Spelling suggestions: "subject:"attribute based encryption"" "subject:"atttribute based encryption""
11 |
Attribute-based encryption : robust and efficient constructionsRouselakis, Ioannis 26 September 2013 (has links)
Attribute-based encryption is a promising cryptographic primitive that allows users to encrypt data according to specific policies on the credentials of the recipients. For example, a user might want to store data in a public server such that only subscribers with credentials of specific forms are allowed to access them. Encrypting the data once for each party is not only impractical but also raises important privacy issues. Therefore, it would be beneficial to be able to encrypt only once for all desired parties. This is achievable by attribute-based encryption schemes, which come into several types and are applicable to a wide range of settings. Several attribute-based encryption schemes have been proposed and studied with a wide range of characteristics. For example, initial constructions proved to be significantly more challenging than constructing traditional public-key encryption systems and they imposed restrictions on the expressiveness of the Boolean formulas used during encryption. For several proposed schemes the total number of attributes was fixed during setup, while others allowed any string to be used as attribute ("large universe" constructions), but with considerable weaker security guarantees. Furthermore, these first constructions, although polynomial time, were impractical for wide deployment. This thesis is motivated by two main goals for ABE schemes: robustness and efficiency. For robustness, we propose a novel construction that achieves strong security guarantees and at the same time augments the capabilities of previous schemes. More specifically, we adapt existing techniques to achieve leakage-resilient ABE schemes with augmented robustness features making no compromises on security. For the second direction, our goal is to create practical schemes with as many features as possible, such as "large universe" and multi-authority settings. We showcase these claims with working implementations, benchmarks, and comparisons to previous constructions. Finally, these constructions lead us to new directions that we propose and intend to investigate further. / text
|
12 |
Uma abordagem escalável para controle de acesso muitos para muitos em redes centradas de informaçãoSilva, Rafael Hansen da January 2016 (has links)
Um dos principais desafios em Redes Centradas em Informação (ICN) é como prover controle de acesso à publicação e recuperação de conteúdos. Apesar das potencialidades, as soluções existentes, geralmente, consideram um único usuário agindo como publicador. Ao lidar com múltiplos publicadores, elas podem levar a uma explosão combinatória de chaves criptográficas. As soluções projetadas visando a múltiplos publicadores, por sua vez, dependem de arquiteturas de redes específicas e/ou de mudanças nessas para operar. Nesta dissertação é proposta uma solução, apoiada em criptografia baseada em atributos, para controle de acesso a conteúdos. Nessa solução, o modelo de segurança é voltado a grupos de compartilhamento seguro, nos quais todos os usuários membros podem publicar e consumir conteúdos. Diferente de trabalhos anteriores, a solução proposta mantém o número de chaves proporcional ao de membros nos grupos e pode ser empregada em qualquer arquitetura ICN de forma gradual. A proposta é avaliada quanto ao custo de operação, à quantidade de chaves necessárias e à eficiência na disseminação de conteúdos. Em comparação às soluções existentes, ela oferece maior flexibilidade no controle de acesso, sem aumentar a complexidade do gerenciamento de chaves e sem causar sobrecustos significativos à rede. / One of the main challenges in Information-Centric Networking (ICN) is providing access control to content publication and retrieval. In spite of the potentialities, existing solutions often consider a single user acting as publisher. When dealing with multiple publishers, they may lead to a combinatorial explosion of cryptographic keys. Those solutions that focus on multiple publishers, on the other hand, rely on specific network architectures and/or changes to operate. In this dissertation, it is proposed a solution, supported by attribute-based encryption, for content access control. In this solution, the security model is focused on secure content distribution groups, in which any member user can publish to and retrieve from. Unlike previous work, the proposed solution keeps the number of cryptographic keys proportional to the number of group members, and may even be adopted gradually in any ICN architecture. The proposed solution is evaluated with respect to the overhead it imposes, number of required keys, and efficiency in the content dissemination. In contrast to existing solutions, it offers higher access control flexibility, without increasing key management process complexity and without causing significant network overhead.
