IBBE-SGX: Cryptographic Group Access Control Using Trusted Execution Environments

IBBE-SGX: Cryptographic Group Access Control Using Trusted Execution Environments

While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In thi...

Full description

Saved in:
Bibliographic Details
Published in:2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) pp. 207 - 218
Main Authors: Contiu, Stefan, Pires, Rafael, Vaucher, Sebastien, Pasin, Marcelo, Felber, Pascal, Reveillere, Laurent
Format: Conference Proceeding
Language:English
Published: IEEE 01-06-2018
Subjects:
Access control
Cloud computing
Computational complexity
Encryption
Metadata
Public key
SGX
TEE
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In this paper, we introduce IBBE-SGX, a new cryptographic access control extension that is efficient both in terms of computation and storage even when processing large and dynamic workloads of membership operations, while at the same time offering zero knowledge guarantees. IBBE-SGX builds upon Identity-Based Broadcasting Encryption (IBBE). We address IBBE's impracticality for cloud deployments by exploiting Intel Software Guard Extensions (SGX) to derive cuts in the computational complexity. Moreover, we propose a group partitioning mechanism such that the computational cost of membership update is bound to a fixed constant partition size rather than the size of the whole group. We have implemented and evaluated our new access control extension. Results highlight that IBBE-SGX performs membership changes 1.2 orders of magnitude faster than the traditional approach of Hybrid Encryption (HE), producing group metadata that are 6 orders of magnitude smaller than HE, while at the same time offering zero knowledge guarantees.
ISSN:2158-3927
DOI:10.1109/DSN.2018.00032