Global ETD Search

11	Attribute-Based Proxy Re-Encryption Chen, Chun-Hung 30 August 2012 (has links) Cloud computing has been developed rapidly in recent years, and offers novel concepts and innovations in computer use. One application of cloud computing is that people can designate a proxy to help them to execute a number of tasks in certain situations instead of undertaking all tasks themselves. With this application, people can benefit from the proxy; however, some information is revealed to the proxy, such as their activities, and private data. That is, the proxy is aware of the actions of people through delegation processes, and proxy re-encryption which is a cryptographic primitive has been proposed to solve this problem. In the proxy re-encryption system, when a user (e.g., Alice) wants to send a ciphertext that is encrypted by her secret key and stored in the cloud to another user (e.g., Bob), she can designate a proxy to transform the ciphertext into a different ciphertext that can be decrypted by Bob¡¦s private key. Based on attribute-based encryption and proxy re-encryption, we propose attribute-based proxy re-encryption with bilinear pairing. Furthermore, in the proposed scheme, third paries cannot decrypt the ciphertext if they do no have matching attributes, regardless of being helped by proxy. Finally, we offer security proofs to demonstrate that the proposed scheme satisfies the essential requirements of attribute-based encryption schemes and proxy re-encryption schemes. Proxy Re-Encryption Attribute-based encryption Bilinear pairing Cryptographic primitive Cloud computing
12	Η κοινωνική παράμετρος στην προστασία της ιδιωτικότητας του ατόμου - χρήστη νέων τεχνολογιών Τσαγκανού, Μαρία 17 July 2014 (has links) Σκοπός της παρούσας εργασίας είναι να μελετήσουμε τη συμπεριφορά των χρηστών νέων τεχνολογιών και τους παράγοντες που αλληλεπιδρούν στην οικοδόμηση της εμπιστοσύνης τους απέναντι σε αυτές. Παράλληλα, εξετάζουμε τη στάση των χρηστών απέναντι στα ABC διαπιστευτήρια με δυνατότητα ελάχιστης αποκάλυψης προσωπικών δεδομένων (minimal disclosure), ως λύση για την προστασία της ιδιωτικότητάς τους. / The purpose of this paper is to study the behavior of users of new technologies and the factors that interact to build their confidence against them. In addition, we examine the attitude of users towards ABC credentials with minimal disclosure of personal data, as a solution to protect their privacy. Ιδιωτικότητα 323.448 Privacy Minimal disclosure Attribute based credentials
13	Attribute-based access control for distributed systems Cheperdak, David J. B. 26 April 2013 (has links) Securing information systems from cyber attacks, malware and internal cyber threats is a difficult problem. Attacks on authentication and authorization (access control) is one of the more predominant and potentially rewarding attacks on distributed architectures. Attribute-Based Access Control (ABAC) is one of the more recent mechanisms to provide access control capabilities. ABAC combines the strength of cryptography with semantic expressions and relational assertions. By this composition, a powerful grammar is devised that can not only define complex and scalable access control policies, but defend against attacks on the policy itself. This thesis demonstrates how ABAC can be used as a primary access control solution for enterprise and commercial applications. / Graduate / 0984 / djbchepe@gmail.com Access Control Cyber Securty Cloud Computing ABAC Attribute-Based Access Control
14	Secure Schemes for Semi-Trusted Environment Tassanaviboon, Anuchart January 2011 (has links) In recent years, two distributed system technologies have emerged: Peer-to-Peer (P2P) and cloud computing. For the former, the computers at the edge of networks share their resources, i.e., computing power, data, and network bandwidth, and obtain resources from other peers in the same community. Although this technology enables efficiency, scalability, and availability at low cost of ownership and maintenance, peers defined as ``like each other'' are not wholly controlled by one another or by the same authority. In addition, resources and functionality in P2P systems depend on peer contribution, i.e., storing, computing, routing, etc. These specific aspects raise security concerns and attacks that many researchers try to address. Most solutions proposed by researchers rely on public-key certificates from an external Certificate Authority (CA) or a centralized Public Key Infrastructure (PKI). However, both CA and PKI are contradictory to fully decentralized