enki: access control for encrypted query processing
TRANSCRIPT
ENKI: Access Control forEncrypted Query Processing
Isabelle Hang, Florian Kerchbaum, and Ernesto Damiani
ACM SIGMOD International Conference on Management of DataMelbourne, Victoria, Australia, May 2015
SWIM SeminarNovember 27, 2015
Mateus Cruz
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OVERVIEW
Query data encrypted using different keysAccess control enforced by encryptionSecure proxy re-encryption
I Non-transitive and non-symmetricSplit query execution
I Less computation on the client
37% performance overhead
1 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
REVIEW: CRYPTDBSQL queries over encrypted dataProxy controls accessLimitations
I Column-level as minimum granularityI Onions of encryption
– Decreasing security– Storage overhead
2 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ARCHITECTURE
Threat modelI Passive attackerI Attacks on clients are out of the scope
3 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ACCESS CONTROL MATRIXRows correspond to subjects (S = |n|)Columns correspond to objects (O)Values 1 represent granted rights
I Read, update or deleteNo support for different rights
I E.g.: Read-only
Example
User t1 t2 t3 t4 t5Alice 0 1 1 1 1Bob 1 1 0 1 0
4 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
QUALIFIED SET (QS i )Set of subjects with access to an object
I Column of an access control matrix
Never empty
Example
User t1 t2 t3 t4 t5Alice 0 1 1 1 1Bob 1 1 0 1 0
QSt4 = {1,1}So, Alice and Bobhave access to t4.
5 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
USER GROUPS (pi )
pi ∈ P∗(S)I P∗(S): power set of all subjects S (without ∅)
Examplep1 = {Alice} := Ap2 = {Bob} := Bp3 = {Alice,Bob} := AB
6 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
USER GROUP MAPPING
User group mappingI Assigns users to the groups they participate in
Example
User User Group
Alice AAlice ABBob BBob AB
7 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OBJECT SET (O(pi))Objects accessible by the same user groupO(pi) forms a partition over O
O(pi) = {o|o ∈ O ∧QSo = pi}
Example
User t1 t2 t3 t4 t5Alice 0 1 1 1 1Bob 1 1 0 1 0
p1 = {Alice}p2 = {Bob}p3 = {Alice,Bob}O(p1) = {t3, t5}O(p2) = {t1}O(p3) = {t2, t4}
8 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
VIRTUAL RELATIONRelation corresponding to one object setOne user group can access all of its tuplesVirtual relation mapping
Example
User Group Relation Virtual Relation
A R RAB R RBAB R RAB
9 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
VIRTUAL RELATIONRelation corresponding to one object setOne user group can access all of its tuplesVirtual relation mapping
Specified and maintainedby the data owner
Example
User Group Relation Virtual Relation
A R RAB R RBAB R RAB
9 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ENCRYPTION OF RELATIONS
The data owner splits RI Virtual relations: RA, RB, RABI Same schema as R
The data owner generates encryption keysI One key per groupI Distributed to group member
ExampleGenerate key r a for group A and encrypt RA:
κr a(Ra) = {κr a(t)|t ∈ RA}
10 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ENCRYPTION OF RELATIONS
The data owner splits RI Virtual relations: RA, RB, RABI Same schema as R
The data owner generates encryption keysI One key per groupI Distributed to group member
The number of keys for each userdepends on the number of groupsshe participates
ExampleGenerate key r a for group A and encrypt RA:
κr a(Ra) = {κr a(t)|t ∈ RA}
10 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
QUERY REWRITING
Queries over more than one virtual relationPerformed by the ENKI Query Adapter
11 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
REWRITING STRATEGIES
SelectionProjectionRenameCountSet unionCartesian product
12 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
REWRITING STRATEGIES
SelectionProjectionRenameCountSet unionCartesian product
12 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SELECTION: σαθβ(R)
Predicate θ (=, <,≤, >,≥)α, β (E.g.: attributes, constants)Encrypt αθβ for both virtual relations:
I κr a(α)θκr a(β) (for key r a)I κr ab(α)θκr ab(β) (for key r ab)
Example(σαθβ(R),Alice) = σκr a(α)θκr a(β)(κr a(RA))∧
σκr ab(α)θκr ab(β)(κr ab(RAB))= {κr a(t)|t ∈ RA ∧ κr a(α)θκr a(β)}∪{κr ab(t)|t ∈ RAB ∧ κr ab(α)θκr ab(β)}
13 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
CARTESIAN PRODUCT: R × S
Tuple from R: rTuple from S: s
Example(R × S,Alice) = {κr a(r)κs a(s)∨
κr a(r)κs ab(s)∨κr ab(r)κs a(s)∨κr ab(r)κs ab(s)|r ∈ (RA ∨ RAB) ∧ s ∈ (SA ∨ SAB)}
14 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OTHER OPERATIONS
Also support update, delete or insertSupport queries to modify the schema
I Must modify schemas of virtual relations
15 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
PROXY RE-ENCRYPTIONVirtual relations encrypted with different keys
I Cannot perform comparison– Count distinctf, equi-join, set difference
Proxy re-encryptionI Change keys without revealing plaintextsI Allow comparison
DefinitionProxy re-encryption of attribute Ai :χy(κz(Ai)) := {χy(κz(ti k))|ti k ∈ Ai for all k = 1, ..., j}
= {κy(ti k)|ti k ∈ Ai for all k = 1, ..., j}= κy(Ai)
16 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
PROPERTIES
Symmetryχb(κa(Ai)) = κb(Ai)↔ χa(κb(Ai)) = κa(Ai)
Transitivityχb(κa(Ai)) = κb(Ai) ∧ χc(κb(Ai)) = κc(Ai)→χc(κa(Ai)) = κc(Ai)
17 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
PROBLEM
ExampleAlice has key r a, Bob has key r b, both havekey r ab.
