DESIGNING SECURE ATTRIBUTE-BASED VERIFIABLE DATA STORAGE AND RETRIEVAL SCHEMES IN CLOUD COMPUTING ENVIRONMENT

Abstract

Cloud computing technology is a novel storage and computing paradigm that en ables individuals and organizations to store data, share data with the intended group of users, and retrieve data when required. It greatly improves peoples’ data storage and sharing, and data retrieval capabilities by providing flexible, less expen sive, and quality services. For data security and privacy concerns, fine-grained data access control, authenticated and secure data storage, authorized data searching, and self-verifiability of the corrrectness of search results are of critical importance. Attribute-based cryptographic framework is a promising solution for applications requiring fine-grained access control. However, a significant computation cost that rises in complexity with access policy complexity affects the majority of attribute based cryptosystems. Because of this, their usefulness in resource-constrained en vironments may be compromised. Hence, this thesis aims at designing secure and efficient attribute-based cryptographic schemes with data storage, data sharing, and data retrieval in cloud computing environments. The contributions of the thesis are threefold. We, first, propose a lightweight online-offline attribute-based data storage and retrieval scheme with Boolean key word search mechanism. The computationally intensive tasks are either offloaded to the cloud or offline phase and the lightweight operations are carried out by the data user, which makes the scheme lightweight. Next, we design a verifiable and Boolean keyword searchable attribute-based signcryption scheme in a cloud-based Electronic Medical Record (EMR) manage ment system. The scheme allows EMR owners to store and share their personal EMRs with specific healthcare professionals. It uses disjunctive normal form en cryption policy to make the scheme communicationally efficient. Both the afore mentioned schemes achieve data owner (DO) privacy, data and DO authenticity, non-interactive verifiability, fine-grained access control over encrypted data, Boolean keyword search, keyword privacy, outsourced decryption, and provable security. Further, to achieve efficient data sharing functionality along with data searching, we propose an attribute-based proxy re-encryption scheme with Boolean keyword search mechanism. We prove that the scheme is adaptive chosen ciphertext attack secure at both the original and re-encrypted ciphertext, and chosen keyword attack secure on both ciphertext and token. Keywords: Attribute-based encryption, attribute-based signature and signcryp tion, bilinear pairing, constant decryption cost, linear-secret sharing scheme, data viii storage and retrieval, data sharing, attribute-based searchable encryption, attribute based proxy re-encryption, Boolean keyword search, search results verification