Efficient, revocable and auditable access over encrypted cloud data

Abstract

Cloud data outsourcing services can potentially help reduce the IT budget of organizations. However, they pose significant risks to the security and privacy of the data as the data is outsourced to untrusted third-party servers. In this thesis, we propose security mechanisms for cloud data access control using symmetric key primitives. The contributions of this thesis are summarized below. We critically analyze the two types of key management hierarchy used for access control in outsourced data: user-based and resource-based. We show that both types of hierarchy have comparable public storage requirements. This result disproves a common belief that resource-based hierarchies require significantly more storage than user-based hierarchies. We also show that resource-based hierarchies are more efficient in terms of computation and communication cost as compared to user-based hierarchies with respect to dynamic operations. The performance evaluation of dynamic operations is shown experimentally. We design a subscription-based hierarchical key assignment scheme with single key storage per user. Our construction is based on indirect key derivation with dependent keys. It reduces the public storage requirement of existing schemes, while also reducing the secret storage cost at the central authority.The scheme is formally analyzed using the provable security notion of key non-recovery. To our knowledge, this would be the first hierarchical key assignment scheme using dependent keys with a rigorous security proof. A weakness of existing write access control schemes is that a write authorized user can modify the files written by him even after the write privilege is revoked. We propose audit-based protocols so that if any unauthorized writes are performed they can be detected by the data owner. The protocols are implemented on Microsoft Azure platform and it is shown that the suggested mechanisms are viable in practice. It is important to ensure that the read operation returns the latest updated version of the requested file. The service provider may misbehave by sending an old version of a file instead of the current version. If the read operation returns stale data, the reader may be mislead. We propose an auditbased mechanism that provides a strong freshness guarantee ensuring that the file returned by the read operation is fresh at least until the time when the file was sent by the service provider. A cloud-based personal health record (PHR) management system allows a user to store, share and update her outsourced PHR data, access online medical services, at anytime and from anywhere. Unlinkability is an essential privacy requirement for such system which ensures that PHR data cannot be linked to its owner. However, a cloud service provider can still observe the linkage between them as it can observe the traffic. We propose a symmetric key based PHR management system that provides a stronger privacy guarantee called unobservability. Unobservability implies unlinkability between the communicating parties against a malicious service provider, whereas the converse is not true.