Fine-Grained Access Control (FGAC) in the Cloud Robert Barton Access Control Quick Review Fine-grained Why should I care? Why is access control necessary? Clouds Shift to corporate data storage by third parties More cost effective Poses problems with data security Issues with Cloud Storage Data Security User Revocation Scalability Data Security It is necessary to keep the data private from the third party There is no clear solution to scalable FGAC but there are many good systems to start from Data Security: Key Policy Attribute-Based Encryption Users given secret keys based on sets of attributes Includes one dummy attribute that every file is encrypted with and every user has but cloud does not know about Files encrypted using the keys of the attributes such that a user that has all the attributes will be able to decrypt the file Easy to deal with user revocation Easy for the cloud server to learn about users Data Security: Hierarchical Identity-Based Encryption Each user has a public key and secret key Secret key is made to decrypt any file encrypted using its paired public key along with all the public keys of the user’s ancestors Easy for third parties to learn about file security levels Cloud Knowledge It’s safe to assume that the cloud will try to get as much knowledge about the data it’s storing One proposed solution: chunks Each data owner has their own chunk that contains all their files on the cloud Cloud doesn’t know individual file access policies If a user satisfies one of the access policies of the chunk he downloads the whole chunk Data Chunks Each data owner has their own chunk that contains all their files on the cloud Cloud doesn’t know individual file access policies If a user satisfies one of the access policies of the chunk he downloads the whole chunk User Revocation Each file the user had access to needs to be re-encrypted Severe computational overhead on the data owner Two good solutions: Two-Layered Encryption Proxy Re-Encryption These systems have the larger resources of the cloud server do all the work The only work done by the data owner is the updated key delegation User Revocation: Two-Layered Encryption Data owner encrypts data then has the cloud encrypt a second time When a user is removed the data owner has the cloud server decrypt the second layer then re-encrypt with a different encryption User Revocation: Proxy Re-Encryption This method has the third party re-encrypt the already encrypted data to create a new encryption The third party doesn’t get to see that data decrypted so it never learns anything Lazy Re-Encryption Files are not re-encrypted until a user wants access Spreads out the re-encryption over time to speed up access with the third party Conclusion There is no perfect or correct solution to these problems It is a continuing academic and industry research area