Index Generation and Secure Multi-User Access Control over an Encrypted Cloud Data

Cloud computing provides economical and effective solution for sharing data among cloud users with low maintenance cost. The security of data and identity confidentiality while sharing data in multi-owner way cannot be assured by the Cloud Service Providers (CSP’s). The Cloud Service Providers are reliable but curious to know the recurrent membership changes in the cloud. In this paper,we propose a secure multi-owner data sharing for dynamic group in the cloud with RSA Chinese Remainder Theorem (RSA-CRT)encryption technique and substring index generation method. RSA-CRT efficiently manages revocation list, key management, with reduced storage and computational overhead. The substring Index generation algorithm reduces the storage space compared to wild card fuzzy alogorithm1

Towards Practical Access Control and Usage Control on the Cloud using Trusted Hardware

Cloud-based platforms have become the principle way to store, share, and synchronize files online. For individuals and organizations alike, cloud storage not only provides resource scalability and on-demand access at a low cost, but also eliminates the necessity of provisioning and maintaining complex hardware installations. Unfortunately, because cloud-based platforms are frequent victims of data breaches and unauthorized disclosures, data protection obliges both access control and usage control to manage user authorization and regulate future data use. Encryption can ensure data security against unauthorized parties, but complicates file sharing which now requires distributing keys to authorized users, and a mechanism that prevents revoked users from accessing or modifying sensitive content. Further, as user data is stored and processed on remote ma- chines, usage control in a distributed setting requires incorporating the local environmental context at policy evaluation, as well as tamper-proof and non-bypassable enforcement. Existing cryptographic solutions either require server-side coordination, offer limited flexibility in data sharing, or incur significant re-encryption overheads on user revocation. This combination of issues are ill-suited within large-scale distributed environments where there are a large number of users, dynamic changes in user membership and access privileges, and resources are shared across organizational domains. Thus, developing a robust security and privacy solution for the cloud requires: fine-grained access control to associate the largest set of users and resources with variable granularity, scalable administration costs when managing policies and access rights, and cross-domain policy enforcement. To address the above challenges, this dissertation proposes a practical security solution that relies solely on commodity trusted hardware to ensure confidentiality and integrity throughout the data lifecycle. The aim is to maintain complete user ownership against external hackers and malicious service providers, without losing the scalability or availability benefits of cloud storage. Furthermore, we develop a principled approach that is: (i) portable across storage platforms without requiring any server-side support or modifications, (ii) flexible in allowing users to selectively share their data using fine-grained access control, and (iii) performant by imposing modest overheads on standard user workloads. Essentially, our system must be client-side, provide end-to-end data protection and secure sharing, without significant degradation in performance or user experience. We introduce NeXUS, a privacy-preserving filesystem that enables cryptographic protection and secure file sharing on existing network-based storage services. NeXUS protects the confidentiality and integrity of file content, as well as file and directory names, while mitigating against rollback attacks of the filesystem hierarchy. We also introduce Joplin, a secure access control and usage control system that provides practical attribute-based sharing with decentralized policy administration, including efficient revocation, multi-domain policies, secure user delegation, and mandatory audit logging. Both systems leverage trusted hardware to prevent the leakage of sensitive material such as encryption keys and access control policies; they are completely client-side, easy to install and use, and can be readily deployed across remote storage platforms without requiring any server-side changes or trusted intermediary. We developed prototypes for NeXUS and Joplin, and evaluated their respective overheads in isolation and within a real-world environment. Results show that both prototypes introduce modest overheads on interactive workloads, and achieve portability across storage platforms, including Dropbox and AFS. Together, NeXUS and Joplin demonstrate that a client-side solution employing trusted hardware such as Intel SGX can effectively protect remotely stored data on existing file sharing services

Balancing patient control and practical access policy for electronic health records via blockchain technology

Electronic health records (EHRs) have revolutionized the health information technology domain, as patient data can be easily stored and accessed within and among medical institutions. However, in working towards nationwide patient engagement and interoperability goals, recent literature adopts a very patient-centric model---patients own their universal, holistic medical records and control exactly who can access their health data. I contend that this approach is largely impractical for healthcare workflows, where many separate providers require access to health records for care delivery. My work investigates the potential of a blockchain network to balance patient control and provider accessibility with a two-fold approach. First, I conduct a survey investigation to identify patient concerns and determine the level of control patients would like over their health information. Second, I implement a blockchain network prototype to address the spectrum of patient control preferences and automate practical access policy. There are conflicting demands amongst patients and providers for EHR access---privacy versus flexibility. Yet, I find blockchain technology, when manipulated to model access states, automate an organizational role-based access scheme, and provide an immutable history of behavior in the network, to be a very plausible solution for balancing patient desires and provider needs. My approach is, to my knowledge, the first example of blockchain\u27s use for less patient-centric, nudge theory-based EHR access control, an idea that could align access control interests as academics, the government, and the healthcare industry make strides towards interoperable, universal patient records

Distributed Firewalls

Conventional firewalls rely on the notions of restricted topology and controlled entry points to function. More precisely, they rely on the assumption that everyone on one side of the entry point—the firewall—is to be trusted, and that anyone on the other side is, at least potentially, an enemy. The vastly expanded Internet connectivity in recent years has called that assumption into question. We propose a "distributed firewall", using IPSEC, a policy language, and system management tools. A distributed firewall preserves central control of access policy, while reducing or eliminating any dependency on topology

BlockDiploma – Decentralizing the Norwegian Diploma Registry using Blockchain Technology

Academic diplomas are being falsified and potentially resulting in unqualified individuals getting the job, or a better candidate being bypassed by a forger. Secure and reliable verification mechanisms for academic diplomas are needed. Norway has attempted to accomplish this by developing the Diploma registry, a digital solution for sharing academic results. Our research reviews current diploma systems to identify challenges. Following the review, our research effort shifts focus from identifying challenges to attempting to find solutions using blockchain technology. The research is based on the hypothesis that there are challenges with the present solutions, and that those challenges can be resolved by decentralizing the diploma registry using blockchain and peer-to-peer technology. The research is classified as computer research using the engineering method. The first step was to gather and aggregate information about current diploma systems and relevant blockchain proposed solutions. Based upon the information gathered we could identify challenges with the current solutions, and we started to formulate requirements for a blockchain-based one. After formulating our proposal in the form of written requirements, we started to explore how the challenges could be resolved using decentralized technology. Following the exploration of decentralized technologies, we ended up with developing a decentralized application called BlockDiploma. BlockDiploma is built using smart contracts with the Ethereum blockchain, IPFS for decentralized storage and standard web technologies for the user interface. During and after the development we analyzed and evaluated how well it resolved the identified challenges and whether it introduces new challenges. Our conclusion is that there are several issues other than just falsification with the present diploma systems, and that a decentralized diploma registry can in the future be part of the solution to those challenges.Masteroppgave i informatikkINF399MAMN-PROGMAMN-IN