Cloud services made it possible for users to conveniently store their data in the cloud and share it with other devices and other users. While such cloud services may not be fully trusted to handle sensitive data, cryptographic mechanisms can be used to achieve end-to-end confidentiality and enforce access control on a cryptographic level.
Initially, this work gives an overview of popular cryptographic mechanisms and compares them with regards to their flexibility in maintaining access rights over time, required effort for revocation procedures, trust requirements, etc. This overview includes approaches built upon traditional public-key encryption, attribute-based encryption, and (conditional) proxy re-encryption.
The second part focuses on applying key-policy conditional proxy re-encryption, which enforces fine-granular access control. Interactive proxy re-encryption schemes require private keys from both the sender and the receiver to enable data sharing. This is an issue, as users do not want to expose their private key just to receive access to re-encrypted data. In contrast, non-interactive schemes only require the receiver’s public key to enable re-encryption and sharing of data. Therefore, we develop a generic mechanism to transform interactive into non-interactive proxy re-encryption schemes and evaluate its practical performance.