Anonymous and confidential file sharing over untrusted clouds

by   Stefan Contiu, et al.

Using public cloud services for storing and sharing confidential data requires end users to cryptographically protect both the data and the access to the data. In some cases, the identity of end users needs to remain confidential against the cloud provider and fellow users accessing the data. As such, the underlying cryptographic access control mechanism needs to ensure the anonymity of both data producers and consumers. We introduce A-SKY, a cryptographic access control extension capable of providing confidentiality and anonymity guarantees, all while efficiently scaling to large organizations. A-SKY leverages trusted execution environments (TEEs) to address the impracticality of anonymous broadcast encryption (ANOBE) schemes, achieving faster execution times and shorter ciphertexts. The innovative design of A-SKY limits the usage of the TEE to the narrow set of data producing operations, and thus optimizes the dominant data consumption actions by not requiring a TEE. Furthermore, we propose a scalable implementation for A-SKY leveraging micro-services that preserves strong security guarantees while being able to efficiently manage realistic large user bases. Results highlight that the A-SKY cryptographic scheme is 3 orders of magnitude better than state of the art ANOBE, and an end-to-end system encapsulating A-SKY can elastically scale to support groups of 10 000 users while maintaining processing costs below 1 second.


IBBE-SGX: Cryptographic Group Access Control using Trusted Execution Environments

While many cloud storage systems allow users to protect their data by ma...

A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context

Role-Based Access Control (RBAC) is a popular model which maps roles to ...

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, ...

Distributed systems and trusted execution environments: Trade-offs and challenges

Security and privacy concerns in computer systems have grown in importan...

SEA-BREW: A Scalable Attribute-Based Encryption Scheme for Low-Bitrate IoT Wireless Networks

Attribute-Based Encryption (ABE) is an emerging cryptographic technique ...

Secret Sharing for Cloud Data Security

Cloud computing helps reduce costs, increase business agility and deploy...

TEEvil: Identity Lease via Trusted Execution Environments

We investigate identity lease, a new type of service in which users leas...