Enhancing Distributed Authorization With Lagrange Interpolation And Attribute-Based Encryption
Abstract
In todays security landscape, every user wants to access large amounts of data with confidentiality and authorization. To maintain confidentiality, various researchers have proposed several techniques. However, to access secure data, researchers use access control lists to grant authentication and provide authorization. The above several steps will increase the server's computation overhead and response time. To cope with these two problems, we proposed multiparty execution on the server. In this paper, we introduce two different approaches. The first approach is encryption, utilizing the Involution Function Based Stream Cipher to encrypt the file data. The second approach is key distribution, using the Shamir secret sharing scheme to divide and distribute the symmetric key to every user. The decryption process required key reconstruction, which used second order Lagrange interpolation to reconstruct the secret keys from the hidden points. The process will reduce the server's computational overhead. The results are evaluated based on the encryption and decryption time, throughput, computational overhead, and security analysis. In the future, the proposed mechanism will be used to share large-scale, secure data within the organization.
Summary
This paper addresses the challenge of securing data access in cloud environments by proposing a novel distributed authorization scheme. The scheme aims to reduce the server's computational overhead and response time, which are common problems associated with traditional access control lists (ACLs). The approach combines an Involution Function-Based Stream Cipher for data encryption with Shamir's secret sharing for key distribution. Lagrange interpolation is then used to reconstruct the secret keys during decryption, distributing the computational load across multiple parties. The authors evaluate their approach based on encryption/decryption time, throughput, computational overhead, and security analysis, suggesting improvements in these areas compared to existing methods. The core idea revolves around offloading some server-side computation to the users through multi-party execution. The encryption process involves XORing the original file with a random bit generated using a Linear Congruential Generator (LCG), followed by encryption using the involution-based stream cipher. Key management leverages Shamir's secret sharing to divide and distribute the symmetric key among users, requiring key reconstruction using Lagrange interpolation for decryption. The system's functionality is built around XOR operation, hybrid key management, and access control policies that track user access lists for files. The key reconstruction algorithm uses three points (Organization Server, Owner, and Receiver) to generate a parabolic equation for retrieving the secret key. The results suggest that the proposed scheme provides a more efficient and secure method for data sharing within an organization, with reduced computational overhead and improved throughput.
Key Insights
- •Novel Encryption Method: The paper introduces an Involution Function-Based Stream Cipher for encryption, which is claimed to reduce computational complexity compared to algorithms like AES and RSA.
- •Distributed Key Management: The use of Shamir's Secret Sharing and Lagrange interpolation distributes key management overhead, reducing the burden on the server. Second-order Lagrange interpolation is used for key reconstruction.
- •Access Control Policy: The system incorporates an access control policy that leverages user attributes for authorization, enhancing security and flexibility. The framework combines CP-ABE with ACLs.
- •Performance Improvement: The proposed scheme achieves a throughput of 157.11 kb/sec for text files, comparable to Blowfish (159.6 kb/sec) and superior to AES (126.5 kb/sec), DES (33.32 kb/sec), and RSA (74.61 kb/sec).
- •Storage Overhead Reduction: The proposed model stores only (n+1) lightweight components of size |P| on the user side, compared to DAC-MACS which requires (nAA + 3) elements of size |p| and Sinha et al. which requires (m+1) elements of size |Pi|, where |Pi| is significantly larger than |P|.
- •Linear Encryption Time with Attributes: The paper notes that the encryption time increases linearly with the number of attributes in the access policy.
- •Security Theorems: The paper presents theorems related to resilience against decisional q-parallel BDHE, sufficiency of attribute key shares, and resistance to collusion attacks.
Practical Implications
- •Secure Cloud Storage: The proposed scheme can be applied to secure data storage and sharing in cloud environments, particularly for organizations dealing with large-scale data.
- •Reduced Server Load: By distributing the key management and decryption processes, the scheme can significantly reduce the computational load on the cloud server, improving overall system performance.
- •Lightweight Encryption Applications: The Involution Function-Based Stream Cipher is suitable for lightweight encryption applications, such as securing data on mobile devices or IoT devices.
- •Future Research: Future research could focus on optimizing the Lagrange interpolation process, exploring alternative stream ciphers, and implementing the scheme in a real-world cloud environment to assess its scalability and performance in practical scenarios.
- •Beneficiaries: Organizations, data owners, and cloud service providers can benefit from this research by implementing a more secure and efficient access control mechanism.