an efficient and secured storage delegated access control to maintain confidentiality of data
TRANSCRIPT
An Efficient and Secured Storage Delegated Access Control to Maintain confidentiality of Data
ABSTRACT• Current approaches to enforce fine-grained access control on confidential
data hosted in the cloud are based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data. Data owners thus incur high communication and computation costs.
• A better approach should delegate the enforcement of fine-grained access. We propose an approach, based on two layers of encryption, that addresses such requirement. In our approach, the data owner performs a coarse-grained encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted data.
• A challenging issue is how to decompose access control policies (ACPs) such that the two layer encryption can be performed.
2
Outline •Introduction •Group Key Management (GKM) –Attribute Based Systems and GKM Requirements –Broadcast GKM (BGKM) –Attribute-Based GKM (AB-GKM) •Privacy Preserving –SLE (Single Layer Encryption) Approach –TLE (Two Layer Encryption) Approach
Before Data outsourcing
Data
Bob
Alice
Tim
Organization
In cloud computing Era
Data
CloudOrganization
Bob
Alice
Tim
In cloud computing Era
Data
CloudOrganization
Bob
Alice
Tim
Encrupted & upload
Download & decrypt
How to control Access ? Different users have access to different documents. Bob is a Doctor and has access to medical report .Alice is a Nurse & has access to clinical records.
MR2MR1
MR3 MR4
MR5
CR1
CR3
CR2
CR4Alice
Key2
Key1
Bob
What cryptosystem to use ? Public key cryptosystem (PKC)— public key infrastructure(PKI)—Attribute based encryption (ABE)
symmetric key cryptosystem—Group key management (GKM)
Traditional PKI
PubA (CR1)
PubB (MR1)
PubT (MR1)
PubA(CR1)
PubB(MR1)
PubA(CR1)
PubT(MR1)
PubB (MR1)
PubT (MR1)
organizationcloud
Bob
(Doctor)
Alice
(Nurse)
Tim
(Doctor)
PubB/PriB
PubA/PriA
PubT/Pri T
Attribute Based Encryption (ABE)
Nurse (CR1)
Doctor(MR1)
Nurse(CR1)
Doctor(MR1)
Nurse(CR1)
Doctor(MR1)
Doctor(MR1)
organizationcloud
Bob
(Doctor)
Alice
(Nurse)
Tim
(Doctor)
Pri B
Pri A
Pri T
Attribute Based system
User Attribute
Level=senior
Role=DoctorAge=51
Role=Nurse
Level =senior
Role=Doctor
Level=junior
Bob Alice Tim
٭ ٭
Broadcast GKM
GC Public info +
S1
S2
S3
Instead of giving keys ,give some secrets to derive the key using public
info.
Contains the policy
How BGKM works
GC S1
S3
S2
Bob
Tim
Alice
K
PIEk(Data)
S1
S3
DATA
(3)Upload encrypted data& PI
(2)Using secrets genrate symmetric key & public info PI
(1)Issue secrets
PI
(4)Download encrypted data & PI
K
Derive key using PI
Derive key using PI
Attribute Based GKM(AB-GKM)
OR AND
Level >= seniorRole=Doctor Level>=senior
Role=Nurse
Level =senior
Role=DoctorAge =51 Level=senior
Role=Nurse
Level=junior
Role=Doctor
s4
s1
s5
s3
s1
s4
s2
x
Single layer encryption
User IdP
Owner
User
Cloud
(3) Selectively encrypt & upload
(1) Register identity tokens
(5) Download to re-encrypt
(2) Secrets
(4) Download & decrypt
(1)Identity attribute
(2) Identity token
Privacy Preserving of Id. Attributes
16
Server
“I am a doctor”
“Here’s a secret”
Tim
•Registration:
Privacy Preserving of Id. Attributes
Server
“I am a doctor”
“Here’s a secret” Tim
•Privacy Preserving Registration*:
Commitment
Envelope
Unconditionally hiding and computationally binding
An encrypted message
*OCBE – Oblivious Commitment Based Envelope
Extending the SLE Approach • In the SLE approach 1.The Owner has to manage all the identity attributes
and perform the fine grained encryption
2.If the user credentials or access control policies change, the owner has to download, decrypt, rekey, re-encrypt and upload .
Can we reduced the load at Owner? •How can we delegate the access control enforcement
to the cloud? –Use two layer encryption •A naïve approach –The owner encrypts each data item according to the
ACPs –The Cloud re-encrypts according to the ACPs again
Two Layer Dynamic Encryption
Owner
User
cloud
user IdP
(1) Identity Attribute
(2) Identity Token
(5) Re-encrypt to enforce policies
(1) Decompose policies
(4) coarse-grained enc. & upload docs & modified policies
(2) Register identity token
(2) Register identity token
(3) Secre
ts (3) Secrets
(6) Download & Decrypt twice
Two Layer Encryption •In order to reduce the load at the Owner, the ACPs
should be decomposed to two such that –The owner performs a coarse-grained encryption –The cloud performs a fine-grained encryption •At the same time –The confidentiality of the data should be assured –The two layers together should enforce the ACP •ACP = ACP1 ˄ ACP2
DATACloud
Owner
Policy Decomposition Problem •In order to minimize the load at the Owner –The Owner should manage only the minimum of
number of attributes •Policy Cover Problem: Find the minimum number of
attribute conditions in ACPs that assures the confidentiality from the Cloud.
A Simplified Example ACP1 = (“role = doc” ˅ (“role = nur” ˄ “type >= junior”), CI) ACP2 = (“role = doc” ˄ “yos >= 5”, BI) ACP3 = (“role = doc” ˄ “ip = 2-out-4”, CR) ACP4 = (role = nur” ˄ “type = senior”, TR)
Minimal ACC = {“role = doc”, “role = nur” }
ACP11 = (“role = doc” ˅ “role = nur”, CI)
ACP21 = ACP31 = (“role = doc”, BI, CR) ACP41 = (role = nur”, TR)
ACP12 = (“role = doc” ˅ “type >= junior”, CI) ACP22 = (“yos >= 5”, BI) ACP32 = (“ip = 2-out-4”, CR) ACP42 = (“type = senior”, TR)
type > = junior
type = senior
role = doc
role =
nur
ip = 2-out-4
yos >= 5
All ACPs
Decomposed ACPs
Policy Cover
Owner enforced sub ACPs
Cloud enforced sub ACPs
Policy Graph
1
4
2
3
CONCLUSIONS• Current approaches to enforce ACPs on outsourced data using selective
encryption require organizations to manage all keys and encryptions and upload the encrypted data to the remote storage. Such approaches incur high communication and computation cost to manage keys and encryptions.
• In this paper, we proposed a two layer encryption based approach to solve this problem by delegating as much of the access control enforcement responsibilities as possible to the Cloud while minimizing the information risks due to colluding Usrs and Cloud.
• We showed how decomposition of ACPs are handle a minimum number of attribute conditions.
24
THANK Q
