Privacy Enhanced Access Control by Means of Policy Blinding

Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive information, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Joan Feigenbaum,et al.  Privacy Engineering for Digital Rights Management Systems , 2001, Digital Rights Management Workshop.

[3]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[4]  Pil Joong Lee,et al.  Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System , 2007, Pairing.

[5]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[6]  W. Jonker,et al.  Digital rights management in consumer electronics products , 2004, IEEE Signal Processing Magazine.

[7]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008, DBSec.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2006, IEEE Trans. Dependable Secur. Comput..

[10]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[11]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[12]  Elaine Shi,et al.  Delegating Capabilities in Predicate Encryption Systems , 2008, ICALP.

[13]  Robert H. Deng,et al.  Multiuser private queries over encrypted databases , 2009, Int. J. Appl. Cryptogr..

[14]  Radu Sion,et al.  Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy , 2005, IACR Cryptol. ePrint Arch..

[15]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[16]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[17]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[18]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[19]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[20]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[21]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[22]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[23]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[24]  Vincenzo Iovino,et al.  Hidden-Vector Encryption with Groups of Prime Order , 2008, Pairing.

[25]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[26]  Elaine Shi,et al.  Predicate Privacy in Encryption Systems , 2009, IACR Cryptol. ePrint Arch..