具有效「撤回」機制之雲端隱私保護資料管理系統

Shih-Chien Chang; 張世謙

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/67286

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	吳家麟
dc.contributor.author	Shih-Chien Chang	en
dc.contributor.author	張世謙	zh_TW
dc.date.accessioned	2021-06-17T01:26:33Z	-
dc.date.available	2017-08-20
dc.date.copyright	2017-08-20
dc.date.issued	2017
dc.date.submitted	2017-08-07
dc.identifier.citation	[1] J. Bethencourt, A. Sahai, and B. Waters, 'Ciphertext-policy attribute based encryption,' in Security and Privacy, 2007. SP '07. IEEE Symposium on, 2007, pp. 321–334. [2] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, 'Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption,' IEEE Transactions on Parallel and Distributed Systems, vol. 24, pp. 131–143, Jan. 2013. [3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, 'Attribute-based encryption for fine-grained access control of encrypted data,' in Proceedings of the 13th ACM conference on Computer and communications security, 2006, pp. 213–229. [4] S. Yu, C. Wang, and K. Ren, 'Achieving secure, scalable, and fine-grained data access control in cloud computing,' in Infocom, 2010 proceedings IEEE, 2010, pp. 1–9. [5] D. Boneh and M. Franklin, 'Identity-based encryption from the weil pairing,' in Advances in Cryptology — CRYPTO 2001, 2001, pp. 213–229. [6] A. Sahai and B. Waters, 'Fuzzy identity-based encryption,' in Advances in Cryptology — EUROCRYPT 2005, 2005, pp. 457–473. [7] T. Jung, X. Li, and Z. Wan, 'Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption,' IEEE Transactions on Information Forensics and Security, vol. 10, pp. 190–199, Jan. 2015. [8] S. Ruj, M. Stojmenovic, Milos Stojmenovic, and A. Nayak, 'Privacy preserving access control with authentication for securing data in clouds,' in Cluster, Cloud and Grid Computing (CCGrid), 2012 12th IEEE/ACM International Symposium on, 2012, pp. 556–563. [9] X. Liang, R. Lu, X. Lin, and X. Shen, 'Ciphertext policy attribute based encryption with efficient revocation,' Technical Report, University of Waterloo, 2010. [10] M. Blaze, G. Bleumer, and M. Strauss, 'Divertible protocols and atomic proxy cryptography,' in Advances in Cryptology — EUROCRYPT'98, 1998, pp. 127–144. [11] S. Yu, C. Wang, K. Ren, and W. Lou, 'Attribute based data sharing with attribute revocation,' in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010, pp. 261–270. [12] J. Hur and D. Noh, 'Attribute-based access control with efficient revocation in data outsourcing systems,' IEEE Transactions on Parallel and Distributed Systems, vol. 99, pp. 1214–1221, Nov. 2011. [13] Kallahalla, Mahesh, et al. 'Plutus: Scalable Secure File Sharing on Untrusted Storage.' in Proc. of FAST’03, 2003. pp. 29–42 [14] A. Beimel, 'Secure schemes for secret sharing and key distribution,' PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996. [15] Ciphertext-Policy Attribute-based Encryption Toolkit. [Online]. Available: http://acsc.csl.sri.com/cpabe/, accessed 2016.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/67286	-
dc.description.abstract	根據各種原因，有很多數據管理系統將高計算量的工作量指派到公共雲服務提供商。眾所周知，一旦我們將任務委託給雲服務器，我們可能會面臨一些威脅，例如用戶屬性信息的隱私侵權;因此，一個適當的隱私保護機制是構建基於雲的安全數據管理系統（SCBDMS）的必需條件。即使服務器是以誠實但好奇的方式工作的，設計可靠的SCBDMS並且具有服務器強制的撤銷能力是一項非常具有挑戰性的任務。在現有的數據管理系統中，很少提供隱私保護撤銷服務，特別是外包給第三方時。在這項工作中，透過無意識轉移的幫助和新提出的無狀態延遲重新加密（SLREN）機制，建立了具有安全，可靠和高效的服務器強制屬性撤銷能力的SCBDMS。與相關工作相比，實驗結果表明，在新建的SCBDMS中，由於SLREN的性質，雲服務器的存儲需求和雲服務器與系統用戶之間的通信開銷大大減少。	zh_TW
