Efficient Revocable and Auditable Access over Encrypted Cloud Data

Abstract

Cloud data outsourcing services can potentially help reduce the IT budget of organizations.However, they pose significant risks to the security and privacy of the data as the data is outsourced to untrusted third-party servers. In this thesis, newlinewe propose security mechanisms for cloud data access control using symmetric key primitives. The contributions of this thesis are summarized below. We critically analyze the two types of key management hierarchy used for access control in outsourced data: user-based and resource-based. We show that both types of hierarchy have comparable public storage requirements. This result disproves a common belief that resource-based hierarchies require significantly more storage than user-based hierarchies. We also show that resource-based hierarchies are more efficient in terms of computation newlineand communication cost as compared to user-based hierarchies with respect to dynamic operations. The performance evaluation of dynamic operations is shown experimentally.We design a subscription-based hierarchical key assignment scheme with single key storage per user. Our construction is based on indirect key derivation with dependent keys. It reduces the public storage requirement of existing schemes, while also reducing the secret storage cost at the central authority. The scheme is formally analyzed using the provable security notion of key non-recovery. To our knowledge, this would be the first hierarchical key assignment scheme using dependent keys with a rigorous security proof.A weakness of existing write access control schemes is that a write authorized user can modify the files written by him even after the write privilege is revoked. We propose audit-based protocols so that if any unauthorized writes are performed they can be detected by the data owner. The protocols are implemented on Microsoft Azure platform and it is shown that the suggested mechanisms are viable in practice. newline