Venue | Category |
---|---|
TDSC'12 | assured deletion |
Secure Overlay Cloud Storage with Access Control and Assured Deletion1. SummaryMotivation of this paperFADEImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
achieving assured deletion is that it has to trust cloud storage providers to actually delete data, but they may be reluctant in doing so.
Need to build a system that can enforce access control and assured deletion of outsourced data on the cloud in a fine-grained manner.
associate each file with a single atomic file access policy (Boolean combinatrion of atomic policies) each policy has a control key
Data key: for AES encryption for data content Control key: a public-private key pair, use to encrypt/decrypt the data keys (maintained by the quorum of key managers) Access key: the private access is maintained by the FADE client (ABE encryption)
policy-based access control policy-based assured deletion
the client needs to satisfy the policy combination the key manager leverages the public access key to encrypt the response messages returned to the clients
In this extended version, FADE now uses two independent keys for each policy. (access control and assured deletion)
M < N when deletion, it needs to remove (N-M+1) private control keys corresponding to the policy.
contains the specification of the Boolean combination of policies. the corresponding cryptographic keys (encrypted data key). the control keys associated with the policies.
this idea can be used in other scenario when we consider assured deletion.