Suppose a comparison between RA and RAB.Proxy re-encryption of keys r a and r ab to r c:r a ∼ r c and r ab ∼ r c.
Symmetry and transitivity allow:r a ∼ r c ∼ r ab.So Bob can access Alice’s data.
18 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ALGORITHMS
Parameter generationKey generationEncryptionToken
I Input: Two keys ki and kjI Output: Token to proxy re-encrypt ki to kj :
T = Token(ki , kj)
Proxy re-encryptionI Input: Ciphertext C and token TI Output: Ciphertext C ′ = Pre(C,T )
19 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
TEMPORARY RE-ENCRYPTION
A ciphertext can be re-encrypted only oncePersisting re-encryption restricts usabilityTemporary re-encryption
I Base values: values initially encryptedI DetPre values: temporary re-encrypted valuesI Concatenate DetPre to BaseI Delete DetPre after the user logs out
20 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
EXECUTING EQUI-JOINS
Execute join on the virtual relationsI Encrypted with different keys
Re-encrypt with a shared keyI Also encrypt the join condition
Example(R ./Ai=Bi S,Alice) = {κc(r)κc(s)|
r ∈ (RA ∨ RAB)∧s ∈ (SA ∨ SAB)∧κc(ri)θκc(sj)}
21 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
EXECUTING AGGREGATE FUNCTIONS
Aggregate functions over virtual relationsI Encrypted with different keys
Proxy re-encryption could be usedI Depends on the encryption scheme used
ExampleFor SUM, the Paillier cryptosystem can be used.
Problem: Creation of a secure proxyre-encryption for the Paillier cryptosystem.Either hard to construct or expensive.
22 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
CLIENT-SERVER SPLIT EXECUTION
Compute partial results on the serverI Results for each virtual relation
Generate final result on the clientI Decrypt partial resultsI Compute FAgg for the final results
23 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SUPPORTED AGGREGATIONS
MaximumMinimumSumAverageSort
24 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SUPPORTED AGGREGATIONS
MaximumMinimumSumAverageSort
24 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
MAXIMUM
ExampleOn the server, compute:Res(RA) = Max(RA)Res(RAB) = Max(RAB)
On the client, compute:FMax = Max(Max(RA),Max(RAB))
25 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
ENVIRONMENT
SAP HANA databaseI Extended with UDFs
ServerI 8-core 2.6GHz 252GB RAM
ClientI 2-core 2.8GHz 16GB RAM
Proxy re-encryption implementationI C languageI pbc and gmp libraries
26 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
DATASETSTCP-C benchmarkIS-H: Healthcare managementLSM: Resources planningSFIN: Simplified finances for SAP ERP
Dataset # Tables # Columns
TCP-C 9 92IS-H 7 477LSM 25 173SFIN 9 741
27 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
MULTI USER MODE OVERHEAD
Overhead of multi user mode: 37%28 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
IMPACT OF QUERY REWRITING
29 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
IMPACT OF NUMBER OF USER GROUPS
30 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
IMPACT OF POST-PROCESSING
31 / 33
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
OUTLINE
1 Introduction
2 Access Control
3 Query Rewriting
4 Proxy Re-Encryption
5 Split Execution
6 Experiments
7 Summary
Introduction Access Control Query Rewriting Proxy Re-Encryption Split Execution Experiments Summary
SUMMARY
ENKII Query processing over encrypted data
ContributionI Access controlI Query rewriting strategiesI Secure proxy re-encryptionI Split execution
EvaluationI “Modest overhead” (40%)
32 / 33
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
EXTRA SLIDES
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PROJECTION: πβ(R)
Relation R′I R′(Ai(1), ...,Ai(k)) ⊆ R(A1, ...,An)
Attribute list βI β = (Ai(1), ...,Ai(k)) ⊆ (A1, ...,An)
