Information Technology Reference
In-Depth Information
3.2.4 Fully Homomorphic Encryption
Gentry [12, 13] proposed
fully homomorphic encryption
, which is capable of
evaluating any function on encrypted data. However, the schemes are
impractical for implementation by cloud users since the decryption takes
place at the user end. Gentry and Halevi [14] showed that even for weak
security parameters, one homomorphic operation would take at least 30 sec-
onds on a high-performance machine (and 30 minutes for the high-security
parameter) [16]. Since there are many such operations, the overall time taken
is too expensive for practical use in clouds.
Recently, Naehrig et al. [26] argued that fully homomorphic encryption
might not be required for data privacy while computing in the cloud. Their
main thesis was that only a few operations are required and a fully homomor-
phic property is not necessary for practical purposes. They not only proposed
a
somewhat homomorphic encryption scheme
but also optimized the pairing
operations to achieve the same level of security. Using their techniques, key
generation runs in 250 ms and encryption takes 24 ms, whereas decryption
takes 1,526 ms on a simple personal computer (PC) with an Intel Core 2 Duo
processor running at 2.1 GHz, with 3 MB L2 cache and 1 GB of memory.
This technique can be used for medical data, financial purposes, and social
networks, for which privacy is important. The implementation of this tech-
nique for practical purposes is still open.
3.3 Fine-Grained Access Control
We consider the following problem for which stored data can be accessed
by certain groups of users and is unaccessible to other users of the net-
work. Common examples are that of Dropbox or Google Docs: Users store
files and other documents and delegate selective access to other users.
Another important application is that of health care, with medical records
of patients stored in the clouds, such that authorized users can access them
and unauthorized users cannot. Clouds store sensitive information about
patients to enable access to medical professionals, hospital staff, researchers,
and policy makers. For example, a patient might want to share certain medi-
cal data with only the doctors and nurses of certain hospitals but not the
hospital staff or researchers. Social networking is yet another domain where
users can store and share selective information with a selective group of
friends and acquaintances but not others. Assigning selective access rights
to individuals is called fine-grained access control.
Access control techniques are mainly of three types: user-based access
control (UBAC), role-based access control (RBAC), and attribute-based access
control (ABAC). In UBAC, the access control list (ACL) contains the list of
authorized users. This is not feasible in clouds where there are many users.
Search WWH ::
Custom Search