Fuzzy Authorization for Cloud Storage

Zhu, Shasha

January 2013

It is widely accepted that OAuth is the most popular authorization scheme adopted and implemented by industrial and academic world, however, it is difficult to adapt OAuth to the situation in which online applications registered with one cloud party intends to access data residing in another cloud party. In this thesis, by leveraging Ciphertext-Policy Attribute Based Encryption technique and Elgamal-like mask over the protocol, we propose a reading authorization scheme among diverse clouds, which is called fuzzy authorization, to facilitate an application registered with one cloud party to access to data residing in another cloud party. More importantly, we enable the fuzziness of authorization thus to enhance the scalability and flexibility of file sharing by taking advantage of the innate connections of Linear Secret-Sharing Scheme and Generalized Reed Solomon code. Furthermore, by conducting error checking and error correction, we eliminate operation of satisfying a access tree. In addition, the automatic revocation is realized with update of TimeSlot attribute when data owner modifies the data. We prove the security of our schemes under the selective-attribute security model. The protocol flow of fuzzy authorization is implemented with OMNET++ 4.2.2 and the bi-linear pairing is realized with PBC library. Simulation results show that our scheme can achieve fuzzy authorization among heterogeneous clouds with security and efficiency.

Authorization

Cloud Storage

Security Protocol

CP-ABE

Fuzzy

Privacy-Preserving Location-Aware Data Availability and Access Authorization in Public Safety Broadband Networks

Ghafghazi, Hamidreza

January 2017

The increased demand for interoperability among Emergency Responders (ERs) and timely accessibility to a large amount of reliable, accurate, context and location aware, and privacy-preserved data (e.g., environmental data, health records, building plan, etc.), mandates the emergence of dedicated Public Safety Broadband Networks (PSBNs). However, realizing PSBNs and addressing such requirements encounters substantial challenges. For example, several security and privacy vulnerabilities have been detected in the Long Term Evolution (LTE) which is the leading enabler of PSBNs. Nonetheless, the more significant challenge lies under the corresponding data requirements. This is because data is unstructured, its volume is enormous, and it includes inaccurate, irrelevant, and context-free data. Moreover, the data sources are heterogeneous and may not be reachable in an emergency. Furthermore, the data contains personally identifiable information for which privacy and access authorization should be respected. In this thesis, we investigate and address the aforementioned challenges. Here, we propose an efficient and secure algorithm to mitigate the main security and privacy vulnerability of LTE. In addition, to provide context and location aware data availability during an emergency, we propose a secure data storage structure and privacy-preserving search scheme. Furthermore, we propose a location-aware data access model to filter irrelevant data with regards to an incident and prevent unauthorized data access. To envision our access model, we propose a location-aware fine grained access authorization scheme. Our security analysis shows that our search scheme is secure against a chosen keyword attack and the proposed authorization scheme is formally proven secure against a selective chosen ciphertext attack. Concerning performance efficiency, our search scheme requires minimal data search and retrieval delay and the proposed authorization scheme imposes constant communication and decryption computation overheads. Finally, we propose a context-aware framework, which fully complies with emergency response requirements, based on the concept of trust to filter-out inaccurate and irrelevant data. The integration of our contributions promises highly reliable, accurate, context and location aware, and privacy-preserved data availability and timely data accessibility.

Actionable information availability

Public Safety Networks

Access Authorization

Privacy

Návrh dílčí části informačního systému / Design of an Information System Part

Kaššák, Marián

January 2019

The diploma thesis deals with the analysis of the company and the focus on data security. Based on the company analysis and requirements is designed a new system of employee authorization in CMS systems of the company. The design of the employee authorization API solution is based on the OAuth 2.0 protocol.

