A Secrecy-Preserving Access Control in Data Outsourcing Scenario

Karimi, Leila | 2013

647 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 45227 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasool
  7. Abstract:
  8. One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes three challenges; 1) the average number of keys needed to access authorized resources, 2) efficient update of policies, and 3) confidentiality of data owner’s access control policies. Most of the existing proposed solutions address only one of these challenges, while they impose high overhead on both the data owner and users. Such an overhead prevents the model to be implemented in practical applications. In this thesis, we propose an approach to address all the aforementioned challenges with acceptable overhead. In this approach, which is based on selective encryption, Chinese Remainder Theorem is used for key management while proxy re-encryption is used for efficient access control policy updates. Using these two techniques results in the transparency of access control policies, defined as access control list, from both the server and users. Our analysis and comparison with the other approaches show that the model imposes an acceptable overhead on users as well as the data owner while it addresses the three challenges. In addition to the three challenges, enforcing write access control has also been paid attention in the literature and is considered in our approach using CRT
  9. Keywords:
  10. Access Control ; Database Outsourcing ; Selective Encryption ; Chinese Remainder Theorem ; Proxy Reencryption

 Digital Object List