|
13 |
Uma abordagem escalável para controle de acesso muitos para muitos em redes centradas de informaçãoSilva, Rafael Hansen da January 2016 (has links)
Um dos principais desafios em Redes Centradas em Informação (ICN) é como prover controle de acesso à publicação e recuperação de conteúdos. Apesar das potencialidades, as soluções existentes, geralmente, consideram um único usuário agindo como publicador. Ao lidar com múltiplos publicadores, elas podem levar a uma explosão combinatória de chaves criptográficas. As soluções projetadas visando a múltiplos publicadores, por sua vez, dependem de arquiteturas de redes específicas e/ou de mudanças nessas para operar. Nesta dissertação é proposta uma solução, apoiada em criptografia baseada em atributos, para controle de acesso a conteúdos. Nessa solução, o modelo de segurança é voltado a grupos de compartilhamento seguro, nos quais todos os usuários membros podem publicar e consumir conteúdos. Diferente de trabalhos anteriores, a solução proposta mantém o número de chaves proporcional ao de membros nos grupos e pode ser empregada em qualquer arquitetura ICN de forma gradual. A proposta é avaliada quanto ao custo de operação, à quantidade de chaves necessárias e à eficiência na disseminação de conteúdos. Em comparação às soluções existentes, ela oferece maior flexibilidade no controle de acesso, sem aumentar a complexidade do gerenciamento de chaves e sem causar sobrecustos significativos à rede. / One of the main challenges in Information-Centric Networking (ICN) is providing access control to content publication and retrieval. In spite of the potentialities, existing solutions often consider a single user acting as publisher. When dealing with multiple publishers, they may lead to a combinatorial explosion of cryptographic keys. Those solutions that focus on multiple publishers, on the other hand, rely on specific network architectures and/or changes to operate. In this dissertation, it is proposed a solution, supported by attribute-based encryption, for content access control. In this solution, the security model is focused on secure content distribution groups, in which any member user can publish to and retrieve from. Unlike previous work, the proposed solution keeps the number of cryptographic keys proportional to the number of group members, and may even be adopted gradually in any ICN architecture. The proposed solution is evaluated with respect to the overhead it imposes, number of required keys, and efficiency in the content dissemination. In contrast to existing solutions, it offers higher access control flexibility, without increasing key management process complexity and without causing significant network overhead.
|
14 |
Integration of Attribute-Based Encryption and IoT: An IoT Security ArchitectureElbanna, Ziyad January 2023 (has links)
Services relying on internet of things (IoTs) are increasing day by day. IoT makes use of internet services like network connectivity and computing capability to transform everyday objects into smart things that can interact with users, and the environment to achieve a purpose they are designed for. IoT nodes are memory, and energy constrained devices that acquire information from the surrounding environment, those nodes cannot handle complex data processing and heavy security tasks alone, thus, in most cases a framework is required for processing, storing, and securing data. The framework can be cloud-based, a publish/subscribe broker, or edge computing based. As services relying on IoT are increasing enormously nowadays, data security and privacy are becoming concerns. Security concerns arise from the fact that most IoT data are stored unencrypted on untrusted third-party clouds, which results in many issues like data theft, data manipulation, and unauthorized disclosure. While some of the solutions provide frameworks that store data in encrypted forms, coarse-grained encryption provides less specific access policies to the users accessing data. A more secure control method applies fine-grained access control, and is known as attribute-based encryption (ABE). This research aims to enhance the privacy and the security of the data stored in an IoT middleware named network smart objects (NOS) and extend its functionality by proposing a new IoT security architecture using an efficient ABE scheme known as key-policy attribute-based encryption (KP-ABE) along with an efficient key revocation mechanism based on proxy re-encryption (PRE). Design science research (DSR) was used to facilitate the solution. To establish the knowledge base, a previous case study was reviewed to explicate the problem and the requirements to the artefact were elicited from research documents. The artefact was designed and then demonstrated in a practical experiment by means of Ubuntu operating system (OS). Finally, the artefact’s requirements were evaluated by applying a computer simulation on the Ubuntu OS. The result of the research is a model artefact of an IoT security architecture which is based on ABE. The model prescribes the components and the architectural structure of the IoT system. The IoT system consists of four entities: data producers, data consumers, NOS, and the TA. The model prescribes the new components needed to implement KP-ABE and PRE modules. First, data is transferred from data producers to NOS through secure hypertext transfer protocol (HTTPS), then the data is periodically processed and analyzed to obtain a uniform representation and add useful metadata regarding security, privacy, and data-quality. After that, the data is encrypted by KP-ABE using users’ attributes. PRE takes place when a decryption key is compromised, then the ciphertext is re-encrypted to prevent it’s disclosure. The evaluation results show that the proposed model improved the data retrieval time of the previous middleware by 32% and the re-encryption time by 87%. Finally, the author discusses the limitations of the proposed model and highlights directions for future research.
