Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Oblivious Enforcement of Hidden Information Release Policies Using Online Certification Authorities

Wongchaowart, Brian (2010) Oblivious Enforcement of Hidden Information Release Policies Using Online Certification Authorities. Master's Thesis, University of Pittsburgh. (Unpublished)

Primary Text

Download (591kB) | Preview


This thesis examines a new approach to attribute-based access control with hidden policies and hidden credentials. In this setting, a resource owner has an access control policy that is a function of Boolean-valued attributes of the resource requester. Access to the resource should be granted if and only if the resource owner's policy is satisfied, but we wish to hide the access control policy from the resource requester and the requester's attributes from the resource owner.Previous solutions to this problem involved the use of cryptographic credentials held by the resource requester, but it is obvious that if no information is provided about the access control policy, then the resource requester must try to satisfy the policy using every available credential. An initial contribution of this thesis is the first published empirical evaluation of the state-of-the-art protocol of Frikken, Atallah, and Li for access control with hidden policies and hidden credentials, demonstrating that the computational cost of the required cryptographic operations is highly burdensome.A new system model is then proposed that includes the active involvement of online certification authorities (CAs). These are entities that can provide authoritative information about the attributes in a resource owner's access control policy. Allowing the resource owner to query these online CAs immediately removes the need for the resource requester to guess which credentials to use.If the resource owner was allowed to learn the values of a requester's attributes from online CAs, however, the requester's credentials would no longer be private. This thesis examines cryptographic solutions in which the CAs' replies do not directly reveal any attribute information to the resource owner, but can nevertheless be used in the enforcement of an access control policy. The techniques considered involve scrambled circuit evaluation, homomorphic encryption, and secure multiparty computation using arithmetic circuits and Shamir secret sharing. Empirical experiments demonstrate that the proposed protocols can provide an order-of-magnitude performance improvement over existing solutions.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairLee, Adam Jadamlee@cs.pitt.eduADAMLEE
Committee MemberLabrinidis, Alexandroslabrinid@cs.pitt.eduLABRINID
Committee MemberChrysanthis, Panos Kpanos@cs.pitt.eduPANOS
Date: 22 September 2010
Date Type: Completion
Defense Date: 5 August 2010
Approval Date: 22 September 2010
Submission Date: 17 August 2010
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Institution: University of Pittsburgh
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Degree: MS - Master of Science
Thesis Type: Master's Thesis
Refereed: Yes
Uncontrolled Keywords: homomorphic conjunction evaluation; Paillier; tag-based encryption
Other ID:, etd-08172010-093641
Date Deposited: 10 Nov 2011 20:00
Last Modified: 15 Nov 2016 13:49


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item