The Cloud we Share: Access Control on Symmetrically Encrypted Data in Untrusted Clouds

Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or A...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2020, Vol.8, p.210462-210477
Main Authors: Bakas, Alexandros, Dang, Hai-Van, Michalas, Antonis, Zalitko, Alexandr
Format: Article
Language:English
Subjects:
Access control
attribute-based encryption
Business
cloud
Cloud computing
Complexity theory
Cryptography
Data encryption
data sharing
Data storage
Encryption
Permission
scope
secure storage
SGX
symmetric searchable encryption
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Along with the rapid growth of cloud environments, rises the problem of secure data storage-a problem that both businesses and end-users take into consideration before moving their data online. Recently, a lot of solutions have been proposed based either on Symmetric Searchable Encryption (SSE) or Attribute-Based Encryption (ABE). SSE is an encryption technique that offers security against both internal and external attacks. However, since in an SSE scheme, a single key is used to encrypt everything, revoking a user would imply downloading the entire encrypted database and re-encrypt it with a fresh key. On the other hand, in an ABE scheme, the problem of revocation can be addressed. Unfortunately, though, the proposed solutions are based on the properties of the underlying ABE scheme and hence, the revocation costs grow along with the complexity of the policies. To this end, we use these two cryptographic techniques that squarely fit cloud-based environments to design a hybrid encryption scheme based on ABE and SSE in such a way that we utilize the best out of both of them. Moreover, we exploit the functionalities offered by Intel's SGX to design a revocation mechanism and an access control one, that are agnostic to the cryptographic primitives used in our construction.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2020.3038838