Paper 2017/090

Crypt-DAC: Cryptographically Enforced Dynamic Access Control in the Cloud

Saiyu Qi and Yuanqing Zheng

Abstract

Enabling cryptographically enforced access controls for data hosted in untrusted cloud is attractive for many users and organizations. However, designing efficient cryptographically enforced dynamic access control system in the cloud is still challenging. In this paper, we propose Crypt-DAC, a system that provides practical cryptographic enforcement of dynamic access control. Crypt-DAC revokes access permissions by delegating the cloud to update encrypted data. In Crypt-DAC, a file is encrypted by a symmetric key list which records a file key and a sequence of revocation keys. In each revocation, a dedicated administrator uploads a new revocation key to the cloud and requests it to encrypt the file with a new layer of encryption and update the encrypted key list accordingly. Crypt-DAC proposes three key techniques to constrain the size of key list and encryption layers. As a result, Crypt-DAC enforces dynamic access control that provides efficiency, as it does not require expensive decryption/re- encryption and uploading/re-uploading of large data at the administrator side, and security, as it immediately revokes ac- cess permissions. We use formalization framework and system implementation to demonstrate the security and efficiency of our construction.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. IEEE Transactions on Dependable and Secure Computing
Keywords
access controlcloud
Contact author(s)
syqi @ connect ust hk
History
2019-03-26: last of 3 revisions
2017-02-10: received
See all versions
Short URL
https://ia.cr/2017/090
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/090,
      author = {Saiyu Qi and Yuanqing Zheng},
      title = {Crypt-DAC: Cryptographically Enforced Dynamic Access Control in the Cloud},
      howpublished = {Cryptology ePrint Archive, Paper 2017/090},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/090}},
      url = {https://eprint.iacr.org/2017/090}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.