M.Sc. in Information Technology Dept. of Computer Engineering Sharif University of Technology
Although data outsourcing provides many benefits, it suffers from privacy and security concerns such as enforcement of access control policies and confidentiality of stored sensitive data. Current encryption-based security solutions are inflexible in enforcing fine-grained access control policies and it is necessary for data owner to laboriously specify access control permissions per data item. Additionally, the current indexing methods disregard any control on accessing the relevant data and may cause information leakage. This paper proposes a novel indexing technique to enforce access control policies at server side and based on the value of encrypted data. By exploiting this indexing method and selective encryption, we introduce an access control aware indexing technique, which we refer to as Inference Resistant Indexing Technique (IRIT). The proposed technique, not only prevents leakage of information but also overcomes the overheads associated with a separate access control enforcement mechanism. Meanwhile, the overhead associated with updating access control policies is noticeably reduced. The paper provides a simulation of the proposed technique and a comparison with the alternative approaches to assess the performance of the proposed technique.