Privacy and Access Control for Outsourced Personal Records

Abstract: Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having acce… Show more

“…To demonstrate the general applicability of our functional credential construction, we deploy it in the setting of Group ORAM (GORAM) [37], a state-of-the-art multi-client oblivious outsourced storage in which access control is enforced via predicate encryption and zero-knowledge proofs. More precisely, the authors encode the access control policy for each entry in a predicate encryption ciphertext and distribute a key to each client according to her permissions.…”

“…Even for large parameters, the computation and verification of a credential takes only a couple of seconds. -We show the effectiveness of our techniques on a recently proposed oblivious outsourced storage scheme [37]: We instantiate the authentication mechanism with functional credentials, obtaining better scalability and an improvement in efficiency of at least one order of magnitude.…”

“…Recently, several works have tackled the problem of oblivious outsourced storage for data-sharing applications with access control being enforced by an honest-butcurious cloud server, such as, among others, group oblivious RAM as suggested by Maffei et al [37]. Obliviousness in this setting means the cloud provider does not even learn the access pattern to the data.…”

“…Policy hiding is crucial in this setting, since obliviousness would be broken if the cloud provider would learn the access control policy of the retrieved entry. The construction of Maffei et al [37] uses Groth-Sahai zero-knowledge proofs [32] to enforce the access control. Since the ciphertexts are very large, these proofs are quite expensive.…”

Functional Credentials

“…To demonstrate the general applicability of our functional credential construction, we deploy it in the setting of Group ORAM (GORAM) [37], a state-of-the-art multi-client oblivious outsourced storage in which access control is enforced via predicate encryption and zero-knowledge proofs. More precisely, the authors encode the access control policy for each entry in a predicate encryption ciphertext and distribute a key to each client according to her permissions.…”

“…Even for large parameters, the computation and verification of a credential takes only a couple of seconds. -We show the effectiveness of our techniques on a recently proposed oblivious outsourced storage scheme [37]: We instantiate the authentication mechanism with functional credentials, obtaining better scalability and an improvement in efficiency of at least one order of magnitude.…”

“…Recently, several works have tackled the problem of oblivious outsourced storage for data-sharing applications with access control being enforced by an honest-butcurious cloud server, such as, among others, group oblivious RAM as suggested by Maffei et al [37]. Obliviousness in this setting means the cloud provider does not even learn the access pattern to the data.…”

“…Policy hiding is crucial in this setting, since obliviousness would be broken if the cloud provider would learn the access control policy of the retrieved entry. The construction of Maffei et al [37] uses Groth-Sahai zero-knowledge proofs [32] to enforce the access control. Since the ciphertexts are very large, these proofs are quite expensive.…”

Functional Credentials

“…Their scheme supports a user revocation by redistributing users' private keys and update an access policy in ciphertexts. GORAM and A-GORAM [10] are suggested to provide a secure data sharing on the untrusted cloud storage. They provide a fine-grained access control using PE and hiding even an access patterns from the server.…”

A Practical Client Application Based on Attribute Based Access Control for Untrusted Cloud Storage

Private Anonymous Data Access