Dynamic and Private Cryptographic Access Control for Untrusted Clouds: Costs and Constructions (Extended Version)

The ability to enforce robust and dynamic access controls on cloud-hosted data while simultaneously ensuring confidentiality with respect to the cloud itself is a clear goal for many users and organizations. To this end, there has been much cryptographic research proposing the use of (H)IBE, ABE, PE, and FE and related technologies to perform robust and private access control on untrusted cloud providers. However, the vast majority of this work studies static models, in which the access control policies being enforced do not change over time. This is contrary to the needs of most practical applications, which leverage dynamic data and/or policies. In this paper, we explore the viability and costs associated with adapting the above types of cryptosystems to perform dynamic and private access control on the cloud using a threat model commonly assumed in the cryptographic literature. Specifically, we develop lightweight IBE/IBS- and PKI-based constructions for cryptographically enforcing $\mathsf{RBAC}_0$ access controls over files hosted by a cloud storage provider. We prove the correctness of these constructions and leverage real-world $\mathsf{RBAC}$ datasets and recent techniques developed by the access control community to experimentally analyze their associated cryptographic costs. Although IBE/IBS and PKI systems are a natural fit for enforcing static $\mathsf{RBAC}$ policies, we show that supporting revocation, update, and other state change functionality incurs significant overheads in realistic scenarios. We identify a number of bottlenecks in such systems, and fruitful areas for future work that will lead to more natural and efficient constructions for cryptographic enforcement of dynamic access controls. The majority of our findings also extend to similar attempts to use HIBE, ABE, and PE schemes to enforce dynamic $\mathsf{RBAC}_1$ or $\mathsf{ABAC}$ policies.