Abstract
Outsourcing data storage reduces the cost of ownership. However, once data is stored on a remote server, users lose control over their sensitive data.
There are two approaches to control the access to outsourced data. The first approach assumes that the outsourcee is fully trusted. This approach is also referred to as server mediated access control and works as follows: whenever a user wants to access the stored data, the user has to provide credentials to the server. If the credentials are valid and satisfy the access control policy, the user is allowed to access the stored data. However, fully trusting the server can be dangerous since if the server gets hacked, all users data would be readable by hackers. The second approach reduces the trust on the server and assumes that the server is honest-but-curious: the server is honest in the sense that it stores the data correctly and makes the data available to users, and the server is curious in the sense that it attempts to extract knowledge from the stored data. This approach is also referred as cryptographically enforced access control because it relies on encryption techniques to enforce an access control policy. The main idea of this approach is to map an access control policy into an encryption key, and then to encrypt the data under the encryption key such that only authorized users who possess a decryption key can access the data in clear. Even if the server gets hacked, user data are secure since the data are encrypted. In this thesis we focus on the second approach and propose new encryption schemes for enforcing access control policies with significant advantages over existing
ones. In particular, we push the limits of three cryptographic primitives: proxy re-encryption, attribute-based encryption and public-key encryption. Our contributions can be summarized as follows:
1.We propose a proxy re-encryption scheme which enables the delegator to provide a fine-grained access control policy. Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy.
2.We propose two ciphertext-policy attribute-based encryption schemes which are more efficient and at least as expressive as the existing state-of-the-art schemes. In ciphertext-policy attribute-based encryption the data is encrypted under an access control policy defined over attributes. A user can decrypt the ciphertext only if the attribute set of her secret key satisfies the access control policy of the ciphertext.
3.We propose a ciphertext-policy attribute-based encryption scheme in which the secret keys of dishonest or compromised users are revoked.
4.We propose a ciphertext-policy attribute-based encryption scheme that allows users to update the access control policy of the ciphertext without decrypting it.
5.We propose a public-key encryption scheme that allows the secret key holder to delegate to the server the power to search her ciphertexts for possible malware
Original language | English |
---|---|
Qualification | Doctor of Philosophy |
Awarding Institution |
|
Supervisors/Advisors |
|
Thesis sponsors | |
Award date | 21 Oct 2011 |
Place of Publication | Enschede |
Publisher | |
Print ISBNs | 978-90-365-3228-0 |
DOIs | |
Publication status | Published - 21 Oct 2011 |
Keywords
- Distributed
- Cryptographically
- DIES-Data Security
- IR-78287
- EWI-20720
- METIS-279668
- Data access