Securing Fine-Grained Data Sharing and Erasure in Outsourced Storage Systems

The wide use of internet-connected services makes massive personal data collected by service providers without the need of our consent. Although the archived data may enable them to provide better service experiences for users, it also presents serious risks to individual privacy, especially when active or unexpected data breaches have become commonplace. To mitigate this issue, several acts and regulations (e.g., the European Union general data protection regulation) have been issued and specified a lot of security requirements for personal data management. Among these various requirements, we mainly focus on the requirement of giving back the access control of personal data to data owners themselves and the right to be forgotten for data erasure. In this article, we provide a cryptographic solution of achieving these two requirements in the setting of outsourced storage. Specifically, we introduce a personal data management framework built upon a novel cryptographic primitive dubbed as forward-secure attribute-based puncturable encryption (FS-DABPE). This primitive simultaneously features of system-wide forward secrecy and practical key management as well as fine-grained access control of the encrypted personal data. Consequently, by locally puncturing, updating and erasing system-wide secret keys, it securely realizes fine-grained personal data sharing and data erasure without interactions. Furthermore, to instantiate the proposed framework, we present a concrete FS-DABPE construction, and prove its security under a well-studied complexity assumption. In addition, we provide a prototype implementation of the concrete construction, and present extensive experimental results that illustrate its feasibility and practicability.

Automated summary

The wide use of internet-connected services leads to the collection of massive personal data without our consent by service providers. This poses serious risks to individual privacy, particularly when data breaches have become common. To address this, regulations such as the EU's general data protection regulation have been introduced, focusing on giving control of personal data back to owners and the right to be forgotten. In this article, a cryptographic solution called forward-secure attribute-based puncturable encryption (FS-DABPE) is presented for achieving these requirements in outsourced storage. A concrete FS-DABPE construction is provided and its security is proven, along with a prototype implementation and extensive experimental results showcasing its feasibility and practicability.