Fine-Grained Encryption-Based Access Control for Big Data
Project Members
Mohamed Nabeel, Elisa Bertino
Mohamed Nabeel, Elisa Bertino
Abstract
Big Data technologies are increasingly used to store and/or analyze personally identifiable information (PII) and other sensitive data. In order to comply with various regulations and organizational policies, such data needs to be stored encrypted and the access to them needs to be controlled based on the identity attributes of users. A simple solution is to use an efficient symmetric key encryption scheme. However, it requires sharing many keys with various entities in the system increasing the risk of key leakage. Further, when the user membership changes, these symmetric keys need to be re-issued incurring a high overhead. A better solution is to utilize attribute based encryption (ABE) techniques. While ABE provides fine-grained access control for encrypted data, they require expensive pairing operations and, further, attribute revocation is inefficient. Having identified the strengths and weakness of these solutions, we propose a novel approach using attribute based group key management. Unlike the direct application of symmetric key encryption, keys are not stored in the system; they are dynamically derived when data is to be decrypted. Our approach is an order of magnitude efficient than the ABE based approach as ours is based on symmetric key encryption and broadcast group key management. The main bottleneck in our approach is the key generation operation. We utilize MapReduce framework to improve the performance of the key generation by generating intermediate keys during Map phase and generating the final key during the Reduce phase. We demonstrate our approach using Hadoop, a popular Big Data platform. The data blocks stored at DataNodes are encrypted and public information required to derive the key are stored as part of metadata in the NameNode. The encryption is performed at the granularity of HDFS (Hadoop Distributed File System) blocks. If the group membership changes before appending some new blocks to a file, a new symmetric key and public information are generated to encrypt the new blocks. Highlights of our approach are that the symmetric keys are neither stored nor transmitted, and the evolution of encryption is transparent to the Clients and the JobTracker which performs MapReduce tasks on Clients’ data.