Authors:
Nesrine Kaaniche
and
Maryline Laurent
Affiliation:
Telecom SudParis, CNRS and University Paris-Saclay, France
Keyword(s):
multi-level access control, attribute-based encryption, flexible and scalable access policies, data secrecy, user privacy
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Information and Systems Security
;
Internet Technology
;
Web Information Systems and Technologies
Abstract:
The economy and security of modern society relies on increasingly remote and distributed infrastructures. This trend increases both the complexity of access control to outsourced data and the need of privacy-preserving mechanisms. Indeed, access control policies should be flexible and distinguishable among users with different privileges. Also, privacy preservation should be ensured against curious
storage system administrators, for outsourced data, as well as access requestors identities if needed.
In this paper, we propose a multi-level access control mechanism based on an original use of attribute based encryption schemes. Our construction has several advantages.
First, it ensures fine-grained access control, supporting multi-security levels with respect to different granted access rights for each outsourced data file.
Second, relying on an attribute based mechanism, key management is minimized, such that users sharing the same access rights are not required to collaborate to e
xtract the secret enciphering key.
Third, our proposal is proven to provide efficient processing and communication overhead, compared to classical usage of attribute based encryption schemes.
(More)