support for write privileges on outsourced data
TRANSCRIPT
Support for Write Privileges onOutsourced Data
Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia,Stefano Paraboschi, and Pierangela Samarati
27th IFIP TC 11 Information Security and Privacy ConferenceHeraklion, Greece, June 2012
Presentation by Mateus Cruz
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OUTLINE
1 Introduction
2 Confidential Outsourcing
3 Enforcing Write Authorizations
4 Integrity Control
5 Conclusion
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OUTLINE
1 Introduction
2 Confidential Outsourcing
3 Enforcing Write Authorizations
4 Integrity Control
5 Conclusion
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
SCENARIO
Data outsourcingUntrusted serverEncrypt data before uploadingCurrent focus on read access control
1 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
PROPOSAL
Enforce write authorizationsI Key derivation tokensI HMAC functions
ContributionsI EfficiencyI Easy key management
Solution for filesI Not DBMS
2 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OUTLINE
1 Introduction
2 Confidential Outsourcing
3 Enforcing Write Authorizations
4 Integrity Control
5 Conclusion
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OVERVIEW
Honest-but-curious serverUse encryption to enforce access control
I Symmetric encryptionEncrypt each resource with a different key
I Keys given to users and access groupsI Key management overhead
3 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
TOKEN-BASED KEY DERIVATION
Each key ki has a public label liA token ti ,j derives kj from ki and lj
I Token ti,j = kj ⊕ h(ki , lj)– h is a deterministic cryptographic function
Tokens and labels available on serverReduces keys for each user to one
I But introduces a large token catalog
4 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
KEY DERIVATION GRAPH
Nodes correspond to keysEdges correspond to tokens
5 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OUTLINE
1 Introduction
2 Confidential Outsourcing
3 Enforcing Write Authorizations
4 Integrity Control
5 Conclusion
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
MOTIVATION
Many users can read, few users can writeI ReadersI Writers
Cooperation with the serverI Only allow updates from authorized writersI But hide plaintext from the server
6 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
SOLUTION
Each resource has a write tagI Only write if a valid write tag is presented
Encrypt write tagI Key shared between writers and server
7 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
WRITE TAG
Defined by the data ownerEncrypted by the data owner
I Key distributed to writers and to the serverI Keys can be derived according to access graph
8 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
RESOURCE ENCRYPTION
Each resource has two access listsI Read access list (r [o])I Write access list (w [o])
Uploaded to the serverI Encrypted resource (ciphertext)I Label of resource encryption key
– Shared by readersI Write tagI Label of write tag encryption key
– Shared by writers and server
9 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
SYSTEM WORKFLOW
The data owner...1 Computes keys and tokens2 Defines readers and writers3 Sends ku to user u and KS to the server4 Encrypts data and upload with metadata5 Stores tokens 〈li , lj , ti,j〉 at the server
– Key with label lj can be derived from key with labelli using token ti,j
10 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OUTLINE
1 Introduction
2 Confidential Outsourcing
3 Enforcing Write Authorizations
4 Integrity Control
5 Conclusion
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
DATA INTEGRITY
Can detectI Server lazinessI Server or user misbehaviorI Collusion between server and users
Use symmetric encryptionI HMAC functionsI Faster1 than asymmetric encryption
– Attribute-based signature
1About three orders of magnitude faster11 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
METADATA FOR INTEGRITY CONTROL
Timestamp (ts)I Encrypted with writers’ key (kw [o]∪{S})
User tag (u t)I HMAC(o||u t ′||ts, ku)
– o: resource– u t ′: previous user tag
Group tagI HMAC(o||ts, kw [o])
On every write, update user and group tags
12 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
INTEGRITY GUARANTEES
Unauthorized users can’t generate valid u tThe data owner can check the validity of u tWorks against...
I Collusion between the server and a userI Collusion between users
13 / 14
Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion
OUTLINE
1 Introduction
2 Confidential Outsourcing
3 Enforcing Write Authorizations
4 Integrity Control
5 Conclusion