|
15 |
A SYSTEMATIC REVIEW OF ATTRIBUTE-BASED ENCRYPTION FOR SECURE DATA SHARING IN IoT ENVIRONMENT.Onwumere, Faith Nnenna January 2023 (has links)
Internet of Things (IoT) refers to a network of global and interrelated computing devices that connects humans and machines. It connects anything that has access to the internet and creates an avenue for data and information exchange. Devices within the IoT environment are embedded with processors, sensors and communication hardware that helps these devices collate data, analyze data (when needed), and transfer data amongst themselves. Even with the existence of IoT in making things easier for users and with the introduction of newer variants of IoT, several security and privacy challenges are introduced. In the rapidly evolving landscape of the Internet of Things (IoT), ensuring secure data sharing has become a critical concern. Attribute-based encryption (ABE) has emerged as a promising cryptographic technique for addressing security challenges in IoT environments. Attribute-Based Encryption (ABE) is a cryptographic method that provides public key encryption and access control based on attributes allocated. ABE can be used to encrypt data transmitted between IoT devices and the cloud. In situations where several devices have to interact with each other (e.g., smart home interacting with the user’s hospital IoT system), an intranet of things is formed, and these data is stored in the cloud. ABE can serve as a secure means of transmitting this data since these devices already possess unique attributes that can grant users access control. In this thesis, we aim to present a systematic review of the Attribute-Based Encryption techniques specifically designed for secure data sharing in IoT environments. The objective of this review is to analyze and synthesize existing research, identify trends, and highlight key findings in the field. Therefore, the document survey is chosen as the research strategy. PRISMA framework is followed in searching the eligible literature in 5 databases (Springer, ACM Digital library, Google Scholar, IEEE, Research Gate, Research Square, and Science Direct), with a final set of 30 articles retrieved from ACM Digital Library, IEEE, and Science Direct, all included for analysis. The results show insights on the several ABE approaches used in implementing a secure data sharing framework with access control (which involves enforcing policies that help data owners determine who can and cannot access their data), data privacy (which involves measures taken to ensure that confidentiality, integrity, and availability of any shared data), and data security (which involves practices that help protect any form of shared data from unauthorized access, tamper, or disclosure) in IoT devices.
|
16 |
Contrôle d’Accès Sécurisé dans l’Info-Nuage Mobile (Secure Access Control in Mobile Cloud)Baseri, Yaser 11 1900 (has links)
No description available.
|
17 |
Data Protection in Transit and at Rest with Leakage DetectionDenis A Ulybyshev (6620474) 15 May 2019 (has links)
<p>In service-oriented
architecture, services can communicate and share data among themselves. This
thesis presents a solution that allows detecting several types of data leakages
made by authorized insiders to unauthorized services. My solution provides
role-based and attribute-based access control for data so that each service can
access only those data subsets for which the service is authorized, considering
a context and service’s attributes such as security level of the web browser
and trust level of service. My approach provides data protection in transit and
at rest for both centralized and peer-to-peer service architectures. The methodology
ensures confidentiality and integrity of data, including data stored in untrusted
cloud. In addition to protecting data against malicious or curious cloud or
database administrators, the capability of running a search through encrypted
data, using SQL queries, and building analytics over encrypted data is
supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to
Encrypted Data Processing in Untrusted Environments) project, funded by
Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is
illustrated in this thesis for two use cases, including a Hospital Information
System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything
communication system with secure exchange of vehicle’s and drivers’ data, as
well as data on road events and road hazards. </p><p>To help with
investigating data leakage incidents in service-oriented architecture,
integrity of provenance data needs to be guaranteed. For that purpose, I
integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every
data access, transfer or update is recorded in a public blockchain ledger, is
non-repudiatable and can be verified at any time in the future. The work on
this project, called “Blockhub,” is in progress.</p>
|
18 |
Security in cloud computing / La sécurité dans le CloudLounis, Ahmed 03 July 2014 (has links)
Le Cloud Computing, ou informatique en nuages, est un environnement de stockage et d’exécution flexible et dynamique qui offre à ses utilisateurs des ressources informatiques à la demande via internet. Le Cloud Computing se développe de manière exponentielle car il offre de nombreux avantages rendus possibles grâce aux évolutions majeures des Data Centers et de la virtualisation. Cependant, la sécurité est un frein majeur à l’adoption du Cloud car les données et les traitements seront externalisés hors de site de confiance de client. Cette thèse contribue à résoudre les défis et les issues de la sécurité des données dans le Cloud pour les applications critiques. En particulier, nous nous intéressons à l’utilisation de stockage pour les applications médicales telles que les dossiers de santé électroniques et les réseaux de capteurs pour la santé. D’abord, nous étudions les avantages et les défis de l’utilisation du Cloud pour les applications médicales. Ensuite, nous présentons l’état de l’art sur la sécurité dans le Cloud et les travaux existants dans ce domaine. Puis nous proposons une architecture sécurisée basée sur le Cloud pour la supervision des patients. Dans cette solution, nous avons développé un contrôle d’accès à granularité fine pour résoudre les défis de la sécurité des données dans le Cloud. Enfin, nous proposons une solution de gestion des accès en urgence. / Cloud computing has recently emerged as a new paradigm where resources of the computing infrastructures are provided as services over the Internet. However, this paradigm also brings many new challenges for data security and access control when business or organizations data is outsourced in the cloud, they are not within the same trusted domain as their traditional infrastructures. This thesis contributes to overcome the data security challenges and issues due to using the cloud for critical applications. Specially, we consider using cloud storage services for medical applications such as Electronic Health Record (EHR) systems and medical Wireless Sensor Networks. First, we discuss the benefits and challenges of using cloud services for healthcare applications. Then, we study security risks of the cloud, and give an overview on existing works. After that, we propose a secure and scalable cloud-based architecture for medical applications. In our solution, we develop a fine-grained access control in order to tackle the challenge of sensitive data security, complex and dynamic access policies. Finally, we propose a secure architecture for emergency management to meet the challenge of emergency access.
