A Multilevel Access Control Scheme for Data Security in Transparent Computing
Abstract
Introduction
n recent years, computing paradigms have evolved along with the rapid development of computer networks and information technologies. Transparent computing1–3 is an emerging technology that lets users enjoy user-controlled services by extending the stored program concept in the von Neumann architecture spatiotemporally into networking environments. Transparent computing loads a variety of heterogeneous OSs and applications dynamically on different devices. This feature lets users focus on the available application services without worrying about which physical device will be used or on which OS it should be run. This new mechanism comes with many advantages for information security.4,5 Centralized management on servers brings convenience to the protection of user data and reduces the risk of information leakage and data theft. However, transparent computing also brings new challenges to service reliability and security: OSs, applications, and data are centralized on servers and shared by all users. Imagine a scenario in which an enterprise uses transparent computing as its office system. Some information (files, tables, data, and so on) will be produced during day-to-day work and will have different security levels and access permissions. For example, open files can be shared with everyone, but some sensitive tables might be revealed only to specific users and some private personal information won’t be disclosed to anyone.
Thus, according to their sensitivity, users will have to classify information into three categories: public information, sensitive information, or private information. Users in transparent computing reserve zero storage space on their clients; all execution results and data must be stored on transparent servers (TSs). But without user consent, the data stored on servers could be abused or misused by unauthorized accesses or server managers. Therefore, a secure protection scheme is imperative to encrypt each user’s private information before storing it on TSs, and that scheme should protect user information with multilevel security, providing precise access control as well. Some existing multiple-receiver encryption schemes use attributebased encryption (ABE)6,7 to achieve multilevel confidentiality and fine-grained access control, but these methods have high computation costs due to bilinear map operations during encryption and decryption.
Moreover, effective user revocation is an intractable issue in these schemes because the data should be re-encrypted when privilege is revoked.8 How to protect multilevel data security and achieve authorized resource sharing in an efficient and flexible way in such an environment has become a problem. In this article, we propose a Multilevel Access Control Scheme in Transparent Computing (MACTC) to protect user data with different security levels. The proposed scheme introduces an authentication server (AS) that acts as an authentication authority to perform multilevel access control and identity authentication, dealing with user data access, storage, transmission, and processing in a transparent computing environment.
system model
MACTC has three parts: the user/TC (transparent client), the AS, and the TS; Figure 1 shows the proposed scheme’s frame structure. In our scheme, we regard a user and a TC as one party after successful verification between them. We introduce an AS, a third trust party (TTP)-based entity, into the scheme, which is located in front of the TSs. The AS’s task is to authenticate a legitimate user and verify his or her read and write permissions to the protected data. We assume that the AS is deployed in a small- or medium-sized business that does its general work in a transparent computing environment. For ease of explanation, we only use a single AS in this article, but multiple ASs can be deployed as necessary. In consideration of the diversification of user demands in transparent computing environments (users only need basic username/password authentication while using a personal desktop but could require different biometric information for enhanced security while using mobile devices), we use a selective multimodality biometric strategy to validate an individual’s identity, including fingerprint, palmprint, voice, image, and so on. Users can choose a biometric input modality for identity authentication according to their hardware and software platforms or environments.
Technique preliminaries
Transparent computing is aimed at providing a cross-platform experience for users transparently and seamlessly. All resources (including OSs) are stored on remote TSs, with TCs acting as lightweight, almost bare-bones computers. Managed by the transparent OS, META OS,9 the instance OS and other resources can be delivered through the network and requested on demand for local execution in a blockstreaming way. According to sensitivity, users classify information into one of three categories, A, B, or C, as follows: A level is public information and is shared with all legal users, so anyone in the system can access it. B level is sensitive information, is partly public, and is shared with authorized users, such as authorized colleagues and team members; the B level of information must be encrypted with distinctive encryption keys. C level is private information, not public, and can’t be shared with anyone; the C level of information can be protected with encryption and decryption by the user him- or herself, and encryption keys shouldn’t be revealed to anyone. The classifying standard is determined by a user with a subjective standard. Users can set up their routine daily information with the fixed level in advance when they enroll in a transparent computing office system (other information is optional). In this way, users can control their own information themselves. We use the polynomial generated by the AS to verify the user’s privilege to access each file of the corresponding security level in the database (DB). Similar to other related work,10 we propose the following access control polynomials for our MACTC scheme:
LPi = ri1 + (x – Bi){ri2 + (x – Ci)}, (1)
Bi = h(bi), Ci = h(ci) + h(BTi), (2)
BLi = LPi(Bi) = ri1, and (3)
CLi = LPi(Ci) = ri1 + ri2(Ci – Bi)2), (4)
where ri1, ri2 are random numbers, and BLi, CLi are access control polynomials generated by the AS to control a user i’s access to the B and C levels of data. We define Bi, Ci as level authentication identifiers, which means they’re accessible to user i. With the level authentication value bi, ci retrieved from the AS, a user i has the chance to obtain the correct Bi, Ci using Equation 2 to verify validity and get privileges to the B and C levels of data. To retrieve the private C level of data, a user has to provide a biometric for the terminal device, and the TC captures template information and computes hash values of it, h(BTi). Only when the user provides a biometric whose hash value matches the one stored on the AS can he or she pass the validation process. In this way, the scheme can guarantee security of the C level of data. For each file in the B level of data for user i, defined as BFij, the user can designate a set of l users to share the file. The AS will generate the following polynomial for file-level access control, when each file is successfully saved to the personal database on the TS:FPij = ri1(x – u1_BFij)(x – u2_BFij)…(x – ui_BFij)… (x – ul_BFij) + ri2, (5) where ri1, ri2 are random values, i, j (j < m, m is the total number of B level of files), and l (l < n, n is the total number of users) are positive integers. The polynomial FPij is a l-degree polynomial, meaning it controls the set of users who can access the jth file for user i’s B level of information. We define ul_BFij as the file authentication value, which user l can get from the AS to access the jth file in the B-level data of user i. For all 1 ≤ j ≤ m, we set ui_BFij = bi, which means the user i can access all his or her own files in the B level of data, just by providing the level authentication value, bi.
