1 / 14

Fine-Grained Access Control (FGAC) in the Cloud

Fine-Grained Access Control (FGAC) in the Cloud. Robert Barton. Access Control Quick Review. Fine-grained Why should I care? Why is access control necessary?. Clouds. Shift to corporate data storage by third parties More cost effective Poses problems with data security.

alma
Télécharger la présentation

Fine-Grained Access Control (FGAC) in the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fine-Grained Access Control (FGAC) in the Cloud Robert Barton

  2. Access Control Quick Review • Fine-grained • Why should I care? • Why is access control necessary?

  3. Clouds • Shift to corporate data storage by third parties • More cost effective • Poses problems with data security

  4. Issues with Cloud Storage • Data Security • User Revocation • Scalability

  5. Data Security • It is necessary to keep the data private from the third party • There is no clear solution to scalable FGAC but there are many good systems to start from

  6. Data Security:Key Policy Attribute-Based Encryption • Users given secret keys based on sets of attributes • Includes one dummy attribute that every file is encrypted with and every user has but cloud does not know about • Files encrypted using the keys of the attributes such that a user that has all the attributes will be able to decrypt the file • Easy to deal with user revocation • Easy for the cloud server to learn about users

  7. Data Security:Hierarchical Identity-Based Encryption • Each user has a public key and secret key • Secret key is made to decrypt any file encrypted using its paired public key along with all the public keys of the user’s ancestors • Easy for third parties to learn about file security levels

  8. Cloud Knowledge • It’s safe to assume that the cloud will try to get as much knowledge about the data it’s storing • One proposed solution: chunks • Each data owner has their own chunk that contains all their files on the cloud • Cloud doesn’t know individual file access policies • If a user satisfies one of the access policies of the chunk he downloads the whole chunk

  9. Data Chunks • Each data owner has their own chunk that contains all their files on the cloud • Cloud doesn’t know individual file access policies • If a user satisfies one of the access policies of the chunk he downloads the whole chunk

  10. User Revocation • Each file the user had access to needs to be re-encrypted • Severe computational overhead on the data owner • Two good solutions: • Two-Layered Encryption • Proxy Re-Encryption • These systems have the larger resources of the cloud server do all the work • The only work done by the data owner is the updated key delegation

  11. User Revocation:Two-Layered Encryption • Data owner encrypts data then has the cloud encrypt a second time • When a user is removed the data owner has the cloud server decrypt the second layer then re-encrypt with a different encryption

  12. User Revocation:Proxy Re-Encryption • This method has the third party re-encrypt the already encrypted data to create a new encryption • The third party doesn’t get to see that data decrypted so it never learns anything

  13. Lazy Re-Encryption • Files are not re-encrypted until a user wants access • Spreads out the re-encryption over time to speed up access with the third party

  14. Conclusion • There is no perfect or correct solution to these problems • It is a continuing academic and industry research area

More Related