|
19 |
Attribute-Based Encryption with dynamic attribute feature applied in Vehicular Ad Hoc Networks / Attributbaserad kryptering med dynamisk attributfunktion tillämpad i fordonsbaserade ad hoc-nätverkHuang, Zijian January 2022 (has links)
The Vehicular Ad Hoc Network (VANET) is a promising approach for future Intelligent Transportation Systems (ITS) implementation. The data transmission is wireless primarily in the VANET system. The secure data transmission in VANET attracts research attention without any doubt. The Ciphertext-Policy Attribute-Based Encryption (CP-ABE) provides an encrypted access control mechanism for broadcasting messages in VANET. The user’s attributes stand for its current property. However, if we apply vehicle location as the attribute, this attribute has to keep up-to-date with the vehicle’s movement. It is not easy for current CP-ABE algorithms because whenever one attribute changes, the entire private key, which is based on all the attributes, must be changed. In this thesis, we apply fading function to realize the “dynamic attribute” feature in CP-ABE. The dynamic attribute allows the user to update each attribute separately, and fading function gives each attribute a valid period. We introduce the dynamic attribute feature to three different CP-ABE algorithms. Then we design a VANET system that applies the CP-ABE with dynamic attribute feature. We evaluate the processing time of three different CP-ABE algorithms. We apply two different pairing curves for different security requirements. Our results show that the introduction of fading function does not cause significant extra time cost to current CP-ABE algorithms. The fading function causes extra 0.2ms on average for each attribute that participates in encryption and decryption. The sum-up time for encryption and decryption is between 100ms to 200ms when there are ten attributes participating in encryption and decryption. / VANET är ett lovande tillvägagångssätt för framtida genomförande av ITS. Dataöverföringen är i första hand trådlös i VANET-systemet. Den säkra dataöverföringen i VANET är utan tvekan föremål för forskningens uppmärksamhet. CP-ABE ger en krypterad åtkomstkontrollmekanism för sändning av meddelanden i VANET. Användarens attribut står för dennes aktuella egenskaper. Men om vi använder fordonets position som attribut måste detta attribut hålla sig uppdaterat med fordonets rörelse. Det är inte lätt för de nuvarande CP-ABE-algoritmerna eftersom hela den privata nyckeln, som är baserad på alla attribut, måste ändras när ett attribut ändras. I den här avhandlingen tillämpar vi fading-funktionen för att realisera funktionen ”dynamiskt attribut” i CP-ABE. Det dynamiska attributet gör det möjligt för användaren att uppdatera varje attribut separat, och fading-funktionen ger varje attribut en giltighetstid. Vi inför den dynamiska attributfunktionen i tre olika CP-ABE-algoritmer. Därefter utformar vi ett VANET-system som tillämpar CP-ABE med dynamisk attributfunktion. Vi utvärderar tidsåtgången för tre olika CP-ABE-algoritmer. Vi tillämpar två olika parningskurvor för olika säkerhetskrav. Våra resultat visar att införandet av fading-funktionen inte orsakar någon betydande tidsåtgång för de nuvarande CP-ABE-algoritmerna. Fading-funktionen orsakar i genomsnitt 0,2 ms extra för varje attribut som deltar i kryptering och dekryptering. Den sammanlagda tiden för kryptering och dekryptering är mellan 100 och 200 ms när tio attribut deltar i kryptering och dekryptering.
|
Page generated in 0.0789 seconds