Efficient Identity-Based Key Management for Configurable Hierarchical Cloud Computing Environment

Efficient Identity-Based Key Management for Configurable Hierarchical Cloud

Computing Environment

Jyun-Yao Huang

Department of Computer Science

and Engineering

National Chung Hsing University

Taichung, Taiwan

[email protected]

I-En Liao

Department of Computer Science

and Engineering

National Chung Hsing University

Taichung, Taiwan

[email protected]

Chen-Kang Chiang

Department of Computer Science

and Engineering

National Chung Hsing University

Taichung, Taiwan

[email protected]

Abstract—The security of cloud computing datacenters is an

important issue. In recent years, some schemes of encryption

and authentication based on hierarchical identity-based key

management systems have been developed. However, these

schemes did not consider the case when PKG (Private Key

Generator) went down. In this paper, we proposed an identity￾based key management scheme for configurable hierarchical

cloud computing environment. The proposed scheme requires

fewer computations on encryption, and authentication, and it

also provides efficient key reconstruction in case of PKG

failures. As a result, the scheme proposed in this paper can

reduce the key reconstructing cost efficiently on cloud

computing data center.

Keywords- Cloud Computing, Identity-Based

Authentication, Identity-Based Encryption

I. INTRODUCTION

The new term “cloud computing” appeared from

Google’s CEO Eric Schmidt in 2006 [1]. This new idea

has since become the most important technique in

network services. Nowadays cloud computing services

are everywhere, e.g., Google Gmail, Google document,

Microsoft Hotmail, Amazon EC2, and Facebook. These

services have been the most important for our world.

Cloud computing is a large-scale distributed

computing paradigm [2]. According to NIST’s (National

Institute of Standards and Technology) definition for

cloud computing:“Cloud computing is a model for

enabling convenient, on-demand network access to a

shared pool of configurable computing resources (e.g.,

networks, servers, storage, applications, and services) that

can be rapidly provisioned and released with minimal

management effort or service provider interaction” [3][4].

Usually, cloud providers have their own cloud

infrastructures or corresponding applications to provide

services for their customers. There are three typical

service models for cloud computing:

1) Infrastructure as a Service (IaaS), which provides

cloud computing infrastructures for customers.

2) Platform as a Service (PaaS), which provides both

IaaS and platform components such as operating systems

or needed libraries.

3) Software as a Service (SaaS), which provides

applications on the cloud computing platform.

However, NIST [3-4] also defines the deployment

model for cloud computing:

4) Public cloud, which allows users’ access to the

cloud via web browser interface.

5) Private cloud, which is set up by the action using

internal communication.

6) Hybrid cloud, which is a private cloud linked to one

or more external cloud services, centrally managed,

provisioned as a single unit, and circumscribed by a

secure network.

7) Community cloud, which shares infrastructure

resource between server organizations via secret

community channels.

Security is one major issue of cloud computing. A

public cloud computing datacenter may consist tens of or

hundreds of containers, and each container may contains

thousands of servers. How to enhance the security of these

computing nodes is a significant issue. For encrypting

transmissions in cloud computing, the general technique is

based on TLS/SSL protocols. However, these schemes are

not efficient for encryption and authentication [5]. In

another aspect, how to broadcast the public keys and

compute private keys of each cloud computing node is

another significant issue because of the bottleneck of the

basic TLS/SSL scheme. In recent years, the major methods

are inspired by Hierarchical ID-based encryption (HIDE),

which is based on admissible pairing [5-8].

In recent years, some researches proposed identity￾based hierarchical key deployment model for encryption

and authentication in cloud computing. However, these

methods did not consider the case when PKG (Private Key

Generator) may be failed.

When one PKG failed, its child nodes need to be

reconnected to another PKG. The newly assigned PKG

needs to regenerate private keys for all the descendants of

the failed PKG in order to keep them working. This

method will incur lots of overhead in case of PKG failure.

In this paper, we propose a robust and low-cost

identity-based encryption in a hierarchical key distribution

model by taking into consideration of the failures of PKGs.

The remainder of this paper is structured as follows:

Section II discusses the related work on security in cloud

2011 IEEE 17th International Conference on Parallel and Distributed Systems

1521-9097/11 $26.00 © 2011 IEEE

DOI 10.1109/ICPADS.2011.56

883