Abstract
Recently, researches on key management scheme for user access control in outsourced databases have been actively done. Because outsourced databases require dealing with a lot of users and data resources, an efficient key management scheme for reducing the number of authentication keys is required. However, the existing schemes have a critical problem that the cost of key management is rapidly increasing as the number of keys becomes larger. To solve the problem, we propose an efficient key management scheme for user access control in outsourced databases. For this, we propose an Resource Set Tree(RST)-based key generation algorithm to reduce key generation cost by merging duplicated data resources. In addition, we propose a hierarchical Chinese Remainder Theorem(CRT)-based key assignment algorithm which can verify a user permission to gain accesses to outsourced databases. Our algorithm can reduce key update cost because the redistribution of authentication keys is not required. We also provide the analytic cost models of our algorithms and verify the correctness of the theoretical analysis by comparing them with experiment results. Finally, we show from the performance analysis that the proposed scheme outperforms the existing schemes in terms of both key generation cost and update cost.
Similar content being viewed by others
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 563–574 (2004)
Beaver, J., et al.: Improving the hybrid data dissemination model of web documents. World Wide Web. 11(3), 313–337 (2008)
Blundoa, C., et al.: Managing key hierarchies for access control enforcement: heuristic schemees. Comput. Secur. 29(5), 533–547 (2010)
Brodkin, J.: Gartner: seven cloud-computing security risks. Network World (2008)
Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (2009)
Damiani, E., Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. In: Proceedings of VODCA (2006)
Hacigümüş, H., et al.: Executing SQL over encrypted data in the database-service-provider model. Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, ACM (2002)
Hong,S.T., et al.: A hierarchical CRT-based user access control scheme using resource set tree on the cloud system. International Conference on Big Data and Smart Computing. 87–94 (2015). doi:10.1109/35021BIGCOMP.2015.7072816
Khoshgozaran, A., Shahabi, C.: Private buddy search: enabling private spatial queries in social networks. In: Proceedings of the IEEE International Conference on Computational Science and Engineering, pp. 166–173 (2009)
Kim, J.S., et al.: PARADISE: Big data analytics using the DBMS tightly integrated with the distributed file system. World Wide Web. 19(3), 299–322 (2016)
Kim, H.I., et al.: Hilbert-curve based cryptographic transformation scheme for protecting data privacy on outsourced private spatial data. International Conference on Big Data and Smart Computing. (2014b). doi:10.1109/BIGCOMP.2014.6741411
Kong, Y., Seberry, J., Getta, J.R., Yu, P.: A cryptographic solution for general access control. Information Security (2005)
Lee, W., Leung, C.K.-S., Lee, J.J.-H.: Mobile web navigation in digital ecosystems using rooted directed trees. IEEE Trans. Ind. Electron. 58(6), 2154–2162 (2011)
Lee, W., et al.: Server authentication for blocking unapproved WOW access. International Conference on Big Data and Smart Computing. (2014). doi:10.1109/BIGCOMP.2014.6741427
Lim, J.H., et al.: System proposal and CRS model design applying personal information protection for BIG DATA analysis. International Conference on Big Data and Smart Computing. (2014). doi:10.1109/BIGCOMP.2014.6741442
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proceedings of the 29th VLDB Conference (2003)
Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: NDSS (2011)
Odelu, V., Das, A.K., Goswami, A.: A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform. Sci. 269, 270–285 (2014)
Terefe, M.B., Oh, S.: Web service proxy architecture using WS-eventing for reducing SOAP traffic. Journal of Information Technology and Architecture, 10(2), 159–167 (2013)
Tourani, P., Hadavi, M.A., Jalili, R.: Access Control Enforcement on Outsourced Data Ensuring Privacy of Access Control Policies. In: 2011 International Conference on High Performance Computing and Simulation (HPCS) (2011)
Vimercati, S.D.C., et al.: Private data indexes for selective access to outsourced data. Proceedings of the 10th annual ACM workshop on Privacy in the electronic society. ACM (2011)
Wang, W., Li, Z., Owens, R., Bhargava, B.: Secure and efficient access to outsourced data. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (2009)
Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Networking. 28(4), 16–30 (2000)
Yang, K., Jia, X.: Data storage auditing service in cloud computing: challenges, methods and opportunities. World Wide Web. 15(4), 409–428 (2012)
Yie, M., Assent, I., Jensen, C., Kalnis, P.: Outsourced similarity search on metric data assets. IEEE Trans. Knowl. Data Eng. 24(2), 338–352 (2012)
Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P. Enabling search services on outsourced private spatial data. VLDB J. 19(3), 363–384 (2010)
Yoon, C.W., et al.: Dynamic Collaborative Cloud Service Platform: Opportunities and Challenges. ETRI J. 32(4), 634–637 (2010)
Yoon, S.H., et al.: Behavior signature for big data traffic identification. International Conference on Big Data and Smart Computing. (2014). doi:10.1109/BIGCOMP.2014.6741448
Yu, S., et al.: Achieving secure, scalable and fine-grained data access control in cloud computing. In: IEEE INFOCOM (2010)
Zhang, Q., et al.: A key management scheme for hierarchical access control in group communication. Int. J. Netw. Secur. 7(3), 323–334 (2008)
Acknowledgments
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. R0113-15-0005, Development of an Unified Data Engineering Technology for Large-scale Transaction Processing and Real-time Complex Analytics). This work was also supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2014065816).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hong, S., Kim, HI. & Chang, JW. An efficient key management scheme for user access control in outsourced databases. World Wide Web 20, 467–490 (2017). https://doi.org/10.1007/s11280-016-0408-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11280-016-0408-y