簡單快速雲端階層式組織授權之應用

[[abstract]]本論文提出一套應用在雲端運算中，使階層式結構中群組間進行資料授權能夠簡單快速方法。本方法中，結構中群組有一把公開金鑰PK及私密金鑰SK，並且將群組私密金鑰SK，用直接上屬群組公開金鑰加密產生公開參數R。利用直屬結構表公開各群組公開金鑰，相對公開參數R及直接上屬群組等資訊。 群組會將資料用群組私密金鑰SK所導出的加密金鑰，加密該文件，並將其上傳至雲端中。當被授權的群組(即上屬群組們)，則透過對直屬結構表中公開數值，遞迴路徑運算出該群組私密金鑰SK進而解密該資料。本論文所提機制亦與AKL、Lo-Hwang-Liu、Chu-Hsing Lin三位所提機制在多個面象(運作成員、效率、新成員加入及離開等)做比較，本論文具不用CA(Certificate Authority，憑證管理中心)、運算簡單、具當階層式結構擴大較少公開參數改變的優點。[[sponsorship]]中華民國資訊管理學會[[conferencetype]]國際[[conferencedate]]20150523~20150523[[booktype]]電子版[[iscallforpapers]]Y[[conferencelocation]]台北市, 台

Access control scheme for partially ordered set hierarchy with provable security

In many multi-user information systems, the users are organized as a hierarchy. Each user is a subordinate, superior and/or coordinate of some others. In such systems, a user has access to the information if and only if the information belongs to the user or his/her subordinates. Hierarchical access control schemes are designed to enforce such access policy. In the past years, hierarchical access control schemes based on cryptography are intensively researched. Much progress has been made in improving the schemes’ performance and security. The main contribution of this thesis is a new hierarchical access control scheme. This is the first one that provides strict security proof under a comprehensive security model that covers all possible cryptographic attacks to a hierarchical access control scheme. The scheme is designed and analyzed based on the modern cryptography approach, i.e., defining the security model, constructing the scheme based on cryptography primitives, and proving the security of the scheme by reducing the cryptography primitives to the scheme. Besides the security property, this scheme also achieves good performance in consuming small storage space, supporting arbitrary and dynamic hierarchial structures. In the thesis, we also introduce the background in cryptography and review the previous schemes