The Research On The Key Issues Of Security And Privacy In Outsourced Systems

With the rapid development of mobile devices and cloud computing in the big data era, under the asymmetric environment of storage and computation resource allocation, it is generally required for the resource-constrained mobile devices to delegate a batch of data to the cloud for outsourced storage and computation. Unfortunately, the cloud is always run in the honest-but-curious model or the malicious model. Therefore, it is required to outsource users’ data in their encrypted form and realize the flexible access control and file sharing mechanisms. Only authorized users are permitted to successfully decipher the original outsourced data. In outsourced computation, it is also required for the resource-constrained users to outsource the function inputs in their encrypted form and the cloud to evaluate the function and return the result both in the ciphertext domain. Only the authorized users can successfully decipher the computation result with correctness verification. Consequently,the topics of secure and efficient ciphertext access control and privacy preserving outsourced computation have been increasingly becoming the focuses of the researchers all over the world.This thesis mainly focuses on the researches of secure and efficient outsourced ciphertext access control and privacy preserving outsourced computation with their applications.The main contributions are described as follows.(1) This thesis focuses on the ciphertext access control in outsourced storage, and proposes a patient self-controllable multi-level privacy preserving personal health information(PHI) ciphertext access control and authentication scheme PSMPA.To solve the problem of fine-grained access control of encrypted PHI in distributed m-healthcare cloud computing system, in this paper, a novel authorized accessible privacy model(AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute-based designated verifier signature, a patient self-controllable multi-level privacypreserving cooperative authentication scheme(PSMPA) in distributed m-healthcare cloud computing system is proposed. The formal security proof and simulation results demonstrate our scheme satisfies the multi-level privacy preserving requirement in m-healthcare cloud computing system and far outperforms the existing work in terms of computational,communication and storage overhead.(2) This thesis focuses on the traceability and revocation of ciphertext access control in outsourced storage, and proposes a white-box traceable and revocable attribute-based encryption TR-MABE under multi-authority setting in e-healthcare cloud computing system.This thesis proposed a white-box traceable and revocable multi-authority attributebased encryption TR-MABE in e-healthcare cloud computing system. The proposed TRMABE efficiently achieves multilevel privacy preservation without introducing additional special signatures, dramatically saving both computational and communication cost for resource-constrained patients’ hand-held devices. Additionally, based on the formal security model of traceability and revocability, the proposed TR-MABE can not only efficiently resist the private key sharing attacks sponsored by both the directly and/or indirectly authorized physicians, but revoke the illegal PHI and/or patient identity ciphertext decipherability from leaked private keys. Multi-authority further addresses the issue of key escrow. Finally, formal security proof and extensive simulation demonstrate the proposed TR-MABE can well satisfy the unique security and privacy requirements of e-healthcare system, namely traceability and revocation, and outperform the existing work in both computational and communication overhead.(3) This thesis focuses on secure outsourced computation and its application to wireless body area networks, and proposes a secure and privacy preserving key management scheme efficiently resilient to time-based and location-based mobile attacks in cloud-assisted body area networks.Cloud-assisted wireless body area networks(WBANs) significantly facilitate efficient patient treatment of high quality, while greatly challenging the patient’s data confidentiality and privacy. In this thesis, a secure and privacy-preserving key management scheme resilient to both time-based and location-based mobile compromise attacks is proposed by the cooperation of the mobile patients in the same social group for both hierarchical and distributed environment. It also protects patient’s identity privacy, location privacy and sensor deployment privacy by exploiting the the modified proactive secret sharing and embedding body’s symmetric structure into the Blom’s symmetric key mechanism. Especially,the computationally-intensive privacy-preserving key material updating is outsourced to the cloud server and the unchanged pairwise keys after key material updating dramatically saves the resources for energy-constrained WBANs.(4) This thesis focuses on secure incentive mechanisms and data packet forwarding protocols by designing efficient privacy-preserving data aggregation, and proposes secure incentive mechanism and privacy preserving data transmission protocol TIS in cloud-based vehicular delay tolerant networks(DTNs).Cloud-based delay tolerant networks have been widely utilized in applications where a continuous end-to-end connection is unavailable. The message transmission is fulfilled by the cooperation among DTN nodes and follows a store-carry-and-forward manner, while the complex computational work can be delegated to the disengaged vehicles in parking lots or the central server constituting the cloud. In this thesis, a novel threshold credit-based incentive mechanism TIS for cloud-assisted vehicular DTNs is proposed, based on the modified model of population dynamics, to efficiently resist the node compromise attacks, stimulate the cooperation among intermediate nodes, optimize the fairness and vehicular nodes’ interest. Then, a TIS-based privacy-preserving packet forwarding protocol is proposed to solve the open problem of resisting layer-adding attack by outsourcing the aggregated transmission evidence computation to the cloud exploiting any one-way trapdoor function only once.Formal security proof and the extensive simulations show the effectiveness of our proposed TIS in resisting the sophisticated attacks and the efficiency in terms of high reliability, high delivery ratio and low average delay in cloud-assisted vehicular DTNs.In summary, this thesis focuses on the key issues of security and privacy in outsourced systems and their applications. The proposed cryptographic constructions not only deserve fundamental research in theory, but possess further application values for engineering in practice.