Cryptographically enforced distributed data access control


Ibraimi, Luan (2011) Cryptographically enforced distributed data access control. thesis.

open access
Abstract:Outsourcing data storage reduces the cost of ownership. However, once data is stored
on a remote server, users lose control over their sensitive data.
There are two approaches to control the access to outsourced data. The first
approach assumes that the outsourcee is fully trusted. This approach is also referred
to as server mediated access control and works as follows: whenever a user wants
to access the stored data, the user has to provide credentials to the server. If the
credentials are valid and satisfy the access control policy, the user is allowed to access
the stored data. However, fully trusting the server can be dangerous since if the
server gets hacked, all users data would be readable by hackers. The second approach
reduces the trust on the server and assumes that the server is honest-but-curious:
the server is honest in the sense that it stores the data correctly and makes the data
available to users, and the server is curious in the sense that it attempts to extract
knowledge from the stored data. This approach is also referred as cryptographically
enforced access control because it relies on encryption techniques to enforce an access
control policy. The main idea of this approach is to map an access control policy
into an encryption key, and then to encrypt the data under the encryption key such
that only authorized users who possess a decryption key can access the data in clear.
Even if the server gets hacked, user data are secure since the data are encrypted.
In this thesis we focus on the second approach and propose new encryption
schemes for enforcing access control policies with significant advantages over existing
ones. In particular, we push the limits of three cryptographic primitives: proxy
re-encryption, attribute-based encryption and public-key encryption.
Item Type:Thesis
Additional information:SIKS Dissertation Series; no. 2011-41
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:
Official URL:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page

Metis ID: 279668