Example(πβ(R),Alice) = πκr a(β)(κr a(RA))∪
πκr ab(β)(κr ab(RAB))= κr a(R′A) ∪ κr ab(R′AB)
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
RENAME: ρQ←Ai(R)
Rename ρ of an attribute Ai ∈ R to QEncrypt the new attribute name
I Use keys of virtual relations
Rename is not persisted
Example(ρQ←Ai(R),Alice) = ρκr a(Q)←κr a(Ai)(κr a(RA))∪
ρκr ab(Q)←κr ab(Ai)(κr ab(RAB))
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
COUNT: βγCount(Ai)(R)
Executed on server-sideCount attributes values of Ai
I Sum the partial results from virtual relations
Example(βγCount(Ai)(R),Alice) = κr a(β)γCount(κr a(Ai))(κr a(RA))+
κr ab(β)γCount(κr ab(Ai))(κr ab(RAB))
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SET UNION: R ∪ S
Union between two relations R and SI Same set of attributes
Example(R ∪ S,Alice) = {κr a(t)|t ∈ RA}∪
{κr ab(t)|t ∈ RAB}∪{κs a(t)|t ∈ SA}∪{κs ab(t)|t ∈ SAB}
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ALGORITHMS
Parameter generationKey generationEncryptionTokenProxy re-encryption
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PARAMETER GENERATION
Receives a security parameter λGenerate a prime number pGenerate two groups G1,G2 of order pGenerate a map e : G1 ×G1 → G2
Choose a random generator G ∈ G1
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
KEY GENERATION
Choose a random ki ∈ Zp
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ENCRYPTION
Receives a plaintext m with key kiGenerates a ciphertext
I C = Gmki ∈ G1
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
TOKEN
Receive two keys ki and kj
Generate a token T for proxy re-encryptionI T = G
kjki ∈ G1
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PROXY RE-ENCRYPTION
Receives a ciphertext C encrypted with ki
Generate ciphertext C ′ encrypted with kj
C ′ = e(C,T )
= e(Gmki ,Gkjki )
= e(G,G)mki
kjki
= e(G,G)mkj
= gmkj ∈ G2
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
EXECUTING COUNT DISTINCT
Adjust keys of virtual relationsI Re-encrypt to a common key
Example(βγCountDistinct(Ai)(R),Alice) =κc(β)γCountDistinct(κc(Ai))(κc(RA) ∪ κc(RAB))
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
EXECUTING SET DIFFERENCE
Adjust keys of virtual relationsI Re-encrypt to a common key
Example(R \ S,Alice) = {κc(t)|
t ∈ (RA ∨ RAB)∧t /∈ (SA ∨ SAB)}
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SUM
ExampleOn the server, compute:Res(RA) = Sum(RA)Res(RAB) = Sum(RAB)
On the client, compute:FSum = Sum(Sum(RA),Sum(RAB))
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
AVERAGE
Replaced by the functions sum and count
ExampleOn the server, compute:Res(RA) = {Sum(RA),Count(RA)}Res(RAB) = {Sum(RAB),Count(RAB)}
On the client, compute:FAvg = Sum(RA)+Sum(RAB)
Count(RA)+Count(RAB)
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SORT
ExampleOn the server, compute:Res(RA) = Sort(RA)Res(RAB) = Sort(RAB)
On the client, compute:FSort = Merge sorted lists(Sort(RA),Sort(RAB))
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SYSTEM SETUP
The data ownerI Handles n usersI Defines the user group mappingI Defines the virtual relation mapping
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
QUERY EXECUTION STEPS
1 Look up2 Proxy Re-encryption3 Query encryption4 Query rewriting5 Server-side execution6 Client-side execution
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
LOOK UP
Checks the user group mappingI Groups the query issuer belongs to
Checks virtual relation mappingI Virtual relations used to answer the query
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
PROXY RE-ENCRYPTIONQueries containing
I Equi-joinI Set differenceI Count distinct
Adjust keys of virtual relationsI Temporary re-encryption to shared key
Example(R ./Ai=Bi S,Alice) = {κc(r)κc(s)|
r ∈ (RA ∨ RAB)∧s ∈ (SA ∨ SAB)∧κc(ri)θκc(sj)}
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