dc.description.abstract	There are lots of data management systems, according to various reasons, designating their high computational work-loads to public cloud service providers. It is well-known that once we entrust our tasks to a cloud server, we may face several threats, such as privacy-infringement with regard to users’ attribute information; therefore, an appropriate privacy preserving mechanism is a must for constructing a secure cloud-based data management system (SCBDMS). To design a reliable SCBDMS with server-enforced revocation ability is a very challenging task even if the server is working under the honest-but-curious mode. In existing data management systems, there seldom provide privacy-preserving revocation service, especially when it is outsourced to a third party. In this work, with the aids of oblivious transfer and the newly proposed stateless lazy re-encryption (SLREN) mechanism, a SCBDMS, with secure, reliable and efficient server-enforced attribute revocation ability is built. Comparing with related works, our experimental results show that, in the newly constructed SCBDMS, the storage-requirement of the cloud server and the communication overheads between cloud server and systems users are largely reduced, due to the nature of late involvement of SLREN.	en
dc.description.provenance	Made available in DSpace on 2021-06-17T01:26:33Z (GMT). No. of bitstreams: 1 ntu-106-R04922086-1.pdf: 1785696 bytes, checksum: 1094ce3580c6ec860d0f08c917a15fa7 (MD5) Previous issue date: 2017	en
dc.description.tableofcontents	口試委員審定書 1 誌謝 i 中文摘要 ii ABSTRACT iii LIST OF FIGURES vii LIST OF TABLES viii Chapter 1 INTRODUCTION 1 1.1 RELATED WORK 2 Chapter 2 SYSTEM OVERVIEW 6 2.1 SYSTEM ARCHITECTURE 6 2.2 APPLICATION SCENARIOS 8 2.3 THREAT MODEL 10 2.4 SECURITY REQUIREMENTS 11 Chapter 3 PRELIMINARIES AND SYSTEM DEFINITION 13 3.1 BACKGROUND KNOWLEDGE 13 3.1.1 Access Structure 13 3.1.2 Bilinear Pairings 13 3.1.3 Security Assumption 14 3.1.4 Proxy Re-encryption 14 3.1.5 ElGamal Cryptosystem 15 3.2 SYSTEM DEFINITION 16 3.2.1 Basic Operations 16 3.2.2 The Proposed Privacy-preserving Data Management System with Efficient Revocation Scheme 17 Chapter 4 THE PROPOSED SCHEME 20 4.1 ACCESS TREE 20 4.1.1 Access Tree Definition 20 4.1.2 Satisfying An Access Tree 21 4.2 BASIC CONSTRUCTION 21 4.2.1 System Setup 22 4.2.2 Secret Key Generation (MK,A) 22 4.2.3 Encrypt (M,PK,Å) 23 4.2.4 Decrypt (CT',SKey') 24 4.3 EFFICIENT REVOCATION 26 4.3.1 Lazy Re-encryption 26 4.3.2 Re-encryption Key Generation 28 4.3.3 CipherText Re-encryption 29 4.3.4 SecretKey Re-encryption 29 4.3.5 Stateless Lazy Re-encryption 30 4.4 PRIVACY PRESERVING TOWARD PROXY SERVER 37 4.4.1 Randomization Process 38 4.4.2 Oblivious Transfer 38 Chapter 5 PERFORMANCE EVALUATION 42 Chapter 6 SECURITY 48 Chapter 7 CONCLSION AND FUTURE WORK 50 REFERENCE 51
dc.language.iso	en
dc.subject	撤銷	zh_TW
dc.subject	隱私安全	zh_TW
dc.subject	延遲再加密	zh_TW
dc.subject	privacy-preserving	en
dc.subject	lazy re-encryption	en
dc.subject	revocation	en
dc.title	具有效「撤回」機制之雲端隱私保護資料管理系統	zh_TW
dc.title	A privacy-preserving Cloud-based Data Management System with Efficient Revocation Scheme	en
dc.type	Thesis
dc.date.schoolyear	105-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳文進,薛智文,蕭旭君
dc.subject.keyword	隱私安全,延遲再加密,撤銷,	zh_TW
dc.subject.keyword	privacy-preserving,lazy re-encryption,revocation,	en
dc.relation.page	52
dc.identifier.doi	10.6342/NTU201702673
dc.rights.note	有償授權
dc.date.accepted	2017-08-08
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-106-1.pdf 未授權公開取用	1.74 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。