Related Work
A Multilevel Access Control Scheme for Data Security in Transparent Computing : In transparent computing, the client terminals are rather light-weighted, while all of the resources (including the operating systems, OSs for short) are stored on remote servers, and delivered on demand to clients in a streaming way.
Spatio-temporal Extension on Von Neumann Architecture for Services, Tsinghua Science and Technology : With the rapid improvements in hardware, software and networks, the computing paradigm has also shifted from mainframe computing to ubiquitous or pervasive computing, in which users can get their desired services anytime, anywhere and any means. However, the emergence of ubiquitous or pervasive computing has brought many challenges, one of which is that it is hard to allow users to freely obtain desired services, such as heterogeneous OSes and applications via different light-weight embedded devices. We have proposed a new paradigm by extending the von Neumann architecture spatio-temporally, called Transparent Computing, to store and manage the commodity programs including OS codes centrally, while streaming them to be run in non-state clients. This leads to a servicecentric computing environment, in which users can select the desired services on demand, without concerning these services’ administrations, such as their installation, maintenance, management, upgrade, and so on.
Transparent Computing: a New Paradigm for Pervasive Computing, Ubiquitous Intelligence and Compuing : Cloud computing has become a hot topic recently. Among these research issues, cloud operating systems have attracted extensive attention. However, to date, there is no answer to such issues as what a cloud operating system is and how to develop one. This paper proposes a cloud operating system, TransOS, from the viewpoint of transparent computing, in which all traditional operating system codes and applications are centrally stored on network servers, and an almost bare terminal dynamically schedules the necessary codes selected by users from the network server, and runs them mostly with the terminal’s local resources. The TransOS manages all the resources to provide integrated services for users, including traditional operating systems. This paper first introduces the concept of transparent computing as a background and presents TransOS and its main characteristics. It then gives a layered structure-based designation of TransOS and finally illustrates one example of its implementation.
TransOS: a Transparent Computing-based Operating System for the Cloud, International Journal of Cloud Computing : Proposes a cloud operating system, TransOS, from the viewpoint of transparent computing, in which all traditional operating system codes and applications are centrally stored on network servers, and an almost bare terminal dynamically schedules the necessary codes selected by users from the network server, and runs them mostly with the terminal’s local resources. The TransOS manages all the resources to provide integrated services for users, including traditional operating systems.
Evaluation
We evaluated the MACTC scheme’s performance in terms of running time for various operations in each phase. Our experiments are implemented with Java Development Kit (JDK)1.7 and the Eclipse integrated development environment (IDE), running on a local machine with an Intel Core-i5 2.5 GHz, 2 Gbytes RAM, and Window7 OS. The performance of the involved phases depends on the size of messages and files, so we set message sizes to 32, 64, 128, 512, and 1,024 bytes and files sizes to 1, 100, 500, 1,000, and 5,000 Kbytes. We use the asymmetric encryption algorithm RSA to treat short messages. Specifically, the encryption data of RSA includes two parts: MSGU2A in Step R3 and the timestamp t in Step L3. We use the symmetric encryption algorithm 256-bit AES to encrypt messages and files, and hash function 256-bit SHA to ensure data integrity. Table 2 shows the computation costs. From the evaluation, we found that the most expensive operation is asymmetric encryption, which takes about 0.1 to 0.2 seconds to encrypt a short message, but Table 1 shows that this operation must be performed only once during the login phase. The running time of a hash function (256bit SHA) is no more than 0.02 seconds for messages and about 0.03 seconds for a 1,000-Kbyte file. The symmetric encryption and decryption (256-bit AES) consume most of the computation time. It takes 0.1 seconds of encryption time and 0.003 seconds of decryption time for a 1-Kbyte message, and 0.4 seconds of encryption time and 0.2 seconds of decryption time for a 1,000-Kbyte file. From the user side, the encryption and decryption are performed once or twice each session (depending on the operations used), so we can say the computation overheads of our scheme are reasonable.
