Project 1: Dynamic Multi-group Secure Data Sharing Scheme for Cloud

The need for secure data sharing has become more important than ever because privacy is a big concern in content sharing via cloud. Secure group data sharing in cloud or remote untrusted server is significantly different and far more challenging than that of traditional trusted server model. This is because of the following reasons. First, in the trusted server model, servers are normally housed within the organization’s premises and protected by network and OS level firewalls. Thus, these servers can be reasonably trusted to act properly for user access control or in events like a new group member joining or a revoked member leaving. On the contrary, the cloud cannot be fully trusted to act honestly in similar kinds of scenarios. For example, cloud can alter or expose some sensitive data to the revoked users or to some other adversaries motivated by financial incentives. Moreover, a cloud is prone to both insider and outsider attacks. Thus, secure group data sharing in the cloud requires the data to be encrypted so that actual data content remains hidden from the cloud as well as potential internal and external adversaries. Second, fine-grained access control on shared data is also desirable since different members of the group can have different levels of privileges. Third, the data owner may not know the specific identity of each of the users s/he shares his data with. Yet, s/he should have some degree of control on who can access the shared data. The goal of this work here is to extend design and implement an efficient mechanism for secure data sharing in a dynamic multi-group [IM21] to make it more scalable. It is important because most of the organizations in real life have multi-group structure. In a multi-group setting, two important properties that are to be satisfied are group level data isolation and on-demand cross-group data sharing. Group level data isolation means that data shared in one group should not be accessed by the members of another group. On-demand cross-group data sharing refers to the fact that under special circumstances such as multi-group collaboration, one group should be able to share data with other groups easily. Moreover, in a dynamic group, users can leave or join anytime. Security and confidentiality of the shared files should be maintained in such group membership without causing too much overhead. Students will first learn the challenges associated with group data sharing as well as multi-group data sharing. Then, they will learn how our proposed scheme overcomes security issues by running experiments on real data and use observations to refine algorithms for scalability and testing with different attribute-based revocation scheme.

Sample Design Experiment: Evaluation of computational costs in cloud, data owner and user end. Purpose: To let the students understand how secure data sharing in a multi-group setting works by running experiments starting from setting up the environment to encrypting data with proper access policy and sharing the encrypted data in multi-group environment via uploading in the cloud. Finally, students will also learn how to decrypt the data with proper attribute keys by downloading it from the cloud. The computation time of different phases (setup, encrypt, decrypt, etc.) will also be assessed for their efficiency.

Method: Students will start from learning how to implement access control while sharing data in a real S&T cloud environment. Then they will run their code to initialize the data sharing groups in the cloud environment. Different users in the group will be issued different attribute keys by running a key issuing algorithm. Then, data will be encrypted and shared with different group members based on the access policy. Authorized group members will download and decrypt data using their attribute keys. New members will be added, and existing members will be revoked and computation costs of all these operations will be recorded by the students.

Input Parameters: Number of users, number of groups, number of attributes, files to be shared.

Output Parameters: Computation cost of group initialization, key distribution, user revocation and new member joining. Also, encryption and decryption time for varying attribute structures and number of attributes in the access structure.

Project Deliverables: Experimental results, and modification to algorithms and their implementations, and possible publications.

Researcher