Due to the complexity and volume, outsourcing cipher texts to a cloud is deemed to be one of the most effective approaches for big data storage and access. Nevertheless, verifying the access legitimacy of a user and securely updating a cipher text in the cloud based on a new access policy designated by the data owner are two critical challenges to make cloud-based big data storage practical and effective. Traditional approaches either completely ignore the issue of access policy update or delegate the update to a third party authority; but in practice, access policy update is important for enhancing security and dealing with the dynamism caused by user join and leave activities. In this paper, we propose a secure and verifiable access control scheme based on the NTRU cryptosystem for big data storage in clouds. We first propose a new NTRU decryption algorithm to overcome the decryption failures of the original NTRU, and then detail our scheme and analyze its correctness, security strengths, and computational efficiency. Our scheme allows the cloud server to efficiently update the cipher text when a new access policy is specified by the data owner, who is also able to validate the update to counter against cheating behaviors of the cloud.


For More:-  IEEE 2018-2019 Secure Computing Projects



BIG data is a high volume, and/or high velocity, high variety information asset, which requires new forms of processing to enable enhanced decision making, insight discovery, and process optimization

Due to its complexity and large volume, managing big data using on hand database management tools is difficult. An effective solution is to outsource the data to a cloud server that has the capabilities of storing big data and processing users’ access requests in an efficient manner

Most existing approaches for securing the outsourced big data in clouds are based on either attributed-based encryption (ABE) or secret sharing. ABE based approaches provide the flexibility for a data owner to predefine the set of users who are eligible for accessing the data but they suffer from the high complexity of efficiently updating the access policy and cipher text.

As a data owner typically does not backup its data locally after outsourcing the data to a cloud, it cannot easily manage the data stored in the cloud.

 Besides, as more and more companies and organizations are using clouds to store their data, it becomes more challenging and critical to deal with the issue of access policy update for enhancing security and dealing with the dynamism

Caused by the users’ join and leave activities. To the best of our knowledge, policy update for outsourced big data storage in clouds has never been considered by the existing research.



  • Existing schemes doesn’t support user eligibility verification. On the other hand, verifiable secret sharing based schemes rely on RSA for access legitimacy verification.
  • As multiple users need to mutually verify each other using multiple RSA operations, such a procedure has a high computational overhead
  • This is not a science fiction as in 2015 IBM brought quantum computing closer to reality, making it urgent to exploit new techniques for quantum computing attack resistance
  • The Existing scheme should be able to defend against various attacks such as the collusion attack. 
  • Verification Problem it verified by other participating users
  • To reduce the risk of information leakage, a user should obtain authorization from the data owner for accessing the encrypted data


We first propose an improved NTRU cryptosystem to overcome the decryption failures of the original NTRU. Then we design a secure and verifiable scheme based on the improved NTRU and secret sharing for big data storage. The cloud server can directly update the stored cipher text without decryption based on the new access policy specified by the data owner, who is able to validate the update at the cloud. The proposed scheme can verify the shared secret information to prevent users from cheating and can counter various attacks such as the collusion attack. It is also deemed to be secure with respect to quantum computing attacks due to NTRU.



  • We propose a new NTRU decryption procedure to overcome the decryption failures of the original NTRU without reducing the security strength of NTRU
  • We propose a secure and verifiable access control scheme to protect the big data stored in a cloud. 
  • The scheme can verify a user’s access legitimacy and validate the information provided by other users for correct plaintext recovery
  • We devise an efficient and verifiable method to update the cipher text stored in clouds without increasing any risk when the access policy is dynamically changed by the data owner for various reasons
  • We prove the correctness of the proposed scheme and investigate its efficiency and security strength
  • We demonstrate that our scheme can resist various attacks such as the collusion attack via a rigorous analysis.



  • System                  : Pentium IV 2.4 GHz.
  • Hard Disk               : 40 GB
  • Floppy Drive           : 1.44 Mb
  • Monitor                  : 15 VGA Colour
  • Mouse                    : Logitech
  • Ram                       : 2 GB



  • Operating system     : Windows XP/7.
  • Coding Language      :,
  • Tool                         : Visual Studio 2010
  • Database                  : SQL SERVER 2008



The RSA cryptosystem, in which the homogeneous linear recursion is used to construct the secret share and reconstruct the secret and RSA is used to verify the users’ access legitimacy.

NTRU decryption

Our improved NTRU cryptosystem consists of the original encryption and the proposed improved decryption algorithm

First, similar to the original NTRU, our improved NTRU is also based on the shortest vector problem (SVP) in a lattice.

Second, the improved decryption gets rid of the Gap failure and the Wrap failure to correctly recover the original message m without revealing any sensitive information as the decryptor computes the adjusting vectors and keeps them to itself, which implies that the improved decryption procedure is as secure as the original.



[1] M. A. Beyer and D. Laney, “The importance of big data: a definition,”Stamford, CT: Gartner, 2012.

[2] V. Marx, “Biology: The big challenges of big data,” Nature, vol. 498, no.7453, pp. 255–260, 2013.

[3] G. P. Consortium et al., “A map of human genome variation from population-scale sequencing,” Nature, vol. 467, no. 7319, pp. 1061–1073, 2010.

[4] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” Advances in Cryptology–EUROCRYPT 2005, pp. 457–473, 2005.

[5] C. Hu, F. Zhang, X. Cheng, X. Liao, and D. Chen, “Securing communications between external users and wireless body area networks,” in Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy. ACM, 2013, pp. 31–36.

[6] C. Hu, H. Li, Y. Huo, T. Xiang, and X. Liao, “Secure and efficient data communication protocol for wireless body area networks,” IEEE Transactions on Multi-Scale Computing Systems, vol. 2, no. 2, pp. 94–107, 2016.

[7] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM conference on Computer and communications security.ACM, 2006, pp. 89–98.

[8] B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization,” Public Key Cryptography– PKC 2011, pp. 53–70, 2011.

[9] C. Hu, N. Zhang, H. Li, X. Cheng, and X. Liao, “Body area network security: a fuzzy attribute-based signcryption scheme,” IEEE journal on selected areas in communications, vol. 31, no. 9, pp. 37–46, 2013.

[10] A. Lewko and B. Waters, “Decentralizing attribute-based encryption,” Advances in Cryptology–EUROCRYPT 2011, pp. 568–588, 2011.

Leave a comment