Policy-Based Editing-Enabled Signatures: Authenticating Fine-Grained and Restricted Data Modification

Abstract

Abstract Data owners often encrypt their bulk data and upload it to cloud in order to save storage while protecting privacy of their data at the same time. A data owner can allow a third-party entity to decrypt and access her data. However, if that entity wants to modify the data and publish the same in an authenticated way, she has to ask the owner for a signature on the modified data. This incurs substantial communication overhead if the data is modified often. In this work, we introduce the notion of policy-based editing-enabled signatures, where the data owner specifies a policy for her data such that only an entity satisfying this policy can decrypt the data. Moreover, the entity is permitted to produce a valid signature for the modified data (on behalf of the owner) without interacting with the owner every time the data is modified. On the other hand, a policy-based editing-enabled signature (PB-EES) scheme allows the data owner to choose any set of modification operations applicable to her data and still restricts a (possibly untrusted) entity to authenticate the data modified using operations from that set only. We provide two PB-EES constructions, a generic construction and a concrete instantiation. We formalize the security model for PB-EESs and analyze the security of our constructions. Finally, we evaluate the performance of the concrete PB-EES instantiation.