Securing Data On Untrusted Platforms Using Attribute-based Cryptography Techniques

With the rapid development of information technology,more and more informa-tion is widely captured and broadcasted.This makes the number of information on the Internet grow exponentially.The speed and scale of data transmission have achieved an unprecedented level.While the high degree informatization of various industries brings convenience to our life,it also puts the privacy of users at unprecedented risk.Cloud server provides end users computing and storage services in a pay-as-you-go manner.However,the direct exposure of data,such as location and facial informa-tion,to untrusted cloud platform may threaten the safety of users' lives and property.Therefore,data encryption is a critical research topic in our society.Ciphertext-policy attribute-based encryption technique has been widely studied for the reason that it can provides both data security and fine-grained access control.Each data owner de-fines who can decrypt the data before processing encryption.Only the users whose attributes satisfy the predefined access policy can decrypt the ciphertext.In this case,the data owner can share data with multiple users through a single encryption op-eration.Besides guaranteeing the integrity of data and preventing malicious users or servers from tampering with data,Attribute-based signature technique can also be used to ensure the anonymity of signers because of the one-to-many relationship between attributes and users.In this thesis,attribute-based cryptography techniques are applied to various un-trusted platforms to solve data security and privacy protection problems.This thesis mainly considers three types of security issues between cloud platform,edge comput-ing platforms and intelligent terminals and proposes provably secure privacy-preserving schemes for each of them.The specific work and contributions of this thesis are as follows.1.Aiming at the protection of massive Internet-of-Things(IoT)data,this thesis proposes a two-stage attribute-based encryption scheme under the assistance of edge computing devices.Considering the constrained capacity of IoT devices,we design that the IoT devices only need to define an access structure and carry out lightweight encryption.The computationally demanding part is carried out by the edge computing devices.During this process,neither edge computing platform nor external attackers can eavesdrop with the encrypted sensitive data.This ensures the confidentiality of the data.In the proposed scheme,the edge computing devices are not able authorize illegal access to the data by tampering with the access structure defined by the IoT devices.Moreover,the attribute-related encryption can be parallelly computed be-tween multiple edge computing devices,as as to make the scheme better adapt to the sensitivity of information delay.2.Aiming at the frequent changing of users' attributes in real scenarios,this the-sis proposes an ciphertext-policy attribute-based encryption scheme which supports attribute revocation.In our scheme,the users need not to update their secret keys when revocation occurs.This reduces the computational and communication over-head of users.The user encypts data and stores it on the cloud platform.The edge computing platform is responsible for auditing whether the ciphertexts are stored and updated honestly.To avoid the system bottleneck that exists in ABE system with a single authority,we propose to manage attributes in a decentralized manner.Multiple attribute authorities are introduced and each of them is responsible for maintaining a subset of system attributes.This can better ensure the confidentiality of data and the reliability of the system.3.Aiming at anonymous authentication problem in vehicular ad-hoc networks(VANETs),this thesis proposes an attribute-based signature scheme,which enables the vehicles to sign data by using their attributes.This ensures the integrity and unforgeability of the data in VANETs.At the same time,the attackers cannot retrieve the identities or locations of signers,since one attribute may correspond to multiple vehicles.This ensures the anonymity of signers.Moreover,this thesis also designs an algorithm to trace the malicious vehicles that broadcast forged information in the VANETs.