Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Efficient Ciphertext-policy Attribute Based Encryption for Cloud-Based Access Control

Al-Dahhan, R (2019) Efficient Ciphertext-policy Attribute Based Encryption for Cloud-Based Access Control. Doctoral thesis, Liverpool John Moores University.

2019AlDahhanPhD.pdf - Published Version

Download (1MB) | Preview


Outsourcing data to some cloud servers enables a massive, flexible usage of cloud computing resources and it is typically held by different organizations and data owners. However, various security concerns have been raised due to hosting sensitive data on an untrusted cloud environment, and the control over such data by their owners is lost after uploading to the cloud. Access control is the first defensive line that forbids unauthorized access to the stored data. Moreover, fine-grained access control on the untrusted cloud can be enforced using advanced cryptographic mechanisms. Some schemes have been proposed to deliver such access control using Ciphertext-policy attribute based encryption (CP-ABE) that can enforce data owners’ access policies to achieve such cryptographic access control and tackle the majority of those concerns. However, some challenges are still outstanding due to the complexity of frequently changing the cryptographic enforcements of the owners’ access policies in the hosted cloud data files, which poses computational and communicational overheads to data owners. These challenges are: 1) making dynamic decisions to grant access rights to the cloud resources, 2) solving the issue of the revocation process that is considered as a performance killer, and 3) building a collusion resistant system. The aim of our work is to construct an access control scheme that provides secure storing and sharing sensitive data on the cloud and suits limited-resources devices. In this thesis, we analyse some of the existing, related issues and propose a scheme that extends the relevant existing techniques to resolve the inherent problems in CP-ABE without incurring heavy computation overhead. In particular, most existing revocation techniques require re-issuing many private keys for all non-revoked users as well as re-encrypting the related ciphertexts. Our proposed scheme offers a solution to perform a novel technique that dynamically changes the access privileges of legitimate users. The scheme drives the access privileges in a specific way by updating the access policy and activating a user revocation property. Our technique assigns processing-intensive tasks to cloud servers without any information leakage to reduce the computation cost on resource-limited computing devices. Our analytical theoretical and experimental findings and comparisons of our work with related existing systems indicate that our scheme is efficient, secure and more practical compared to the current related systems, particularly in terms of policy updating and ciphertext re-encryption. Therefore, our proposed scheme is suited to Internet of Things (IoT) applications that need a practical, secure access control scheme. Moreover, to achieve secure, public cloud storage and minimise the limitations of CP-ABE which mainly supports storing data only on a private cloud storage system managed by only one single authority, our proposed access control scheme is extended to a secure, critical access control scheme with multiple authorities. This scheme ought to be carefully designed to achieve fine-grained access control and support outsourced-data confidentiality. In addition, most existing multi-authority access control schemes do not properly consider the revocation issue due to the difficulty of addressing it in distributed settings. Therefore, building a multi-authority CP-ABE scheme along with addressing changes to policy attributes and users, have motivated many researchers to develop more suitable schemes with limited success. By leveraging the existing work, in this thesis, we propose a second CP-ABE scheme that tackles most of the existing work’s limitations and allows storing data securely on a public cloud storage system by employing multiple authorities which manage a joint set of attributes. Furthermore, the proposed scheme efficiently maintains the revocation by adapting the two techniques used in the first proposed single authority access control scheme to allow dynamic policy update and invalidate a revoked user’s secret key that eliminates collusion attacks. In terms of computation overhead, the proposed multi-authority scheme outsources expensive operations of encryption and decryption to a cloud server to mitigate the burden on a data owner and data users, respectively. Our scheme analysis and the theoretical and implemented results demonstrate that our scheme is scalable and efficient.

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: Cloud Computing; Security; Ciphertext-policy Attribute Based Encryption
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Computer Science & Mathematics
Date Deposited: 10 Jul 2019 07:44
Last Modified: 28 Nov 2022 11:58
DOI or ID number: 10.24377/LJMU.t.00011013
Supervisors: Shi, Q, Lee, GM and Kifayat, K
URI: https://researchonline.ljmu.ac.uk/id/eprint/11013
View Item View Item