Secure and efficient access to outsourced data

Providing secure and efficient access to large scale outsourced data is an important component of cloud computing. In this paper, we propose a mechanism to solve this problem in owner-write-users-read applications. We propose to encrypt every data block with a different key so that flexible cryptography-based access control can be achieved. Through the adoption of key derivation methods, the owner needs to maintain only a few secrets. Analysis shows that the key derivation procedure using hash functions will introduce very limited computation overhead. We propose to use over-encryption and/or lazy revocation to prevent revoked users from getting access to updated data blocks. We design mechanisms to handle both updates to outsourced data and changes in user access rights. We investigate the overhead and safety of the proposed approach, and study mechanisms to improve data access efficiency.

[1]  Michael T. Goodrich,et al.  Athos: Efficient Authentication of Outsourced File Systems , 2008, ISC.

[2]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[3]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[4]  Sheng Zhong,et al.  A practical key management scheme for access control in a user hierarchy , 2002, Comput. Secur..

[5]  Ling Liu,et al.  Sharoes: A Data Sharing Platform for Outsourced Enterprise Storage Environments , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[6]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[7]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[8]  Sushil Jajodia,et al.  Key management for multi-user encrypted databases , 2005, StorageSS '05.

[9]  Sushil Jajodia,et al.  An Experimental Evaluation of Multi-Key Strategies for Data Outsourcing , 2007, SEC.

[10]  Rossana M. de Castro Andrade,et al.  PEARL: A PErformance evaluAtor of cRyptographic aLgorithms for Mobile Devices , 2004, MATA.

[11]  Hiroshi Sakamoto Data grid deployment for high energy physics in Japan , 2007, Comput. Phys. Commun..

[12]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[13]  Arif Merchant,et al.  Minerva: An automated resource provisioning tool for large-scale storage systems , 2001, TOCS.

[14]  Yongdae Kim,et al.  Securing distributed storage: challenges, techniques, and systems , 2005, StorageSS '05.

[15]  Guanrong Chen,et al.  A multiple pseudorandom-bit generator based on a spatiotemporal chaotic map , 2006 .

[16]  Sushil Jajodia,et al.  A data outsourcing architecture combining cryptography and access control , 2007, CSAW '07.

[17]  Hung-Yu Chien,et al.  New hierarchical assignment without Public Key cryptography , 2003, Comput. Secur..

[18]  E. Miller,et al.  Strong security for distributed file systems , 2001, Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference (Cat. No.01CH37210).

[19]  Eli Biham,et al.  NESSIE D21 - Performance of Optimized Implementations of the NESSIE Primitives , 2003 .

[20]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[21]  Yang Liu,et al.  An Efficient Implementation of a Drug Candidate Database , 2003, J. Chem. Inf. Comput. Sci..

[22]  Fabrizio L. Ricci,et al.  Interpretation of Statistical Queries to Relational Databases , 1988, SSDBM.

[23]  David Hopkins,et al.  A Configurable Asynchronous Pseudorandom Bit Sequence Generator , 2007, 13th IEEE International Symposium on Asynchronous Circuits and Systems (ASYNC'07).

[24]  Dieter Gollmann Proceedings of the Third International Workshop on Fast Software Encryption , 1996 .

[25]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[26]  Chu-Hsing Lin,et al.  Hierarchical key assignment without public-key cryptography , 2001, Comput. Secur..

[27]  R. Daniel Bergeron,et al.  Granite: a scientific database model and implementation , 2004 .

[28]  Yu-Fang Chung,et al.  A novel key management scheme for dynamic access control in a user hierarchy , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[29]  Matt Blaze,et al.  Key Management in an Encrypting File System , 1994, USENIX Summer.