Wongchaowart, Brian
(2010)
Oblivious Enforcement of Hidden Information Release Policies Using Online Certification Authorities.
Master's Thesis, University of Pittsburgh.
(Unpublished)
Abstract
This thesis examines a new approach to attribute-based access control with hidden policies and hidden credentials. In this setting, a resource owner has an access control policy that is a function of Boolean-valued attributes of the resource requester. Access to the resource should be granted if and only if the resource owner's policy is satisfied, but we wish to hide the access control policy from the resource requester and the requester's attributes from the resource owner.Previous solutions to this problem involved the use of cryptographic credentials held by the resource requester, but it is obvious that if no information is provided about the access control policy, then the resource requester must try to satisfy the policy using every available credential. An initial contribution of this thesis is the first published empirical evaluation of the state-of-the-art protocol of Frikken, Atallah, and Li for access control with hidden policies and hidden credentials, demonstrating that the computational cost of the required cryptographic operations is highly burdensome.A new system model is then proposed that includes the active involvement of online certification authorities (CAs). These are entities that can provide authoritative information about the attributes in a resource owner's access control policy. Allowing the resource owner to query these online CAs immediately removes the need for the resource requester to guess which credentials to use.If the resource owner was allowed to learn the values of a requester's attributes from online CAs, however, the requester's credentials would no longer be private. This thesis examines cryptographic solutions in which the CAs' replies do not directly reveal any attribute information to the resource owner, but can nevertheless be used in the enforcement of an access control policy. The techniques considered involve scrambled circuit evaluation, homomorphic encryption, and secure multiparty computation using arithmetic circuits and Shamir secret sharing. Empirical experiments demonstrate that the proposed protocols can provide an order-of-magnitude performance improvement over existing solutions.
Share
Citation/Export: |
|
Social Networking: |
|
Details
Item Type: |
University of Pittsburgh ETD
|
Status: |
Unpublished |
Creators/Authors: |
|
ETD Committee: |
|
Date: |
22 September 2010 |
Date Type: |
Completion |
Defense Date: |
5 August 2010 |
Approval Date: |
22 September 2010 |
Submission Date: |
17 August 2010 |
Access Restriction: |
No restriction; Release the ETD for access worldwide immediately. |
Institution: |
University of Pittsburgh |
Schools and Programs: |
Dietrich School of Arts and Sciences > Computer Science |
Degree: |
MS - Master of Science |
Thesis Type: |
Master's Thesis |
Refereed: |
Yes |
Uncontrolled Keywords: |
homomorphic conjunction evaluation; Paillier; tag-based encryption |
Other ID: |
http://etd.library.pitt.edu/ETD/available/etd-08172010-093641/, etd-08172010-093641 |
Date Deposited: |
10 Nov 2011 20:00 |
Last Modified: |
15 Nov 2016 13:49 |
URI: |
http://d-scholarship.pitt.edu/id/eprint/9154 |
Metrics
Monthly Views for the past 3 years
Plum Analytics
Actions (login required)
|
View Item |