SECURE, POLICY-BASED, MULTI-RECIPIENT DATA SHARING
In distributed systems users often need to share sensitive data with other usersbased on the latter's ability to satisfy various policies. In many cases the data ownermay not even know the identities of the data recipients, but deems it crucial that theyare legitimate; i.e., satisfy the policy. Enabling such data sharing over the Internetfaces the challenge of (1) securely associating access policies with data and enforcingthem, and (2) protecting data as it traverses untrusted proxies and intermediaterepositories. Furthermore, it is desirable to achieve properties such as: (1) flexibilityof access policies; (2) privacy of sensitive access policies; (3) minimal reliance ontrusted third parties; and (4) efficiency of access policy enforcement. Often schemesenabling controlled data sharing need to trade one property for another. In thisdissertation, we propose two complimentary policy-based data sharing schemes thatachieve different subsets of the above desired properties.In the first part of this dissertation, we focus on CiphertextPolicy Attribute-Based Encryption (CP-ABE) schemes that specify and enforce access policies cryptographically and eliminate trusted mediators. We motivate the need for flexibleattribute organization within user keys for efficient support of many practicalapplications. We then propose Ciphertext-Policy Attribute-Set Based Encryption(CP-ASBE) which is the first CP-ABE scheme to (1) efficiently support naturallyoccurring compound attributes, (2) support multiple numerical assignments for agiven attribute in a single key and (3) provide efficient key management. While theCP-ASBE scheme minimizes reliance on trusted mediators, it can support neithercontext-based policies nor policy privacy. In the second part of this dissertation,we propose Policy Based Encryption System (PBES), which employs mediated decryptionand supports both context-based policies and policy privacy. Finally, we integrate the proposed schemes into practical applications (i.e., CP-ASBE scheme with Attribute-BasedMessaging (ABM) and PBES scheme with a conditional data sharing application in the Power Grid) and demonstrate their usefulness in practice.
Year of publication: |
2009
|
---|---|
Authors: | Bobba, Rakesh B. |
Other Persons: | Gligor, Virgil D. (contributor) |
Subject: | Engineering | Electronics and Electrical | Computer Science | Computer Engineering | Attribute-Based Encryption | Attribute-Based Messaging | Phasor Measurement Unit | Policy-Based Encryption |
Saved in:
freely available
Saved in favorites
Similar items by subject
-
Wood, James L.,
-
Applying Perceptrons to Speculation in Computer Architecture
Black, Michael David, (2007)
-
Secure and Private Data Aggregation in WSN
Taban, Gelareh, (2008)
- More ...