Adaptive Data Protection in Distributed Systems A. Squicciarini, G. Petracca, E. Bertino. Third ACM Conference on Data and Application Security and Privacy (CODASPY), February 2013.
- MOTIVATION: Ensure customer's data protection policies are honored regardless of where the data is physically stored and how often it is accessed, modified and duplicated.
- PROBLEM: Ensuring policies associated with data distributed across domain (regardless of where the data is physically stored and how often it is accessed, modified, and duplicated) are honored is an important challenge. Data in the Cloud is stored and replicated in multiple locations around the world and it is important that jurisdiction laws are obeyed but also privacy of data owner is maintained
- CONTRIBUTION: The paper uses self-controlling objects to protect data and enforce policies set out by the data owner to be maintained.
- Innovative policy-enforcement techniques for adaptive sharing of user's outsourced data.
- Uses the idea of self-controlling objects (SCOs), that encapsulate sensitive resources such as images, video, text, etc and assure their protection through the provision of adaptive security policies. SCOs use Java JAR technology.
- The security of objects stored in JARs is managed by CP-ABE schemes
- The data is encapsulated in JAR files which makes it portable and usable in any hardware, operating system, etc that has installed the popular Java Runtime Environment.
- When modifications take place on one computer, the SCO automatically updates other identical SCO's to contain modified data which makes for a very neat collaboration without trusting Cloud.
- The trust level of outsiders is reduced further and combined with the simple idea, makes the solution attractive for future needs.
- Issue: Once the data is decrypted, the user can still find where the decrypted file is contained and save a copy to be redistributed to other users. The decrypted data is not monitored for illegal operations, only the SCO.
- The ACP needs to be better hidden.
Mohamed Shehab, Elisa Bertino, and Arif Ghafoor. 2005. Secure collaboration in mediator-free environments. In Proceedings of the 12th ACM conference on Computer and communications security (CCS '05). ACM, New York, NY, USA, 58-67. DOI=10.1145/1102120.1102130 http://doi.acm.org/10.1145/1102120.1102130
- MOTIVATION: Collaboration and Interoperability in multi-domain environments provides benefits but suffers security issues
- PROBLEM: The paper is attempting to solve the problem of secure interoperability in a multi-domain environment without a mediator having a global view
- CONTRIBUTION: Decentralises access control with the removal of a mediator to control collaboration. Access control is based on user’s access history, aka user access path. Paper uses idea of paths for secure interoperation.
- Presents a mediator-free collaboration environment and discuss security challenges in such environment. Access path security requirements are presented for secure collaboration.
- A framework for secure collaboration in a mediator-free environment, based on access control decisions based on user’s access history.
- A discussion of several security attacks that can occur in a mediator-free environments and ways to mitigate such attacks.
- Paper has good introduction. It explains the benefits of interoperability in 2 paragraphs and then discusses the problems in 2 paragraphs. The contribution and the paper organisation then follow.
- The mathematics of the paper is a little difficult and a bit too much. However, parts of the mathematics was understandable.
- The problem in relation to my research is that it doesn’t handle the scenario of dishonest users who may share data with unauthorised users (e.g via email attachments).
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security (CCS '06). ACM, New York, NY, USA, 89-98. DOI=10.1145/1180405.1180418 http://doi.acm.org/10.1145/1180405.1180418
- MOTIVATION: With the growing amount of sensitive data stored on the internet, there is concern where personal data will be compromised
- PROBLEM: The paper is trying to solve the problem of users sharing encrypted data with other users or third parties by either decrypting data and sending to them or by sending them the private key.
- CONTRIBUTION: A Key-Policy ABE scheme
- A scheme where each private key is associated with an access structure that specifies which types of ciphertexts that can be decrypted according to the attributes of the ciphertexts.
- User’s key’s access structure uses tree structure where leaves are attributes. Can only decrypt if attributes satisfy the access structure.
- Prevent collusion of users with similar access structures
- Provide a delegation mechanism that allows any user that has a key for an access structure to derive the key for another access structure only if the latter is more restrictive than the former.
- Paper’s introduction discussed briefly the motivation and problem and discussed in detail the contribution.
- Paper is relevant and relatively easy to read but at times confusing.
- The mathematics of the paper is not understandable and very heavy. May need to do a number of follow-up readings to understand concepts.
- Still assumes the authorised users are trustworthy and will not accidentally leak the whole data to third parties.
