PB-UOKM: a policy-based updatable oblivious key management scheme for secure and practical data sharing in remote storage

PB-UOKM: a policy-based updatable oblivious key management scheme for secure and practical data sharing in remote storage

연구 분야: Cryptography

학회: The Journal of Supercomputing

The proliferation of big data and cloud computing has led to a significant increase in data storage, computation, and sharing on cloud servers. While offering substantial benefits, this shift also introduces critical security challenges, particularly regarding the protection of sensitive information from cyber threats and unauthorized access. This paper addresses these challenges by introducing PB-UOKM, a policy-based updatable oblivious key management scheme, which facilitates secure and practical data sharing in cloud storage environments. PB-UOKM effectively alleviates the burden of key management for users by storing private keys securely in a key management server (KMS) and ciphertexts in a storage server (STS). When a user sends a data access request, the KMS and the STS return the encrypted private keys and the corresponding ciphertext, respectively. The scheme also supports time-bounded secrecy through key and ciphertext updates, ensuring privacy during key rotation. The contributions of this paper include a comprehensive review of updatable oblivious key management, the integration of key insulation with updatable oblivious key management to create PB-UOKM, the instantiation of the scheme with concrete algorithms and correctness proofs, and an evaluation of its security and efficacy through theoretical analysis and simulation results. PB-UOKM is positioned as a robust solution for secure data storage in cloud computing scenarios, addressing the need for granular access control and privacy preservation.