Analyses, Mitigation and Applications of Secure Hash Algorithms

Al-Odat, Zeyad Abdel-Hameed

January 2020

Cryptographic hash functions are one of the widely used cryptographic primitives with a purpose to ensure the integrity of the system or data. Hash functions are also utilized in conjunction with digital signatures to provide authentication and non-repudiation services. Secure Hash Algorithms are developed over time by the National Institute of Standards and Technology (NIST) for security, optimal performance, and robustness. The most known hash standards are SHA-1, SHA-2, and SHA-3. The secure hash algorithms are considered weak if security requirements have been broken. The main security attacks that threaten the secure hash standards are collision and length extension attacks. The collision attack works by finding two different messages that lead to the same hash. The length extension attack extends the message payload to produce an eligible hash digest. Both attacks already broke some hash standards that follow the Merkle-Damgrard construction. This dissertation proposes methodologies to improve and strengthen weak hash standards against collision and length extension attacks. We propose collision-detection approaches that help to detect the collision attack before it takes place. Besides, a proper replacement, which is supported by a proper construction, is proposed. The collision detection methodology helps to protect weak primitives from any possible collision attack using two approaches. The first approach employs a near-collision detection mechanism that was proposed by Marc Stevens. The second approach is our proposal. Moreover, this dissertation proposes a model that protects the secure hash functions from collision and length extension attacks. The model employs the sponge structure to construct a hash function. The resulting function is strong against collision and length extension attacks. Furthermore, to keep the general structure of the Merkle-Damgrard functions, we propose a model that replaces the SHA-1 and SHA-2 hash standards using the Merkle-Damgrard construction. This model employs the compression function of the SHA-1, the function manipulators of the SHA-2, and the $10*1$ padding method. In the case of big data over the cloud, this dissertation presents several schemes to ensure data security and authenticity. The schemes include secure storage, anonymous privacy-preserving, and auditing of the big data over the cloud.

authorization

big data

cloud computing

cryptography

hash algorithms

security

Authorization schema for electronic health-care records : For Uganda

Fernández, Alexis Martínez

January 2012

This master’s thesis project began at the Karolinska University Hospital. This thesis discusses how to design an authorization schema focused on ensuring each patient’s data privacy within a hospital information system. It begins with an overview of the current problem, followed by a review of related work. The overall project’s goal is to create and evaluate an authorization schema that can ensure each patient’s data confidentiality. Authorization has currently become a very important aspect in information systems, to the point of being a necessity when implementing a complete system for managing access control in certain complex environments. This requirement lead to the approach that this master thesis takes for effectively reasoning about authorization requests in situations where a great number of parameters could affect the access control assessment. This study is part of the ICT4MPOWER project developed in Sweden by both public and private organizations with the objective of improving health-care aid in Uganda through the use of information and communication technologies.  More concretely, this work defines an authorization schema that can cope with the increasing needs of sophisticated access control methods where a complex environment exists and policies require certain flexibility. / Detta examensarbete projektet startade vid Karolinska Universitetssjukhuset. Denna avhandling diskuterar hur man designar ett tillstånd schema fokuserat på att säkerställa varje patients dataskydd inom ett sjukhus informationssystem. Det börjar med en översikt över det aktuella problemet, följt av en genomgång av arbete. Projektets övergripande mål är att skapa och utvärdera ett tillstånd schema som kan garantera varje patient data sekretess. Bemyndigande har för närvarande blivit en mycket viktig aspekt i informationssystem, till den grad att vara nödvändigt att genomföra komplett system för hantering av åtkomstkontroll i vissa komplexa miljöer. Detta är i själva verket den strategi som detta examensarbete tar för att effektivt resonemang om en ansökan om godkännande i situationer där ett stort antal parametrar kan påverka i åtkomstkontroll bedömningen. Denna studie är en del av ICT4MPOWER projektet utvecklades i Sverige av både offentliga och privata organisationer i syfte att förbättra stödet sjukvård i Uganda med användning av informations-och kommunikationsteknik.<p> Mer konkret definierar detta arbete ett tillstånd schema som kan hantera de ökande behoven av sofistikerade metoder för åtkomstkontroll där en komplex miljö finns och politik kräver en viss flexibilitet.

authorization

access control

electronic health record

Communication Systems

Kommunikationssystem

Red Door: Firewall Based Access Control in ROS

Shen, Ziyi

12 1900

ROS is a set of computer operating system framework designed for robot software development, and Red Door, a lightweight software firewall that serves the ROS, is intended to strengthen its security. ROS has many flaws in security, such as clear text transmission of data, no authentication mechanism, etc. Red Door can achieve identity verification and access control policy with a small performance loss, all without modifying the ROS source code, to ensure the availability and authentication of ROS applications to the greatest extent.

