Versatile Group Security for Tree-Based Storage

Abstract

The need to encrypt data in infrastructures containing thousands and thousands of entities having different access rights increases with the rapid growth of electronically stored sensitive data in all areas of business and life. A group-oriented communication system referred to as hierarchical access control is a main part of such an infrastructure. It forms a graph hierarchy in order to bind access rights to group nodes on different levels. Clients are able to join group nodes for getting permission in order to decrypt data which is encrypted with the corresponding group key. Each client maintains a key set contaning an own client key and all keys binded to groups the client is assigned to. Keys need to be renewed when a group affiliation changes, so that leaving clients are not able to decrypt group data anymore. In order not to re-encrypt data by using a renewed key, all keys are versioned and stored, so that the complete key graphs can be restored again. To sent renewed keys over an untrusted component (i.e. a server maintaining the key graph including the corresponding keys and a client holding a sub-key set), the new keys are encrypted with a key that is already known by the client.This thesis describes an architecture for a revision-aware encryption framework on versioned data using a directed-acyclic key graph for hierarchical group management based on the VersaKey -approach. Previous approaches base on tree key graphs and provide only one top access right. Our approach enables multiple root instances connecting several key graph hierarchies. The key graph operates join and leave updates without re-encrypting storage data. The usage of a directed-acyclic key graph brings along more flexibility in key graph structure and group affiiations compared to binary tree hierarchies. On the other hand, this flexibility leads to an uncontrolled key graph expansion, key graph unbalance and non-linear scaling in key encryption. Proxy nodes are insertedwhich act as auxiliary nodes to avoid those drawbacks. Inserted proxy nodes are only part of the key management hierarchy and do not encrypt storage data.The major aspect of this work is to make the versioned key management scalable even on updates affecting many node entities. Therefore, we examine and describe the directed-acyclic key graph management in detail and introduce proxy nodes ensuring scalability regarding the nodes adjacent to the updated ancestor nodes. We show that the directed-acyclic graph-based key management that implements proxy nodes, leads to a constant number of encryption steps for newly created key materials outgoing from the updated node entity. This proceeding results in a constant overhead related to the number of affected and updated node entities.