Improving Efficiency of the Cryptosystem by Delegating Partial Computation in Cloud Computing Environment

Abstract

Over years, a cloud computing has been rapidly changing the shape of modern computing environment. By using cloud computing, companies and users are able to purchase computing resources in need from cloud service provider. Usually it is much cheaper than establishing and maintaining its own computing environment. Recently, many cloud-based applications that needed data sharing among users such as data storage, media cloud and smart office was emerged. In these applications, a user has to share data which stored in the cloud storage with group members. In this case, data sharing process is performed inside the cloud.

The problem of how to keep the confidentiality of user data against malicious entities including a cloud service provider has been recognized as a significant issue. For the confidentiality of user data, data sharing scheme has to consider both inside attacker and outside attacker. Outside attacker try to break into cloud computing and to obtain important data or paralyze cloud system. To protect user data from this kind of attacker, user has only to encrypt a data with proper encryption scheme. On the other hand, inside attacker, who is service provider or manager of systems, is hard to protect through simple encryption scheme. Especially in case of data sharing, user’s encrypted data has to decrypt and encrypt again with target user’s key. Therefore, inside attacker can obtain plaintext during data sharing process even if the data was stored after encryption.

There are two major cryptosystem that can be used for data sharing scheme in cloud computing: conditional proxy re-encryption (CPRE) and attribute based encryption (ABE). CPRE and ABE are special types of public key cryptosystem that have more functionalities. Using these schemes, fine-grained access control with security for data stored in cloud storage is possible. However, CPRE and ABE have high computational overhead to use the functionality. Especially, overhead of client side is high during the use of cryptosystem, and typically client side efficiency is more important than server side efficiency. Therefore, this paper improves efficiency of CPRE and ABE in client side to make it more practical solution for data sharing schemes in cloud computing.

This paper improves CPRE scheme in two ways. First, we introduce an efficient-CPRE (E-CPRE) in which the condition value is not associated with re-encryption keys. Whenever a group membership is changed, only a new condition value is distributed to the users via cloud server. As a result, the overhead of each user becomes significantly reduced at each membership change. Second, we introduce Outsourcing-CPRE (O-CPRE) which reduces the client overhead drastically. When the membership of the group changes, in O-CPRE, the originator only needs to select a new condition value and upload it to the cloud. In addition, O-CPRE will move a part of client overhead at the initial setup stage and at the decryption of each message from the client to the cloud. As a result, O-CPRE is much more suitable for secure big data sharing in cloud environment than the other existing schemes. Our experimental result shows that O-CPRE can delegate 92.5% of re-encryption key generation process, 64.1% of decryption process, and 52.7% of changing a condition value process.

In addition, this paper introduces Outsourcing Attribute Based Encryption (O-ABE) that can delegate computational overhead of policy changing process based on Ciphertext Policy ABE (CP-ABE). O-ABE also can delegate decryption partially by applying idea of key blind. Our experimental result shows that O-ABE can delegate 57.3% of decryption process in case of ciphertext has one attribute, and 57.4% of policy transformation process in case of one attribute was changed.