Firewall

Computer Science

DYNAMICKÝ BIOMETRICKÝ PODPIS JAKO EFEKTIVNÍ NÁSTROJ PRO VNITROPODNIKOVOU KOMUNIKACI / DYNAMIC BIOMETRIC SIGNATURE AS AN EFFICIENT TOOL FOR INTERNAL CORPORATE COMMUNICATION

Hortai, František

January 2019

The aim of this thesis is to provide comprehensive information on the possibilities of authentication, combination of authentication factors and the integration of this issue into corporate communication. The work focuses on this issue and specifies the possibilities for obtaining authentication information, analyses the authentication methods, identification and authorization. It examines the applicability of biometric technologies, the principle of their functionality, examples of their use, their impact, the advantages and disadvantages they bring. A natural, easy-to-use, convenient tool for effective and secure communication is authentication including the dynamic biometric signature. The issues of the dynamic biometric signature technology and its implementation are examined from a comprehensive perspective involving experiments. The research proved that the dynamic biometric signature can serve as a method for supporting secure corporate communication and reduce authentication risks in companies and for individuals.

Preserving Trust Across Multiple Sessions in Open Systems

Chan, Fuk-Wing Thomas

13 July 2004

Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the trust preservation facility when approximately 25% of its requests are from repeat customers. The throughput and response time improve up to approximately 33% as the percentage of repeat customers grows to 100%.

Trust negotiation

single-sign-on

authentication

authorization

security

Computer Sciences

Frequency of Test Approval after Preauthorization, Peer-to-peer, Appeal Letter, and Independent External Review: A Retrospective Chart Review

O'Sullivan, Colleen

January 2022

No description available.

Genetics

insurance

preauthorization

prior-authorization

genetic testing

genetics

Are Appropriators Actually Authorizers in Sheep's Clothing? A Case Study of the Policymaking Role of the House and Senate Appropriations Subcommittees on Labor, Health and Human Services, Education, and Related Agencies

Ginieczki, Michael Boyce

03 May 2010

In the U.S. Congress, the authorization-appropriation process is the formal model that establishes the separation between legislative and funding bills. Additionally, it determines the jurisdiction of the congressional committees that oversee those bills. However, a number of scholars have concluded that the authorization-appropriations dichotomy is substantially different in practice than the model suggests. Research in this area has shown that broad changes over the years have altered the roles of the authorization and appropriations committees. At different times, members of the appropriations committees have been regarded as guardians of the federal treasury, advocates of federal funds for their congressional district, or partisans in support of a political agenda (Adler, 2000). In addition to these roles, appropriators evidently have become more active in policymaking -- a role that traditionally has been the domain of the authorizing committees. To further explore the policymaking role of appropriators, this dissertation used a case study approach that traced appropriators' interactions with the executive branch, focusing on a federal agency and its links with the appropriations subcommittees that have oversight and funding jurisdiction over the agency's programs. Specifically, the study analyzed the relationship between the House and Senate Subcommittees on Labor, Health and Human Services, Education, and Related Agencies (L/ HHS) and the U.S. Department of Health and Human Services' Agency for Healthcare Research and Quality (AHRQ) during the period from 1989-2009. Through an examination of critical incidents and contextual elements, this dissertation examined whether the Subcommittees on L/HHS increasingly have become significant players in shaping AHRQ's policies and direction. In addition, the dissertation examined the impacts on AHRQ and possible reciprocal [Agency] influences on the Subcommittees. This research has the potential to build on existing works related to the dynamics of the authorization-appropriations process. Moreover, this research could provide a conceptual framework for analyzing the roles that the other congressional appropriations subcommittees play in relation to the executive branch agencies under their jurisdictions. / Ph. D.

authorization

congressional committees

policymaking

appropriations