Encryption-based Policy Enforcement for Cloud Storage S. De Capitani di Vimercati ∗ , S. Foresti ∗ , S. Jajodia † , S. Paraboschi ‡ , G. Pelosi ‡ , P. Samarati ∗ ∗ DTI - Universit` a degli Studi di Milano, 26013 Crema - Italy † CSIS - George Mason University, Fairfax, VA 22030-4444 - USA ‡ DIIMM - Universit` a degli Studi di Bergamo, 24044 Dalmine - Italy Abstract —Nowadays, users are more and more ex- ploiting external storage and connectivity for sharing and disseminating user-generated content. To this aim, they can benefit of the services offered by In- ternet companies, which however assume that the service provider is entitled to access the resources. To overcome this limitation, we present an approach that does not require complete trust in the external service w.r.t. both resource content and authorization management, while at the same time allowing users to delegate to the provider the enforcement of the access control policy on their resources. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources and on a hierarchical key structure that limits both the number of keys to be maintained and the amount of encryption to be enforced. I. Introduction “Cloud computing” is a relatively recent term, charac- terizing the collection of technologies and tools support- ing the use of large scale Internet services for the remote construction of applications. The realization of cloud computing is consistent with clear technological and economic trends. The correct administration and confi- guration of computing systems is expensive and presents large economies of scale, supporting the centralization of resources. This is particularly significant when con- sidering reliability and availability requirements, which are difficult to satisfy by final users and small/medium organizations. This evolution is also consistent with the vision offered in the past by most research in network and distributed systems, which assumed a continuous increase in the quality and quantity of tasks assigned to distributed components. An important application of cloud computing is rep- resented by cloud storage, where an Internet service allows a large open community of users to store and exchange resources (i.e., files containing images, videos, applications, and so on). While these services at the beginning were mostly used to openly publish resources, today users are more and more demanding solutions for regulating the publication and disclosure of their own content. The importance of this requirement is also testified by the recent introduction of resource shar- ing features in cloud applications (e.g., Google Docs - http://docs.google.com). Existing Web services offer to users a form of control on their resources, as well as existing access control solutions for social networks sce- narios Typically these solutions assume that the service provider is completely trusted and always entitled to access the resources. This assumption may not always be applicable, as users may want to restrict access to the server itself, which should be able to guarantee the service without having cleartext access to the resources. We address the need of enforcing selective access to the resources by proposing an approach that supports the user in the specification of access restrictions to resources the user wishes to share, via an external storage service, with a desired group of other users. Our proposal guarantees that only users in the specified group will be able to access the resources, which remain confidential to all the other parties, including the service itself. In synthesis, our approach assumes that resources are encrypted with a symmetric encryption algorithm. The key used to protect a resource can be derived from a secret held by each user, exploiting a Diffie-Hellman key agreement method and public tokens. The service offered in this way can be realized by any community of users desiring to exchange confidential resources. Compared to existing applications, our approach offers stronger guar- antees in terms of protection of resource confidentiality, in a way which is fully compatible with the design of cloud storage applications. Our approach leverages on solutions proposed for the data outsourcing scenarios, extending them to the consideration of the presence of many users exchanging resources, each having both the role of data owner and data consumer. The remainder of the paper is organized as follows. Section II presents some basic concepts. Section III describes the key derivation technique and the repre- sentation of an authorization policy via proper encryp- tion. Section IV describes the algorithms for encrypting resources and accessing them. Section V analyzes the security issues of our model. Section VI presents the per- formance results obtained by a prototype implementing the proposed algorithms. Section VII describes related work. Finally, Section VIII draws our conclusions. © 2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.