In The Name of God
Master Thesis Defense Session
Computer Engineering, Information Technology Engineering
Supervisor:
Dr. Maede Ashouri
Internal Reviewer:
Dr. Hamid Mala
External Reviewer:
Dr. Abbas Cheraghi
Researcher:
Mohsen Haji Mohammadi
Date: 21 September 2022
Time: 4:00 PM
Location:
Ansari building, Third floor, Dr. Braani Hall
Online link : lms.ui.ac.ir
Guest Account:
Username: computer
Password: computer1305
Topic:
Multi-Authority Access Control System with Joint-Attribute Management and User Revocation
Data outsourcing to cloud servers allows us for extensive and flexible use of cloud computing resources. However, many security concerns have been raised due to hosting sensitive data in an untrusted cloud environment. Access control is the first defensive line to prevent unauthorized access to stored data. Furthermore, attribte-based encryption mechanisms can implement fine-grained access control in an untrusted cloud and enforce data owners' access policies. The data owner encrypts his data by defining an access policy on a set of attributes and stores it on the cloud server. The authorities are responsible for the key management. In multi-authority architecture, there are several semi-honest authorities which manages one or more attributes, individually or jointly. However, there are some challenges: the key escrow problem, the revocation process and building a collusion-resistant system. This study presents a multi-authority attribute-based access control scheme with common attribute management and user revocation property. The proposed scheme implements the direct user revocation approach by applying two methods of time interval and revocation list. In addition, by combining the user's unique ID and his key, it is resistant to collusion and provides forward and backward confidentiality. Also, applying secret sharing scheme for sharing the master key among the authorities, it will ensure that no authority alone has access to the master key, which solves the key escrow problem. To reduce the user's computational overhead, the heavy decryption operation is securely outsourced to a cloud server. The analysis of the proposed method shows that it provides the required security features with acceptable efficiency.