Mix&Slice for Efficient Access Revocation on Outsourced Data
Abstract
A complex challenge when using encryption to enforce access control on resources stored at external cloud providers is the efficient enforcement of access revocation to users who know the key used for encrypting the outsourced resources. We present an approach addressing this challenge that relies on a mixing phase. The mixing phase transforms a plaintext resource into an encrypted resource with strong mutual inter-dependency among the bits in the encrypted representation. Our mixing is based on the iterative application of either a block cipher or an extended version of OAEP. The mixing phase is then followed by a slicing phase that splits the encrypted resource in carefully designed fragments. To revoke access on a resource, it is then sufficient to update a fragment , with the guarantee that the resource as a whole (and any portion of it) will become unintelligible to those from whom access is revoked. Our experimental results show the effectiveness and efficiency of our approach, and confirm its applicability, especially when managing large resources with dynamic access policy.