Use this URL to cite or link to this record in EThOS:
Title: Generic access control of cloud storage using attribute-based cryptography
Author: Xu, Zhiqian
ISNI:       0000 0004 8500 7104
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Access from Institution:
Cloud storage provides cost-efficient storage services in an era of increased demands on data generation and reliance. However, since cloud storage providers might not be trusted by end users, security and privacy are a major concern to data owners. Although cryptography is traditionally used to support data confidentiality, integrity and availability, data access control is yet another potential field. Cryptography can help achieve access control and authentication effectively. Data access control can be achieved by two major approaches: server-mediated access control and cryptographically-enforced access control. In server-mediated access control, servers receive access attempts and grant permissions based on pre-defined policies. This requires storage servers to be fully trusted, which is not the case in many storage environments. Cryptographically-enforced access control does not require the storage servers to be fully trusted since the data stored on storage servers is encrypted. Data access control is enforced through the management of decryption keys. If the key distribution process is not managed by cloud service providers directly, data secrecy and user privacy will be protected in untrusted cloud storage environments. However, if data owners are directly involved in key distribution, access control could become cumbersome to operate in a cloud storage environment. Therefore, scalable and flexible access control schemes are necessary for securing storage systems in untrusted clouds. Attribute-based Encryption (ABE) provides both cryptographically-enforced confidentiality and access control in cloud storage environments. This allows data to be protected with automatically enforced access policies. Key distribution can be delegated to attribute authorities that do not require the direct involvement of data owners. However, current access control schemes associated with existing ABE schemes are inflexible and have limitations concerning dynamic user and attribute revocation, key refreshing and revocation, and key escrow. Attribute-based signature (ABS) schemes can also be used to facilitate anonymous access control and allow users to sign messages without disclosing their identities. However, access control schemes associated with existing ABS schemes also have practical limitations concerning dynamic user and attribute revocation, in particular anonymous user revocation. In this thesis, we improve the practicality of access control mechanism for securing data stored on untrusted cloud storage. We adopt existing attributed-based cryptography and provide them with more flexible user and attribute management capability. We propose two deployment models and three systems that can be used with existing ABE and ABS schemes with no, or minor, modifications. Those adaptations reduce the management overheads and improve the scalability of attributed-based cryptography deployment to support security in cloud storage environments.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available