Fine-Grained Access Control (FGAC) in the Cloud

Robert Barton

Access Control Quick Review

 Fine-grained  Why should I care?

 Why is access control necessary?

Clouds

 Shift to corporate data storage by third parties  More cost effective  Poses problems with data security

Issues with Cloud Storage

 Data Security  User Revocation  Scalability

Data Security

 It is necessary to keep the data private from the third party  There is no clear solution to scalable FGAC but there are many good systems to start from

Data Security: Key Policy Attribute-Based Encryption  Users given secret keys based on sets of attributes  Includes one dummy attribute that every file is encrypted with and every user has but cloud does not know about  Files encrypted using the keys of the attributes such that a user that has all the attributes will be able to decrypt the file  Easy to deal with user revocation  Easy for the cloud server to learn about users

Data Security:

Hierarchical Identity-Based Encryption  Each user has a public key and secret key  Secret key is made to decrypt any file encrypted using its paired public key along with all the public keys of the user’s ancestors  Easy for third parties to learn about file security levels

Cloud Knowledge

 It’s safe to assume that the cloud will try to get as much knowledge about the data it’s storing  One proposed solution: chunks    Each data owner has their own chunk that contains all their files on the cloud Cloud doesn’t know individual file access policies If a user satisfies one of the access policies of the chunk he downloads the whole chunk

Data Chunks

   Each data owner has their own chunk that contains all their files on the cloud Cloud doesn’t know individual file access policies If a user satisfies one of the access policies of the chunk he downloads the whole chunk

User Revocation

 Each file the user had access to needs to be re-encrypted  Severe computational overhead on the data owner  Two good solutions:  Two-Layered Encryption  Proxy Re-Encryption  These systems have the larger resources of the cloud server do all the work  The only work done by the data owner is the updated key delegation

User Revocation: Two-Layered Encryption

 Data owner encrypts data then has the cloud encrypt a second time  When a user is removed the data owner has the cloud server decrypt the second layer then re-encrypt with a different encryption

User Revocation: Proxy Re-Encryption

 This method has the third party re-encrypt the already encrypted data to create a new encryption  The third party doesn’t get to see that data decrypted so it never learns anything

Lazy Re-Encryption

 Files are not re-encrypted until a user wants access  Spreads out the re-encryption over time to speed up access with the third party

Conclusion

 There is no perfect or correct solution to these problems  It is a continuing academic and industry research area