P2P systems that are self-organizing and infrastructureless. To avoid this contradiction, this thesis concerns the provisioning of public-key certificates in P2P communities, which is a crucial foundation for securing P2P functionalities and applications. We create a framework, named the Self-Organizing and Self-Healing CA group (SOHCG), that can provide certificates without a centralized Trusted Third Party (TTP). In our framework, a CA group is initialized in a Content Addressable Network (CAN) by trusted bootstrap nodes and then grows to a mature state by itself. Based on our group management policies and predefined parameters, the membership in a CA group is dynamic and has a uniform distribution over the P2P community; the size of a CA group is kept to a level that balances performance and acceptable security. The muticast group over an underlying CA group is constructed to reduce communication and computation overhead from collaboration among CA members. To maintain the quality of the CA group, the honest majority of members is maintained by a Byzantine agreement algorithm, and all shares are refreshed gradually and continuously. Our CA framework has been designed to meet all design goals, being self-organizing, self-healing, scalable, resilient, and efficient. A security analysis shows that the framework enables key registration and certificate issue with resistance to external attacks, i.e., node impersonation, man-in-the-middle (MITM), Sybil, and a specific form of DoS, as well as internal attacks, i.e., CA functionality interference and CA group subversion. Cloud computing is the most recent evolution of distributed systems that enable shared resources like P2P systems. Unlike P2P systems, cloud entities are asymmetric in roles like client-server models, i.e., end-users collaborate with Cloud Service Providers (CSPs) through Web interfaces or Web portals. Cloud computing is a combination of technologies, e.g., SOA services, virtualization, grid computing, clustering, P2P overlay networks, management automation, and the Internet, etc. With these technologies, cloud computing can deliver services with specific properties: on-demand self-service, broad network access, resource pooling, rapid elasticity, measured services. However, theses core technologies have their own intrinsic vulnerabilities, so they induce specific attacks to cloud computing. Furthermore, since public clouds are a form of outsourcing, the security of users' resources must rely on CSPs' administration. This situation raises two crucial security concerns for users: locking data into a single CSP and losing control of resources. Providing inter-operations between Application Service Providers (ASPs) and untrusted cloud storage is a countermeasure that can protect users from lock-in with a vendor and losing control of their data. To meet the above challenge, this thesis proposed a new authorization scheme, named OAuth and ABE based authorization (AAuth), that is built on the OAuth standard and leverages Ciphertext-Policy Attribute Based Encryption (CP-ABE) and ElGamal-like masks to construct ABE-based tokens. The ABE-tokens can facilitate a user-centric approach, end-to-end encryption and end-to-end authorization in semi-trusted clouds. With these facilities, owners can take control of their data resting in semi-untrusted clouds and safely use services from unknown ASPs. To this end, our scheme divides the attribute universe into two disjointed sets: confined attributes defined by owners to limit the lifetime and scope of tokens and descriptive attributes defined by authority(s) to certify the characteristic of ASPs. Security analysis shows that AAuth maintains the same security level as the original CP-ABE scheme and protects users from exposing their credentials to ASP, as OAuth does. Moreover, AAuth can resist both external and internal attacks, including untrusted cloud storage. Since most cryptographic functions are delegated from owners to CSPs, AAuth gains computing power from clouds. In our extensive simulation, AAuth's greater overhead was balanced by greater security than OAuth's. Furthermore, our scheme works seamlessly with storage providers by retaining the providers' APIs in the usual way. Security Cloud Computing Access Control Authorization OAuth Attribute Based Encryption Electrical and Computer Engineering
