2011 IEEE International Symposium on Policies for Distributed Systems and Networks
Enforcing multi-user access policies to encrypted cloud databases Mihaela Ion, Giovanni Russello CREATE-NET International Research Center via alla cascata 56D, 38123 Trento, Italy {mihaela.ion,giovanni.russello}@create-net.org
Bruno Crispo Department of Information Engineering and Computer Science, University of Trento, Trento, Italy
[email protected]
We consider the scenario of an outsourced database stored in a cloud data hosting service, with the following main entities:
Abstract—Cloud computing has the advantage that it offers companies (virtually) unlimited data storage at attractive costs. However, it also introduces new challenges for protecting the confidentiality of the data, and the access to the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Moreover, they can be of interest to many users and different policies could apply to each. Companies need new mechanisms to query the encrypted data without revealing anything to the cloud server, and to enforce access policies to the data. Current security schemes do not allow complex encrypted queries over encrypted data in a multi-user setting. Instead, they are limited to keyword searches. Moreover, current solutions assume that all users have the same access rights to the data. This demo shows the implementation of a scheme that allows making SQL-like queries on encrypted databases in a multi-user setting, while at the same time allowing the database owner to assign different access rights to users.
•
•
Keywords-encrypted search, access control;
I. M OTIVATION AND SYSTEM MODEL •
The cloud computing paradigm offers users the opportunity to have (virtually) unlimited storage and computation capacities with attractive billing scheme. Storage and computation are offered as services to users that are billed on the actual amount of consumed resources and can be dynamically adapted to the current situation. However, one of the main drawbacks of this model is that it offers a very limited end-to-end data confidentiality. Business data, private emails, medical records and government data are few examples of valuable data that could be exposed to unsolicited accesses if simply stored in the cloud. Current encrypted search schemes that allow multiple users to read and write to the database [1], [2], [3] have two major drawbacks: (i) they support only keyword searches or conjunctions of keywords, and (ii) do not allow specifying different access policies for different users. Instead, they assume all users have the same rights. This demo shows an implementation of a novel scheme that addresses both issues. Our scheme allows multi-users to perform complex, SQLlike queries on the encrypted database without revealing the query to the cloud server, and allows enforcing different access control policies for the users, in a single, integrated solution. Moreover, our scheme does not leak to the cloud provider information on the access policies. 978-0-7695-4330-7/11 $26.00 © 2011 IEEE DOI 10.1109/POLICY.2011.14
•
Database Owner: The owner of the database and the dataset stored in it. Typically the data owner is an organisation that acquired storage from a cloud provider. The database owner is responsible for user management deciding who is authorised to access the database. The owner can assign to each user a different access policy. Key Management Authority (KMA): this authority is responsible for generating and revoking keys. For each user that is authorised by the database owner to join the system, the KMA generates a set of keys. The set of keys is securely distributed. When a user no longer has permission to be part of the system, the KMA is also responsible to revoke the corresponding keys with the support of the Cloud Sever. User: a user represents an authorised entity that is allowed to be part of the system. As such, a user can encrypt data and insert it in the database. Each user is also able to retrieve data from the database performing complex queries. Once the matching data has been retrieved, the user can decrypt it. Cloud Server: a cloud server is part of the infrastructure provided by the cloud provider. A cloud server stores the encrypted data in the database and performs encrypted searches according to the users’ requests.
The database DB consists of n records {D1 ,..., Dn }. Each record Di has multiple attributes Di ={a1 ,..., am }. Attributes have the form: attr name=value, where value can be either a string or number. For example, a record could be: name=Jennifer Moss, sex=female, age=35,
[email protected], position=manager, salary=100,000. Users can execute SQL-like queries on the database involving any of the attributes. We support four types of queries: INSERT, SELECT, DELETE and UPDATE queries. For example, a user can run the following query without disclosing to the server any information about the query or the records stored in the database: SELECT name from Personnel WHERE position=manager and sex=female and age
