- Accepted to be published by Future Generation Computer Systems, a Springer Journal.
Secure Controlled Data Sharing Paper:
- Implemented and optimised a first draft application and awaiting to be ported to the TED device.
- A first draft of the paper has also been completed with missing Implementation and Evaluation sections.
Collaboration with LaTTe:
- Retrieved Tracer code and brainstorming ideas on how to secure a relational database.
- Will soon present my work to the LaTTe group as part of my hackday.
2 papers reviewed:
Guojun Wang, Fengshun Yue, and Qin Liu, "A Secure Self-Destructing Scheme for Electronic Data," Journal of Computer and System Sciences (Elsevier), 79(2): 279-290, March 2013.
Key points:
- PROBLEM:
- Exposing sensitive electronic data in the internet has become easier.
- Service providers leak messages for gaining profits and supporting investigation.
- CONTRIBUTION:
- Previous work’s limitations include decryption key being accidentally disclosed to unauthorised users, untrustworthy third parties for profit or investigation, and in Geambasu’s scheme in which this work is referred, the entire ciphertext can still be obtained and is susceptible to brute-force attack.
- Main idea is to encapsulate data and key in objects and destroying the data and key after a period of time as specified by the owner. Data and key should be destroyed automatically without any user intervention.
- Data is encapsulated in Vanishing Data Objects (VDOs) and is only decapsulated by trusted authorised users.
- Data is stored in a Distributed Hash Table (DHT) as it makes room for newer data by discarding older data after a set time (decryption key and part of ciphertext are destroyed after a certain period of time). DHT allows huge size, geographic distribution and decentralisation making attacks in the DHT network difficult.
- The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.
Strengths/Weakness:
- The system is flexible in allowing any type of encryption scheme for the data without any alterations.
- Paper assumes trusted authorised users since it is impossible for the system to protect sensitive user data is authorised users leak plaintext data recovered from the VDO.
Guojun Wang, Qin Liu, and Jie Wu, "Achieving Fine-Grained Access Control for Secure Data Sharing on Cloud Servers," Wiley's Concurrency and Computation: Practice and Experience, 23(12): 1443–1464, August 2011.
Key points:
- PROBLEM:
- Data sharing has attracted a lot of attention in both the industry and academic communities.
- A CSP may sell confidential information about an enterprise to the enterprise’s closest business competitors for profit and hence raises privacy and security issues which will result in a huge loss for enterprises.
- CONTRIBUTION:
- Introduces the conjunctive precise and fuzzy identity-based encryption (PFIBE) scheme for secure data sharing on cloud servers.
- Encrypts data based on user id or access control policy over attributes such that the corresponding user with the user id or satisfying the access control policy can decrypt the data.
- Combines Hierarchical Identity-Based Encryption (HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system.
Strengths/Weakness:
- Provides fine-grained access control to data.
- High performance and flexibility.
- System assumes trusted authorised users.
- Paper has complex mathematics.