Abstract
With the tremendous growth of cloud computing, verifiable computation has been firstly formalized by Gennaro et al. and then studied widely to provide integrity guarantees in the outsourced computation. However, existing verifiable computation protocols either work in the secret key setting or in the public key setting, namely, work either for single client or for all clients, which rules out some practical applications with access control policies. In this paper, we introduce and formalize the notion of verifiable computation with access control (AC-VC), in which only the computationally weak clients with necessary access control permissions can be allowed by a trusted source to apply the outsourced computation of a function to a server. We present a formal security definition and a proved secure black-box construction for AC-VC. This construction is built based on any verifiable computation in the secret key model and ciphertext-policy attribute-based encryption (CP-ABE). The access control policies that our AC-VC can realize depend on that realized in the based CP-ABE.
Similar content being viewed by others
References
Applebaum B, Ishai Y, Kushilevitz E (2010) From secrecy to soundness: efficient verification via secure computation (extended abstract). In: ICALP 2010. LNCS, vol 6198. Springer, Berlin, pp 152–163
Arora S, Safra S (1998) Probabilistic checking of proofs: a new characterization. J ACM 45:70–122
Babai L, Fortnow L, Levin LA, Szegedy M (1991) Checking computations in polylogarithmic time. In: STOC 1991. ACM, New York, pp 21–32
Barbosa M, Farshim P. Delegatable homomorphic encryption with applications to secure outsourcing of computation. Cryptology ePrint archive: report 2011/215
Benabbas S, Gennaro R, Vahlis Y (2011) Verifiable delegation of computation over large datasets. In: CRYPTO 2010. LNCS, vol 6841. Springer, Berlin, pp 111–131
Beimel A (1996) Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy. IEEE Computer Society, Los Alamitos, pp 321–334
Chase M (2007) Multi-authority attribute based encryption. In: TCC 2007. Springer, Berlin, pp 515–534
Chase M, Chow SS (2009) Improving privacy and security in multi-authority attribute-based encryption. In: CCS 2009. ACM, New York, pp 121–130
Chung KM, Kalai Y, Vadhan S (2010) Improved delegation of computation using fully homomorphic encryption. In: CRYPTO 2010. LNCS, vol 6223. Springer, Berlin, pp 483–501
Fiore D, Gennaro R (2012) Publicly verifiable delegation of large polynomials and matrix computations, with applications. In: CCS 2012. ACM, New York, pp 501–512
Gennaro R, Gentry C, Parno B (2010) Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: CRYPTO 2010. LNCS, vol 6223. Springer, Berlin, pp 465–482
Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: STOC 2009. ACM, New York, pp 169–178
Goldwasser S, Kalai YT, Rothblum GN (2008) Delegating computation: interactive proofs for muggles. In: STOC 2008. ACM, New York, pp 113–122
Goldwasser S, Lin H, Rubinstein A. Delegation of computation without rejection problem from designated verifier CS-proofs. Cryptology ePrint archive: report 2011/456
Hur J, Noh DK (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221
Ibraimi L, Asim M, Petkovic M (2009) Secure management of personal health records by applying attribute-based encryption. Technical report, University of Twente
Jahid S, Mittal P, Borisov N (2011) EASiER: encryption-based access control in social networks with efficient revocation. In: ASIACCS 2010. ACM, New York, pp 411–415
Kilian J (1992) A note on efficient zero-knowledge proofs and arguments (extended abstract). In: STOC 1992. ACM, New York, pp 723–732
Kamara S, Raykova M (2011) Secure outsourced computation in a multi-tenant cloud. In: Workshop on cryptography and security in clouds
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: EUROCRYPT 2011, LNCS, vol 6110. Springer, Berlin, pp 62–91
Lewko AB, Waters B (2011) Decentralizing attribute-based encryption. In: EUROCRYPT 2011. Springer, Berlin, pp 568–588
Li M, Yu S, Zheng Y, Ren K, Lou W (2012) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans Parallel Distrib Syst 24(1):131–143
Müller SM, Katzenbeisser S, Eckert C (2008) Distributed attribute-based encryption. In: ICISC 2008. Springer, Berlin, pp 20–36
Micali S (2000) Computationally sound proofs. SIAM J Comput 30(4):1253–1298
Narayan S, Gagné M, Safavi-Naini R (2010) Privacy preserving EHR system using attribute-based infrastructure. In: CCSW 2010. ACM, New York, pp 47–52
Parno B, Raykova M, Vaikuntanathan V (2012) How to delegate and verify in public: verifiable computation from attribute-based encryption. In: TCC 2012, pp 422–439
Papamanthou C, Shi E, Tamassia R. Signatures of correct computation. Cryptology ePrint archive: report 2011/587
Sahai A, Seyalioglu H, Waters B (2012) Dynamic credentials and ciphertext delegation for attribute-based encryption. In: CRYPTO 2012. Springer, Berlin, pp 199–217
Wang C, Ren K, Wang J (2011) Secure and practical outsourcing of linear programming in cloud computing. In: INFOCOM 2011. IEEE Computer Society, Los Alamitos, pp 820–828
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: PKC 2011. LNCS, vol 6571. Springer, Berlin, pp 53–70
Yao A (1982) Protocols for secure computations. In: FOCS 1982. IEEE Computer Society, Los Alamitos, pp 160–164
Yao A (1986) How to generate and exchange secrets. In: FOCS 1986. IEEE Computer Society, Los Alamitos, pp 162–167
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM 2010. IEEE Computer Society, Los Alamitos, pp 534–542
Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: ASIACCS 2010. ACM, New York, pp 261–270
Acknowledgements
This work was supported by the National Natural Science Foundation of China (Nos. 61202466, U1135004, 61170080), Foundation for Distinguished Young Talents in Higher Education of Guangdong, China (No. 2012LYM_0017), Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme (2011), High-level Talents Project of Guangdong Institutions of Higher Education (2012), and Fundamental Research Funds for the Central Universities (No. 2012zb0015).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Xu, L., Tang, S. Verifiable computation with access control in cloud computing. J Supercomput 69, 528–546 (2014). https://doi.org/10.1007/s11227-013-1039-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-013-1039-z