Home | english  | Impressum | Sitemap | KIT
Performance of End-to-End Secure Data Sharing
Autor: H. Kühner Links:
Quelle: DissertationKIT Scientific Publishing, 2017
Abstract:
Data sharing forms the basis for almost any IT-based collaboration in both business and personal contexts. Typical realizations of authorization and access control enforcement on the shared data require the group of sharing users to trust third parties to protect data confdentiality and integrity. Such realizations of data sharing bear the specifc risk of data being compromised by an insider attack on the trusted third party. By means of client-side cryptography, major parts of the authorization and access control enforcement for arbitrary storage services can be carried out by the sharing users themselves, resulting in an End-to-End Secure Data Sharing (E2E-SDS) system. However, such systems will only be accepted by potential users if the authorization processes they are familiar with remain largely unaltered, and if the performance penalties for authorization or data access are not too heavy.
The main objective of this thesis is to evaluate the real-world performance penalties that have to be expected on a user client with a given E2E-SDS protocol. For existing E2E-SDS protocols, the asymptotical behavior is usually known with regard to performance metrics such as computation time or network traffic volume, but this does not offer much insight into how big the performance penalties are in absolute terms. Besides the E2E-SDS protocol itself, the real-world performance depends on the employed hardware, the security parameters, and the concrete sharing and usage scenario, i.e.,the sharing and usage behavior of the users in the system. Thus, the challenges of a real-world performance evaluation of E2E-SDS protocols are twofold: First, the protocol under study has to be modeled with regard to the aforementioned performance infuencing factors while factoring out implementation details. Second, realistic sharing and usage scenarios have to be observed, or generated based on partial estimated scenarios.
The objective of this work is to evaluate the real-world performance of E2E-SDS protocols in depth. The focus is on E2E-SDS protocols that realize a group-based authorization model, i.e., that allow to share data with named user groups that are managed by arbitrary users. This feature is supported by the authorization model of widely deployed distributed file systems such as NFSv4 or CIFS.
In this work, methods for the evaluation of the real-world performance of E2E-SDS protocols are presented. Realistic usage scenarios taken from real-world storage services are characterized, and a method for the generation of synthetic sharing and usage scenarios is introduced. Based on these instruments, the performance of both existing and novel E2E-SDS protocols is evaluated, and possible measures to improve the performance on the user’s side are proposed.
To get realistic sharing and usage scenarios, the members, activities and permissions of user groups were observed on two real-world storage services. The resulting scenarios are characterized with regard to selected parameters.
For the performance evaluation of E2E-SDS protocols in real-world scenarios, two methods were developed: The analytical method yields results that are sufficiently accurate in many cases. The simulative method is required when the performance of a certain operation is to be analyzed in more detail while studying more complex E2E-SDS protocols. For the simulative method, a simulation model is presented that enables a comparison of E2E-SDS protocols on a unified layer of abstraction.
To be able to evaluate the performance of E2E-SDS protocols when no observed sharing and usage scenarios are available, synthetic scenarios are generated that adhere to estimations of certain parameters of the scenario. For this purpose, a generation method is presented that takes dependencies between predetermined parameters into account. The NP-hardness of the scenario generation problem is proven for certain combinations of predetermined parameters.
The presented performance evaluation methods are applied to E2E-SDS protocols based on traditional cryptography, i.e., symmetric and asymmetric cryptography that produces ciphertexts dedicated to a single recipient only, and based on Attribute-Based Encryption (ABE), which enables to address a whole group of users with just a single ciphertext.
The performance evaluation of the traditional E2E-SDS protocol shows that in the considered sharing and usage scenarios, only minor performance penalties have to be expected for most of the authorization operations. Major performance penalties hit users that manage group memberships in large named user groups, i.e., user groups with a few thousand or more members. These performance penalties can be decreased signifcantly by integrating a Group Key Management approach, which aims at an efficient distribution and renewal of cryptographic keys within user groups.
An E2E-SDS protocol that leverages ABE was realized by evaluating existing ABE schemes with regard to E2E-SDS properties, and mapping the attribute-based authorization model of a suitable ABE scheme to the group-based authorization model. A performance evaluation of different mapping variants shows that the ABE-based protocol offers a slightly worse performance than the protocol based on traditional cryptography.
Finally, a novel E2E-SDS protocol is presented that omits joint authorization operations. Such operations require user devices to be reachable and ready to carry out computationally intensive cryptography at arbitrary points in time, which might be problematic especially when mobile devices are used. A major beneft of the proposed protocol is that it enables the employment of hierarchies of named user groups in E2E-SDS. The potentially heavy performance penalties that come with these hierarchies are evaluated in detail. Furthermore, it is shown that the support of group hierarchies without joint authorization operations fundamentally implies certain limitations regarding the freshness of access permissions, which indicates the limits of the applicability of E2E-SDS.