support for write privileges on outsourced data

Support for Write Privileges onOutsourced Data

Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia,Stefano Paraboschi, and Pierangela Samarati

27th IFIP TC 11 Information Security and Privacy ConferenceHeraklion, Greece, June 2012

Presentation by Mateus Cruz

Introduction Confidential Outsourcing Enforcing Write Authorizations Integrity Control Conclusion

OUTLINE

1 Introduction

2 Confidential Outsourcing

3 Enforcing Write Authorizations

4 Integrity Control

5 Conclusion


SCENARIO

Data outsourcingUntrusted serverEncrypt data before uploadingCurrent focus on read access control

1 / 14


PROPOSAL

Enforce write authorizationsI Key derivation tokensI HMAC functions

ContributionsI EfficiencyI Easy key management

Solution for filesI Not DBMS

2 / 14


OUTLINE

1 Introduction



4 Integrity Control

5 Conclusion


OVERVIEW

Honest-but-curious serverUse encryption to enforce access control

I Symmetric encryptionEncrypt each resource with a different key

I Keys given to users and access groupsI Key management overhead

3 / 14


TOKEN-BASED KEY DERIVATION

Each key ki has a public label liA token ti ,j derives kj from ki and lj

I Token ti,j = kj ⊕ h(ki , lj)– h is a deterministic cryptographic function

Tokens and labels available on serverReduces keys for each user to one

I But introduces a large token catalog

4 / 14


KEY DERIVATION GRAPH

Nodes correspond to keysEdges correspond to tokens

5 / 14


OUTLINE

1 Introduction



4 Integrity Control

5 Conclusion


MOTIVATION

Many users can read, few users can writeI ReadersI Writers

Cooperation with the serverI Only allow updates from authorized writersI But hide plaintext from the server

6 / 14


SOLUTION

Each resource has a write tagI Only write if a valid write tag is presented

Encrypt write tagI Key shared between writers and server

7 / 14


WRITE TAG

Defined by the data ownerEncrypted by the data owner

I Key distributed to writers and to the serverI Keys can be derived according to access graph

8 / 14


RESOURCE ENCRYPTION

Each resource has two access listsI Read access list (r [o])I Write access list (w [o])

Uploaded to the serverI Encrypted resource (ciphertext)I Label of resource encryption key

– Shared by readersI Write tagI Label of write tag encryption key

– Shared by writers and server

9 / 14


SYSTEM WORKFLOW

The data owner...1 Computes keys and tokens2 Defines readers and writers3 Sends ku to user u and KS to the server4 Encrypts data and upload with metadata5 Stores tokens 〈li , lj , ti,j〉 at the server

– Key with label lj can be derived from key with labelli using token ti,j

10 / 14


OUTLINE

1 Introduction



4 Integrity Control

5 Conclusion


DATA INTEGRITY

Can detectI Server lazinessI Server or user misbehaviorI Collusion between server and users

Use symmetric encryptionI HMAC functionsI Faster1 than asymmetric encryption

– Attribute-based signature

1About three orders of magnitude faster11 / 14


METADATA FOR INTEGRITY CONTROL

Timestamp (ts)I Encrypted with writers’ key (kw [o]∪{S})

User tag (u t)I HMAC(o||u t ′||ts, ku)

– o: resource– u t ′: previous user tag

Group tagI HMAC(o||ts, kw [o])

On every write, update user and group tags

12 / 14


INTEGRITY GUARANTEES

Unauthorized users can’t generate valid u tThe data owner can check the validity of u tWorks against...

I Collusion between the server and a userI Collusion between users

13 / 14


OUTLINE

1 Introduction



4 Integrity Control

5 Conclusion


SUMMARY

Support for read and write access controlI Enforced using cryptography

EfficiencyI Symmetric encryptionI HMAC functions

14 / 14

support for write privileges on outsourced data

Technology