15	Attribute Based Encryption of Electronic Health Records : Comparative study of existing algorithms Seethamraju, Arun Tej January 2017 (has links) Cloud Computing today, is an evolving technology which features large Data Storage and ready-to-access from any device. The Healthcare Industry stores large Databases of patient’s records, considering the advantages of Cloud Computing it is looking forward to moving on from the traditional, proprietary Database Management Model into an Open Source Cloud DBMS Model. To complete this transition, it is of primary importance to provide Privacy and Security for Electronic Medical Record / Electronic Health Record. There are several kinds of research being done on how to mitigate these privacy issues using algorithms like Attribute Based Encryption and Identity-Based Encryption. In this study, we compare the performance of these two attribute based encryption methods. This thesis compares the performance of the state-of-the-art Attribute Based Encryption Schemas for Electronic Medical Record / Electronic Health Record Systems. Performance evaluation is conducted in local and cloud environments. A Literature Review has been performed to identify the existing Cloud-based Electronic Health Record Systems which uses the attribute based encryption as a mechanism to mitigate the privacy issues and realization in Cloud. Two algorithms have been selected by performing snowballing from the IEEE Research Articles. Experimentation was performed on the two algorithms in a local machine and on Amazon Web Services Cloud Platform to compare the performance. Verification of performance in each stage of the execution of the algorithms, in both local machine and Cloud environment, was done. Attribute Based Encryption Electronic Health Records Cloud Computing Privacy Computer Sciences Datavetenskap (datalogi)
16	Attribute-Based Encryption in Systems with Resource Constrained Devices in an Information Centric Networking Context Borgh, Joakim January 2016 (has links) An extensive analysis of attribute-based encryption (ABE) in systems with resource constrained devices is performed. Two system solutions of how ABE can be performed in such systems are proposed, one where the ABE operations are performed at the resource constrained devices and one where ABE is performed at a powerful server. The system solutions are discussed with three different ABE schemes. Two of the schemes are the traditional key policy ABE (KP-ABE) and ciphertext policy ABE (CP-ABE). The third scheme is using KP-ABE to simulate CP-ABE, in an attempt to benefit from KP-ABE being computationally cheaper than CP-ABE while maintaining the intuitive way of using CP-ABE. ABE is a computationally expensive encryption method which might not be feasible to perform at the resource constrained sensors, depending on the hardware. An implementation of a CP-ABE scheme with a 128 bit security level was written and used to evaluate the feasibility of ABE on a sensor equipped with an ARM Cortex-M3 processor having 32 kB RAM and 256 kB flash. It is possible to perform CP-ABE on the sensor used in this project. The limiting factor of feasibility of ABE on the sensor is the RAM size. In this case policy sizes up to 12 attributes can be performed on the sensor. The results give an idea of the feasibility of encryption with ABE on sensors. In addition to the results several ways of improving performance of ABE on the sensor are discussed. Attribute-Based Encryption Internet of Things Information Centric Networking Other Computer and Information Science Annan data- och informationsvetenskap
17	Atributová autentizace na platformě Android / Attribute Authentication on Android Platform Strakoš, Jan January 2021 (has links) This master’s thesis focuses on implementation of ABC (Anonymous attribute-based credential) pilot system on the Android platform. The support for attribute authentication on the Android platform is very weak in terms of the number of implementations and needs a special attention. The theoretical part of the thesis describes the cryptographic support on the Android platform, the use of the Android Native Development Kit (NDK) and the Host-Card Emulation (HCE) service. The theoretical part of the thesis also includes a description of attribute authentication schemes, including a pilot RKVAC system. The practical part describes the implementation of the RKVAC system on the Android platform along with the implementation of a custom cryptographic kernel based on the native MCL cryptographic library. The practical part of this thesis describes implementation proces of RKVAC system on Android plaform, that uses native cryptographic library MCL. The final part shows the results of time, memory and computation difficulty of developed applications.
