an efficient and secured storage delegated access control to maintain confidentiality of data

An Efficient and Secured Storage Delegated Access Control to Maintain confidentiality of Data

ABSTRACT• Current approaches to enforce fine-grained access control on confidential

data hosted in the cloud are based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data. Data owners thus incur high communication and computation costs.

• A better approach should delegate the enforcement of fine-grained access. We propose an approach, based on two layers of encryption, that addresses such requirement. In our approach, the data owner performs a coarse-grained encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted data.

• A challenging issue is how to decompose access control policies (ACPs) such that the two layer encryption can be performed.

2

Outline •Introduction •Group Key Management (GKM) –Attribute Based Systems and GKM Requirements –Broadcast GKM (BGKM) –Attribute-Based GKM (AB-GKM) •Privacy Preserving –SLE (Single Layer Encryption) Approach –TLE (Two Layer Encryption) Approach

Before Data outsourcing

Data

Bob

Alice

Tim

Organization

In cloud computing Era

Data

CloudOrganization

Bob

Alice

Tim

In cloud computing Era

Data

CloudOrganization

Bob

Alice

Tim

Encrupted & upload

Download & decrypt

How to control Access ? Different users have access to different documents. Bob is a Doctor and has access to medical report .Alice is a Nurse & has access to clinical records.

MR2MR1

MR3 MR4

MR5

CR1

CR3

CR2

CR4Alice

Key2

Key1

Bob

What cryptosystem to use ? Public key cryptosystem (PKC)— public key infrastructure(PKI)—Attribute based encryption (ABE)

symmetric key cryptosystem—Group key management (GKM)

Traditional PKI

PubA (CR1)

PubB (MR1)

PubT (MR1)

PubA(CR1)

PubB(MR1)

PubA(CR1)

PubT(MR1)

PubB (MR1)

PubT (MR1)

organizationcloud

Bob

(Doctor)

Alice

(Nurse)

Tim

(Doctor)

PubB/PriB

PubA/PriA

PubT/Pri T

Attribute Based Encryption (ABE)

Nurse (CR1)

Doctor(MR1)

Nurse(CR1)

Doctor(MR1)

Nurse(CR1)

Doctor(MR1)

Doctor(MR1)

organizationcloud

Bob

(Doctor)

Alice

(Nurse)

Tim

(Doctor)

Pri B

Pri A

Pri T

Attribute Based system

User Attribute

Level=senior

Role=DoctorAge=51

Role=Nurse

Level =senior

Role=Doctor

Level=junior

Bob Alice Tim

٭ ٭

Broadcast GKM

GC Public info +

S1

S2

S3

Instead of giving keys ,give some secrets to derive the key using public

info.

Contains the policy

How BGKM works

GC S1

S3

S2

Bob

Tim

Alice

K

PIEk(Data)

S1

S3

DATA

(3)Upload encrypted data& PI

(2)Using secrets genrate symmetric key & public info PI

(1)Issue secrets

PI

(4)Download encrypted data & PI

K

Derive key using PI

Derive key using PI

Attribute Based GKM(AB-GKM)

OR AND

Level >= seniorRole=Doctor Level>=senior

Role=Nurse

Level =senior

Role=DoctorAge =51 Level=senior

Role=Nurse

Level=junior

Role=Doctor

s4

s1

s5

s3

s1

s4

s2

x

Single layer encryption

User IdP

Owner

User

Cloud

(3) Selectively encrypt & upload

(1) Register identity tokens

(5) Download to re-encrypt

(2) Secrets

(4) Download & decrypt

(1)Identity attribute

(2) Identity token

Privacy Preserving of Id. Attributes

16

Server

“I am a doctor”

“Here’s a secret”

Tim

•Registration:

Privacy Preserving of Id. Attributes

Server

“I am a doctor”

“Here’s a secret” Tim

•Privacy Preserving Registration*:

Commitment

Envelope

Unconditionally hiding and computationally binding

An encrypted message

*OCBE – Oblivious Commitment Based Envelope

Extending the SLE Approach • In the SLE approach 1.The Owner has to manage all the identity attributes

and perform the fine grained encryption

2.If the user credentials or access control policies change, the owner has to download, decrypt, rekey, re-encrypt and upload .

Can we reduced the load at Owner? •How can we delegate the access control enforcement

to the cloud? –Use two layer encryption •A naïve approach –The owner encrypts each data item according to the

ACPs –The Cloud re-encrypts according to the ACPs again

Two Layer Dynamic Encryption

Owner

User

cloud

user IdP

(1) Identity Attribute

(2) Identity Token

(5) Re-encrypt to enforce policies

(1) Decompose policies

(4) coarse-grained enc. & upload docs & modified policies

(2) Register identity token

(2) Register identity token

(3) Secre

ts (3) Secrets

(6) Download & Decrypt twice

Two Layer Encryption •In order to reduce the load at the Owner, the ACPs

should be decomposed to two such that –The owner performs a coarse-grained encryption –The cloud performs a fine-grained encryption •At the same time –The confidentiality of the data should be assured –The two layers together should enforce the ACP •ACP = ACP1 ˄ ACP2

DATACloud

Owner

Policy Decomposition Problem •In order to minimize the load at the Owner –The Owner should manage only the minimum of

number of attributes •Policy Cover Problem: Find the minimum number of

attribute conditions in ACPs that assures the confidentiality from the Cloud.

A Simplified Example ACP1 = (“role = doc” ˅ (“role = nur” ˄ “type >= junior”), CI) ACP2 = (“role = doc” ˄ “yos >= 5”, BI) ACP3 = (“role = doc” ˄ “ip = 2-out-4”, CR) ACP4 = (role = nur” ˄ “type = senior”, TR)

Minimal ACC = {“role = doc”, “role = nur” }

ACP11 = (“role = doc” ˅ “role = nur”, CI)

ACP21 = ACP31 = (“role = doc”, BI, CR) ACP41 = (role = nur”, TR)

ACP12 = (“role = doc” ˅ “type >= junior”, CI) ACP22 = (“yos >= 5”, BI) ACP32 = (“ip = 2-out-4”, CR) ACP42 = (“type = senior”, TR)

type > = junior

type = senior

role = doc

role =

nur

ip = 2-out-4

yos >= 5

All ACPs

Decomposed ACPs

Policy Cover

Owner enforced sub ACPs

Cloud enforced sub ACPs

Policy Graph

1

4

2

3

CONCLUSIONS• Current approaches to enforce ACPs on outsourced data using selective

encryption require organizations to manage all keys and encryptions and upload the encrypted data to the remote storage. Such approaches incur high communication and computation cost to manage keys and encryptions.

• In this paper, we proposed a two layer encryption based approach to solve this problem by delegating as much of the access control enforcement responsibilities as possible to the Cloud while minimizing the information risks due to colluding Usrs and Cloud.

• We showed how decomposition of ACPs are handle a minimum number of attribute conditions.

24

THANK Q