Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud
With the character of low maintenance, cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership. In this paper, we propose a secure multiowner data sharing scheme, named Mona, for dynamic groups in the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the number of revoked users. In addition, we analyze the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments.
Several security schemes for data sharing on untrusted servers have been proposed. In these approaches, data owners store the encrypted data files in untrusted storage and distribute the corresponding decryption keys only to authorized users. Thus, unauthorized users as well as storage servers cannot learn the content of the data files because they have no knowledge of the decryption keys.
Proposed a secure provenance scheme based on the ciphertext-policy attribute-based encryption technique, which allows any member in a group to share data with others.
A scalable and fine-grained data access control scheme proposed in cloud computing based on the key policy attribute-based encryption (KP-ABE) technique.
The complexities of user participation and revocation are linearly increasing with the number of data owners and the number of revoked users, respectively.
The issue of user revocation is not addressed in secure provenance scheme.
Unfortunately, the singleowner manner hinders the adoption of their scheme into the case, where any user is granted to store and share data.
To propose Mona, a secure multi-owner data sharing scheme for dynamic groups in the cloud.
It implies that any user in the group can securely share data with others by the untrusted cloud.
The size and computation overhead of encryption are constant and independent with the number of revoked users.
User revocation can be easily achieved through a novel revocation list without updating the secret keys of the remaining users.
The proposed scheme is able to support dynamic groups efficiently. Specifically, new granted users can directly decrypt data files uploaded before their participation without contacting with data owners.
To provide secure and privacy-preserving access control to users, which guarantees any member in a group to anonymously utilize the cloud resource. Moreover, the real identities of data owners can be revealed by the group manager when disputes occur.
To provide rigorous security analysis, and perform extensive simulations to demonstrate the efficiency of our scheme in terms of storage and computation overhead.
Any user in the group can store and share data files with others by the cloud.
The encryption complexity and size of ciphertexts are independent with the number of revoked users in the system.
User revocation can be achieved without updating the private keys of the remaining users.
A new user can directly decrypt the files stored in the cloud before his participation