18	Attribute-Based Encryption for Fine-Grained Access Control over Sensitive Data January 2020 (has links) abstract: The traditional access control system suffers from the problem of separation of data ownership and management. It poses data security issues in application scenarios such as cloud computing and blockchain where the data owners either do not trust the data storage provider or even do not know who would have access to their data once they are appended to the chain. In these scenarios, the data owner actually loses control of the data once they are uploaded to the outside storage. Encryption-before-uploading is the way to solve this issue, however traditional encryption schemes such as AES, RSA, ECC, bring about great overheads in key management on the data owner end and could not provide fine-grained access control as well. Attribute-Based Encryption (ABE) is a cryptographic way to implement attribute-based access control, which is a fine-grained access control model, thus solving all aforementioned issues. With ABE, the data owner would encrypt the data by a self-defined access control policy before uploading the data. The access control policy is an AND-OR boolean formula over attributes. Only users with attributes that satisfy the access control policy could decrypt the ciphertext. However the existing ABE schemes do not provide some important features in practical applications, e.g., user revocation and attribute expiration. Furthermore, most existing work focus on how to use ABE to protect cloud stored data, while not the blockchain applications. The main objective of this thesis is to provide solutions to add two important features of the ABE schemes, i.e., user revocation and attribute expiration, and also provide a practical trust framework for using ABE to protect blockchain data. To add the feature of user revocation, I propose to add user's hierarchical identity into the private attribute key. In this way, only users whose identity is not revoked and attributes satisfy the access control policy could decrypt the ciphertext. To add the feature of attribute expiration, I propose to add the attribute valid time period into the private attribute key. The data would be encrypted by access control policy where all attributes have a temporal value. In this way, only users whose attributes both satisfy the access policy and at the same time these attributes do not expire, are allowed to decrypt the ciphertext. To use ABE in the blockchain applications, I propose an ABE-enabled trust framework in a very popular blockchain platform, Hyperledger Fabric. Based on the design, I implement a light-weight attribute certificate authority for attribute distribution and validation; I implement the proposed ABE schemes and provide a toolkit which supports system setup, key generation, data encryption and data decryption. All these modules were integrated into a demo system for protecting sensitive les in a blockchain application. / Dissertation/Thesis / Masters Thesis Computer Science 2020 Engineering Computer science Attribute-Based Access Control Blockchain Data Security Encryption
19	PRIVACY-PRESERVING ATTRIBUTE-BASED ACCESS CONTROL IN A GRID Park, Sang Mork 27 October 2010 (has links) No description available. Computer Science Grid Security Attribute-Based Access Control Privacy DNF conversion CNF conversion Globus Shibboleth
20	Uma abordagem escalável para controle de acesso muitos para muitos em redes centradas de informação Silva, Rafael Hansen da January 2016 (has links) Um dos principais desafios em Redes Centradas em Informação (ICN) é como prover controle de acesso à publicação e recuperação de conteúdos. Apesar das potencialidades, as soluções existentes, geralmente, consideram um único usuário agindo como publicador. Ao lidar com múltiplos publicadores, elas podem levar a uma explosão combinatória de chaves criptográficas. As soluções projetadas visando a múltiplos publicadores, por sua vez, dependem de arquiteturas de redes específicas e/ou de mudanças nessas para operar. Nesta dissertação é proposta uma solução, apoiada em criptografia baseada em atributos, para controle de acesso a conteúdos. Nessa solução, o modelo de segurança é voltado a grupos de compartilhamento seguro, nos quais todos os usuários membros podem publicar e consumir conteúdos. Diferente de trabalhos anteriores, a solução proposta mantém o número de chaves proporcional ao de membros nos grupos e pode ser empregada em qualquer arquitetura ICN de forma gradual. A proposta é avaliada quanto ao custo de operação, à quantidade de chaves necessárias e à eficiência na disseminação de conteúdos. Em comparação às soluções existentes, ela oferece maior flexibilidade no controle de acesso, sem aumentar a complexidade do gerenciamento de chaves e sem causar sobrecustos significativos à rede. / One of the main challenges in Information-Centric Networking (ICN) is providing access control to content publication and retrieval. In spite of the potentialities, existing solutions often consider a single user acting as publisher. When dealing with multiple publishers, they may lead to a combinatorial explosion of cryptographic keys. Those solutions that focus on multiple publishers, on the other hand, rely on specific network architectures and/or changes to operate. In this dissertation, it is proposed a solution, supported by attribute-based encryption, for content access control. In this solution, the security model is focused on secure content distribution groups, in which any member user can publish to and retrieve from. Unlike previous work, the proposed solution keeps the number of cryptographic keys proportional to the number of group members, and may even be adopted gradually in any ICN architecture. The proposed solution is evaluated with respect to the overhead it imposes, number of required keys, and efficiency in the content dissemination. In contrast to existing solutions, it offers higher access control flexibility, without increasing key management process complexity and without causing significant network overhead. Redes : Computadores Gerencia : Redes : Computadores Information-centric networking Access control Many-to-many publication and retrival Attribute-based encryption

Search results