Formal analysis of a private access control protocol to a cloud storage

Abstract : Cloud storage provides an attractive solution for many organizations and enterprises due to its features such as scalability, availability and reduced costs. However, storing data in the cloud is challenging if we want to ensure data security and user privacy. To address these security issues cryptographic protocols are usually used. Such protocols rely on cryptographic primitives which have to guarantee some security properties such that data and user privacy or authentication. Attribute-Based Signature (ABS) and Attribute-Based Encryption (ABE) are very adapted for storing data on an untrusted remote entity. In this work, we enhance the security of cloud storage systems through a formal analysis of a cloud storage protocol based on ABS and ABE schemes. We clarify several ambiguities in the design of this protocol and model the protocol and its security properties with ProVerif an automatic tool for the verification of cryptographic protocols. We discover an unknown attack against user privacy in the Ruj et al. protocol. We propose a correction, and automatically prove the security of the corrected protocol with ProVerif.
Document type :
Journal articles
Complete list of metadatas

Cited literature [30 references]  Display  Hide  Download
Contributor : Pascal Lafourcade <>
Submitted on : Wednesday, January 23, 2019 - 9:07:05 AM
Last modification on : Friday, March 15, 2019 - 1:14:40 AM
Long-term archiving on : Wednesday, April 24, 2019 - 1:09:55 PM


Files produced by the author(s)




Mouhebeddine Berrima, Pascal Lafourcade, Matthieu Giraud, Narjes Ben Rajeb. Formal analysis of a private access control protocol to a cloud storage. International Journal of Innovative Computing and Applications, Inderscience Publishers, 2018, 9 (3), pp.150-164. ⟨10.1504/IJICA.2018.093733⟩. ⟨hal-01990336⟩



Record views


Files downloads