Cryptology ePrint Archive: Report 2017/090

Crypt-DAC: Cryptographically Enforced Dynamic Access Control in the Cloud

Saiyu Qi and Yichen Li and Yuanqing Zheng and Yong Qi

Abstract: Enabling access controls for data hosted on untrusted cloud is attractive for many users and organizations. Recently, many works have been proposed to use advanced cryptographic primitives such as identity-based encryption, attribute-based encryption, and predicate encryption to enforce data access control on the potentially untrusted cloud. However, designing efficient cryptographically enforced dynamic access control system in the cloud is still a challenging issue. In this paper, we propose Crypt- DAC, a system that provides practical cryptographic enforcement of dynamic access control. Crypt-DAC uses delegation-aware encryption and symmetric onion encryption, which enable access revocation to be executed at the cloud side in a secure manner. Crypt-DAC further uses lazy de-onion encryption to facilitate file access without incurring obvious overhead. As a result, Crypt- DAC enforces dynamic access control that provides efficiency, as it does not require expensive decryption/re-encryption and uploading/re-uploading of large data at customer side, and security, as it immediately revoke access permissions, while operating under a similar threat model of previous comparable systems. We use formalization framework and system implementation to demonstrate the security and efficiency of our construction.

Category / Keywords: applications / access control, cloud

Date: received 5 Feb 2017

Contact author: syqi at connect ust hk

Available format(s): PDF | BibTeX Citation

Version: 20170210:150913 (All versions of this report)

Short URL: ia.cr/2017/090

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]