A Higher-Level Security Scheme for Key Access on Cloud Computing


Celiktas B., Celikbilek I., Özdemir E.

IEEE ACCESS, vol.9, pp.107347-107359, 2021 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 9
  • Publication Date: 2021
  • Doi Number: 10.1109/access.2021.3101048
  • Journal Name: IEEE ACCESS
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Page Numbers: pp.107347-107359
  • Keywords: Cloud computing, Access control, Cryptography, Directed graphs, Computational modeling, Mission critical systems, Interpolation, Cloud security, hierarchical, interpolation, key access, key assignment, secret sharing, ASSIGNMENT SCHEME, MANAGEMENT SCHEME, CRYPTOGRAPHIC KEYS, OPTIMAL ALGORITHM, HIERARCHY
  • Istanbul Technical University Affiliated: Yes

Abstract

In this work, we construct a key access management scheme that seamlessly transitions any hierarchical-like access policy to the digital medium. The proposed scheme allows any public cloud system to be used as a private cloud. We consider the data owner an entity consisting of several organization units. We provide a secure method for each user of this entity to access the public cloud from both inside and outside the company's network. The idea of our key access control scheme, which is based on Shamir's secret sharing algorithm and polynomial interpolation method, is suitable especially for hierarchical organizational structures. It offers a secure, flexible, and hierarchical key access mechanism for organizations utilizing mission-critical data. It also minimizes concerns about moving mission-critical data to the public cloud and ensures that only users with sufficient approvals from the same or higher privileged users can access the key by making use of the topological ordering of a directed graph, including self-loop. Main overheads such as public and private storage needs are reduced to a tolerable level, and the key derivation is computationally efficient. From a security perspective, our scheme is both resistant to collaboration attacks and provides key indistinguishability security. Since the key does not need to be held anywhere, the problem of a data breach based on key disclosure risk is also eliminated.