Today, sensitive data in storage systems is often protected by trusted servers which mediate access to data. These servers are entrusted to grant access to data to authorized users and withhold it from those not authorized.
While the simplicity of this model is appealing, sole reliance on trusted systems for storage protection is not adequate in today's environment for two reasons: First, there is increasing economic pressure to store and process data on cloud-based commercial sites. Data stored on outside services (and in unknown storage locations) is implicitly more at risk than data stored locally. Second, the increasing number of sophisticated data breaches has called into question the effectiveness of centralized trusted server models.
Given the reasons above, it is important that data access be protected by encryption. Roughly, encryption provides a method of encoding data such that it can only be understood with access to a proper secret key that allows a user (or device) to decrypt the data. Without this secret key, an attacker will not be able to learn the original contents of the encrypted data. In this manner, sensitive information can be kept private even if the underlying storage or storage service is compromised.
In recent years, a new opportunity for protecting encrypted data has risen. Attribute-Based Encryption (ABE) provides an entirely new vision of encrypting data. Instead of encrypting to individual users, in an ABE system, one can embed any access predicate into the the ciphertext itself. These predicates can enforce either role-based or content-based access controls. Thus, data access is self-enforcing through the cryptography -- requiring no trusted mediator. ABE is the subject of hundreds of academic publications over the past decade and is now ready for commercial deployment.
Zeutro has developed the first commercial-grade and robust attribute-based encryption toolkit (ZTK) to secure cloud applications. In addition to protection against collusion attacks, our toolkit provides role-based and content-based access control and is supported by an advanced data protection system dubbed Arethusa. For more information, see our whitepaper.
A rethusa is an advanced data protection and key management system for encrypting enterprise data-at-rest. It is based on several cryptographic technologies. Most notably, Arethusa uses the novel technology of ABE. Arethusa is able to secure enterprise data by combining three techniques. First, it uses ABE to protect all data objects. Second, it employs a centralized reference monitor to implement online access control, with the caveat that even a compromised server does not result in unauthorized data access. Finally, it implements a distributed framework for logging data access, even when this access is handled offline.
In addition to these core functionalities, Arethusa provides a general solution for encrypting arbitrary data-at-rest, regardless of what type of data is being protected, and regardless of where this data is stored. It accomplishes this using an extensible and distributed interface, whereby geographically-separated systems may interconnect, share key material, and perform cryptographic operations.
Today, companies are faced with choosing between many solutions for securing enterprise data. One differentiating aspect of Arethusa is that this system provides transparent data-at-rest encryption for cloud applications while enforcing fine-grained access control on a mathematical level. For compatibility with today's systems, our solution adds an access control layer on top of existing symmetric-based encryption schemes. This translates to a minimal impact to securing cloud applications while enabling advanced data protection.
ABE works in tandem with existing AES-based solutions. Application data is still encrypted with an AES key and ABE is used to encrypt (and thereby grant access to) the AES key. Today's solutions typically use a trusted server to grant access to these AES keys, which is inherently significantly weaker than our approach.
ABE can protect data stored in a public, untrusted cloud from unauthorized access. ABE gives data owners fine-grained control over their data so that users may only access the portions of the data they need to do their jobs.
ABE is collusion-resistant, meaning that (an arbitrary number of) users cannot combine their ABE keys to "escalate" their privileges. For example, if the access policy is ((ProjectA OR ProjectB) AND Manager), Alice is an intern for ProjectA and Bob is a Manager with access to neither ProjectA or ProjectB, then an ABE system will not allow Alice and Bob to combine her ProjectA credential with his Manager credential to obtain access to data that neither could access on their own. Preventing collusion attacks is critical; this is a core advantage of ABE over non-ABE encryption solutions.
Because access control is enforced cryptographically, ABE can enforce access controls even if the user is accessing data objects for a cloud app while operating offline.