QUERY ENCRYPTION
Encrypt attributes used in the queryI Attributes accessible by the issuer
Example(σαθβ(R),Alice) = σκr a(α)θκr a(β)(κr a(RA))∧
σκr ab(α)θκr ab(β)(κr ab(RAB))= {κr a(t)|t ∈ RA ∧ κr a(α)θκr a(β)}∪{κr ab(t)|t ∈ RAB ∧ κr ab(α)θκr ab(β)}
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
QUERY REWRITING
Modifies queryI Executed over virtual relations
Returns a query sQI Executed on the server
Can return am additional query cQI Executed on the client
ExamplesQ : Sum(RA),Count(RA),Sum(RAB),Count(RAB)
cQ : FAvg = Sum(RA)+Sum(RAB)Count(RA)+Count(RAB)
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
SERVER-SIDE EXECUTION
Executes the encrypted query sQReturns encrypted results to the clientIf necessary, also returns cQ
ExampleRes(RA) = {Sum(RA),Count(RA)}Res(RAB) = {Sum(RAB),Count(RAB)}
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
CLIENT-SIDE EXECUTION
Receives the encrypted resultsDecryptExecute cQ if it exists
ExampleFAvg = Sum(RA)+Sum(RAB)
Count(RA)+Count(RAB)
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
DYNAMIC ACCESS CONTROL POLICIES
Objects are encrypted with different keysBusy user groups
I User groups associated with objectsI Non-empty object set
Access policies might changeI Granting or revoking rightsI Changes busy user groups
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
USER HIERARCHY
User Hierarchy (U)Given a set of users S = {s1, ..., sn}, a userhierarchy U is a pair (P∗(S),≺) where P∗(S) isthe powerset without the empty set of S and ≺is a partial order such that for all sets of userspi ,pj ∈ P∗(S),pi ≺ pj if pj ⊆ pi for all i , j ={1, ...,2n−1}.
User dynamics change the hierarchyI Adding or deleting users
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ADDING USER sn+1
Case 1I The original busy group porig
i becomes not busyI The new group (pnew
i ∪ sn+1) is busyCase 2
I The original busy group porigi stays busy
I The new group (pnewi ∪ sn+1) is also busy
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ADDING USER sn+1: CASE 1
The busy group porigi becomes non busy
The new group (pnewi ∪ sn+1) is busy
SolutionI Add the user to the object setI Share the group key with user sn+1
O(porigi ) = O(porig
i ∪ sn+1)
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
ADDING USER sn+1: CASE 2
The busy group porigi stays busy
The new group (pnewi ∪ sn+1) is also busy
SolutionI sn+1 has access to a subset of objects of porig
iI Re-encrypt O(porig
i ∪ sn+1) with a new key
O(porigi ) = O(pnew
i ) ∪O(porigi ∪ sn+1)
O(pnewi ) ∩O(porig
i ∪ sn+1) = ∅
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING RIGHTS OF USER sn
Case 1I A user sn is revoked from all rights
Case 2I A user sn is revoked from a user group
Case 3I A user sn is revoked from certain objects
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING USER sn: CASE 1
A user sn is revoked from all rightsI The hierarchy changes
SolutionI The busy group porig
i ∪ sn is deletedI Objects from porig
i ∪ sn are accessible by porigi
I Re-encrypt O(porigi ∪ sn) using the key of porig
i
O(pnewi ) = O(porig
i ) ∪O(porigi )
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING USER sn: CASE 2
A user sn is revoked from a user groupI Does not change the hierarchyI Changes busy user groups
SolutionI Busy user group porig
i ∪ sn becomes non busyI Re-encrypt O(porig
i ∪ sn) using the key of porigi
O(pnewi ) = O(porig
i ∪ sn) ∪O(porigi )
Rewriting Strategies Proxy Re-Encryption Split Execution System Execution Flow Key Management
REVOKING USER sn: CASE 3
A user sn is revoked from certain objectsSolution
I Busy group porigi ∪ sn is split into two
– pnewi ∪ sn and pnew
i
I Re-encrypt O(pnewi ) using the key of porig
i
O(porigi ∪ sn) = O(pnew
i ∪ sn) ∪O(pnewi )
O(pnewi ∪ sn) ∩O(pnew
i ) 6= ∅