Philippe Golle, Frank McSherry, and Ilya Mironov. 2006. Data collection with self-enforcing privacy. In Proceedings of the 13th ACM conference on Computer and communications security(CCS '06). ACM, New York, NY, USA, 69-78. DOI=10.1145/1180405.1180416 http://doi.acm.org/10.1145/1180405.1180416
- MOTIVATION: How to protect individuals from distrustful pollster and how to protect pollsters from fraudulent accusations.
- PROBLEM: A pollster who wishes to collect private information from individuals of a population may not be able to do so us individuals, understandably, are unwilling to send sensitive information to untrustworthy pollsters.
- CONTRIBUTION: Bounty hunters
- A bounty hunter service listens for leaks of private information and assembles a case against the pollster.
- The bounty hunter participates in data collection, pretending to be respondents and submit “baits”, whose decrypted contents cannot be obtained without access to a secret held by the pollster
- Any report of actual data in the message must have come from the pollster and hence incriminates pollster of leakage of information.
- Paper is a good first step to controlling whether the data owner’s data is leaked from the consumer and if it is, it does not go unnoticed.
Alexandra Boldyreva, Vipul Goyal, and Virendra Kumar. 2008. Identity-based encryption with efficient revocation. In Proceedings of the 15th ACM conference on Computer and communications security (CCS '08). ACM, New York, NY, USA, 417-426. DOI=10.1145/1455770.1455823 http://doi.acm.org/10.1145/1455770.1455823
- MOTIVATION: In the setting of IBE, there has been little work on studying revocation mechanisms.
- PROBLEM: In an ID-based/PKI-based system, users have to regularly keep in contact with PKG, prove their identity and get new keys whether their keys have been exposed or not. The PKG has to be online at all times for this.
- Paper discusses a new way to mitigate the limitations of IBE with regard to revocation and improves efficiency of previous solutions.
- Revocable IBE and its security models are defined and discussed.
- May provide a good revocation scheme, however, is very limited in providing good access control and monitoring.
Amit Sahai and Hakan Seyalioglu. 2010. Worry-free encryption: functional encryption with public keys. In Proceedings of the 17th ACM conference on Computer and communications security(CCS '10). ACM, New York, NY, USA, 463-472. DOI=10.1145/1866307.1866359 http://doi.acm.org/10.1145/1866307.1866359
- MOTIVATION: The ability to send files to other users without worrying about whether they have the right to access the data.
- PROBLEM: When a co-worker requests access to data, it is unclear whether the co-worker has the rights to access data. Although, these kinds of unauthorised accesses still occurs.
- Discusses the need for a scheme to be secure against eavesdroppers, the need for the policy of a ciphertext to remain hidden, the user’s public key should reveal no information about his credentials, and even if the certification authority is corrupted, it should not be able to compromise the security of any honest user.
- Suggests the notion of Worry-Free Encryption, since a sender does not need to worry about whether a recipient is authorised to obtain a message before sending it.
- A public/private keypair is generated for each bit of the user’s credentials. The public keys will then be sent to the Certificate Authority to mask user credentials in public key.
- The encrypter then generates a function to be sent and encrypt each part of the function under each of the user’s public keys. The user can retrieve each function piece corresponding to his credentials to reveal the function and hence reveal data.
- Could be useful to protect data from being viewed by unauthorised users.
- Storing a number of public/private key pairs could introduce key management complexity and is costly on user machines.
- Once the data is decrypted, an authorised user Alice, may still send the data to an unauthorised user, Bob. Paper assumes Alice is trusted but is curious whether Bob is allowed to view data.
Mohamed Nabeel and Elisa Bertino. 2011. Poster: towards attribute based group key management. In Proceedings of the 18th ACM conference on Computer and communications security (CCS '11). ACM, New York, NY, USA, 821-824. DOI=10.1145/2093476.2093502 http://doi.acm.org/10.1145/2093476.2093502
- MOTIVATION: Current group key management schemes are not well designed to manage group keys based on the attributes of group members
- PROBLEM: How to efficiently handle group dynamics (e.g, joining and leaving of members) and also how to defend against collusion attacks
- An expressive Attribute-Based Group Key Management Scheme (AB-GKM) which allows one to express any threshold or monotonic conditions over a set of identity attributes.
- Improve the performance of broadcast GKM schemes corresponding to his credentials to reveal the function and hence reveal data.
- Although the data owner has fine-grained access control over who can view his data and is effective, the data owner does not know how his data is being used by his members (e.g, illegal transfers, etc)
- Finished stage 1 of coding: Initialisation
- Working on stage 2 of coding: Consumer Authorisation
- Still need to test stage 1 coding to see if it is working