [7]. A trusted Group Key Server (GKS) is
introduced to manage file encryption keys in a centralized manner and to enable the
employment of flexible access control policies. But if GKS is invaded, hacker can get
all the private files.
Goh proposes the SiRiUS which doesn’t need a trusted group key server usually let
each user has a public and private key pairs to obtain the group key [8]. When a data
owner wants to share data, he uses the group key to encrypt the file and uses the authorized
user’s public keys to encrypt the group key, and then he uploads the encrypted
file and encrypted keys to the cloud. The authorized user uses his private key
to decrypt the group key by which the authorized user decrypts the encrypted file.
This method is one of the simplest group key managements, but it requires that the data owner encrypts the group key for each user using his public key, which will
generate a great overhead of computing at the data owner. Kim proposes a secure
protocol called Tree-based Group Diffie–Hellman (TGDH) that is both simple and
fault-tolerant[9]. In order to protect the security of data, different files are encrypted
by different keys. But the processes of key negotiation in TGDH need to replace the
user's private key, so the algorithm is not suitable for group key management in cloud
storage.