Enforcing dynamic write privileges in data outsourcing

Users and companies are more and more resorting to external providers for storing their data and making them available to others. Since data sharing is typically selective (i.e., accesses to certain data should be allowed only to authorized users), there is the problem of enforcing authorizations on the outsourced data. Recently proposed approaches based on selective encryption provide convenient enforcement of read privileges, but are not directly applicable for supporting write privileges. In this paper, we extend selective encryption approaches to the support of write privileges. Our proposal enriches the approach based on key derivation of existing solutions and complements it with a hash-based approach for supporting write privileges. Enforcement of write privileges and of possible policy updates relies on the - controlled - cooperation of the external provider. Our solution also allows the data owner and the users to verify the integrity of the outsourced data.

[1]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[2]  Sushmita Ruj,et al.  Privacy Preserving Access Control with Authentication for Securing Data in Clouds , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[3]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[4]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[5]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[6]  Philip S. Yu,et al.  Dual encryption for query integrity assurance , 2008, CIKM '08.

[7]  Sushil Jajodia,et al.  Private data indexes for selective access to outsourced data , 2011, WPES '11.

[8]  Kouichi Sakurai,et al.  Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems , 2011, ISPEC.

[9]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[10]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[11]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[12]  Steven M. Bellovin,et al.  Privacy Enhanced Access Control for Outsourced Data Sharing , 2012, Financial Cryptography.

[13]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[14]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[15]  Sushil Jajodia,et al.  Enforcing Subscription-Based Authorization Policies in Cloud Scenarios , 2012, DBSec.

[16]  Radu Sion,et al.  Query Execution Assurance for Outsourced Databases , 2005, VLDB.

[17]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[18]  Vincenzo Piuri,et al.  Fault Tolerance Management in Cloud Computing: A System-Level Perspective , 2013, IEEE Systems Journal.

[19]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[20]  Vincenzo Piuri,et al.  Supporting Security Requirements for Resource Management in Cloud Computing , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[21]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[22]  Giuseppe Di Battista,et al.  Authenticated Relational Tables and Authenticated Skip Lists , 2007, DBSec.

[23]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[24]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[25]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[26]  Sushil Jajodia,et al.  Encryption-Based Policy Enforcement for Cloud Storage , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[27]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[28]  Sushil Jajodia,et al.  Support for Write Privileges on Outsourced Data , 2012, SEC.

[29]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.