Contrôle d’Accès Sécurisé dans l’Info-Nuage Mobile (Secure Access Control in Mobile Cloud)

Université de Montréal

Contrôle d’Accès Sécurisé dans l’Info-Nuage Mobile

(Secure Access Control in Mobile Cloud)

par

Yaser Baseri

Département d’informatique et de recherche opérationnelle Faculté des arts et des sciences

Thèse présentée à la Faculté des études supérieures en vue de l’obtention du grade de

Philosophiæ Doctor (Ph.D.) en informatique

1er _{novembre 2017}

c

SOMMAIRE

L’info-nuage mobile (MCC) a émergé comme une technologie prometteuse ; il utilise des ser-veurs hautement évolutifs dans le nuage et permet de surmonter les limitations (en termes de calcul et d’énergie) des appareils mobiles. En raison des risques liés à la sécurité et la vie privée, les entreprises, actuellement, ne sont pas intéressées à utiliser MCC. Ces préoccupa-tions sont intensifiées lorsque les utilisateurs/employés ont tendance à utiliser des dispositifs sans fil (par exemple, les ordinateurs portables et les smartphones) pour rester connectés tout en se déplaçant à travers/en dehors de l’entreprise.

Dans cette thèse, nous développons de nouvelles méthodes, basées sur la technique

Attribute-Based Encryption (ABE), pour concevoir un contrôle d’accès aux données sécurisé

et efficace pour le Info-nuage mobile. Ces méthodes permettent aux propriétaires de données (entreprises ou particuliers) de garantir la sécurité des données et de fournir aux utilisateurs mobiles un accès fin aux données en utilisant des politiques et des contraintes définies. Nous commençons d’abord par explorer les menaces et les défis de sécurité liés à la fourniture de l’accès aux données stockées dans le nuage. Nous avons constaté que le contrôle d’accès basé sur des attributs pour les appareils mobiles posait des problèmes complexes liés à l’anony-mat, à la mobilité et aux ressources de calcul restreintes des appareils. Pour résoudre ces problèmes, nous développons trois méthodes dont chacune fait l’objet d’une contribution.

La première contribution fournit la confidentialité préservant l’accès anonyme des don-nées stockées dans le nuage. Elle décrit un nouveau modèle d’anonymat statistique pour

ABE, fournit des résultats de cryptanalyse pour les contributions existantes dans le

chiffre-ment basé sur les attributs anonymes, et présente une nouvelle technique muti-autorité basée sur ABE (appelée FACS), qui anonymise les identités des utilisateurs (sans faire confiance à une autorité ou un fournisseur). Elle étend également FACS à EFACS, ce qui lui per-met de supporter l’anonymat statistique des utilisateurs. La seconde contribution fournit des services basés sur la localisation (LBSs) pour le contrôle d’accès par attributs pour le Info-nuage mobile. Plus précisément, elle introduit un nouveau schéma de contrôle d’accès basé sur des attributs multi-autorité (appelé PPLBACS) qui anonymise les identités des utilisateurs contre les autorités et les fournisseurs malveillants. Le système proposé utilise l’emplacement dynamique des utilisateurs mobiles en tant qu’attribut contextuel ainsi que

les contraintes d’intervalle de localisation en tant que politique. La troisième contribution fournit l’anonymat spatio-temporel pour le contrôle d’accès sensible à la localisation dans le Info-nuage mobile. Plus précisément, elle présente un nouveau schéma multi-autorité dé-centralisé (appelée IDMA-ABE), qui prend en charge les intervalles pour les domaines des attributs/politiques. Basé sur IDMA-ABE, un nouveau schéma, nommé Location-Based

Ac-cess Control Scheme (LBACS), est proposé. Il vise à : (a) soutenir la coexistence d’attributs

spatio-temporels ainsi que d’attributs statiques ; (b) utiliser plusieurs plages de valeurs, au lieu d’une valeur spécifique, pour les domaines de politiques spatio-temporelles et valeurs spécifiques pour d’autres politiques/contraintes ; et (c) protéger les identités des utilisateurs contre les fournisseurs malveillants. Nous étendons également LBACS à ELBACS afin de fournir une traçabilité et un anonymat statistique spatio-temporel des utilisateurs sans faire confiance aux autorités et fournisseurs.

Mots-clés : Contrôle d’accès, Services basés sur la localisation, Info-nuage mobile, Chiffrement basé sur les attributs.

SUMMARY

Mobile cloud computing has emerged as a promising technology to make use of highly scalable servers in the cloud, and to overcome the limitations of mobile devices. However, because of the risks associated with the security and privacy of enterprises’ stored-data in the cloud, most IT and chief executive officers are concerned about using this type of technology. These concerns are intensified when users/employees tend to use wireless devices (e.g. laptops and smart phones) to stay connected while moving across/outside the enterprise.

In this thesis, we develop new methods, based on Attribute-Based Encryption (ABE) technique, to design secure and efficient data access control for mobile cloud. These methods allow data owners (enterprises or individuals) to ensure security of data and provide fine-grained access of data to mobile users using defined policies and constraints. We start by exploring security threats and challenges related to access provision of data stored in the cloud. We identify challenging issues, when attribute-based access control is used by mobile devices, related to anonymity, mobility, and restricted computational resources of devices. To address these issues, we develop three methods ; each of them is the subject of one contribution.

The first contribution provides privacy preserving anonymous access of data stored in the cloud. It develops a new statistical anonymity model for ABE, provides cryptanalysis results for existing contributions in anonymous attribute-based encryption, and presents a new multi-authority ABE (i.e. FACS) that anonymizes users’ identities (without trusting any authority or provider). It also extends FACS to EFACS, which enables it to support users’ statistical anonymity. The second contribution provides Location-Based Services (LBSs) for attribute-based access control in mobile cloud. More specifically, it introduces a new multi-authority attribute-based access control scheme (i.e. PPLBACS) that anonymizes users’ identities against malicious authorities and providers. The proposed scheme uses dynamic location of mobile users as a contextual attribute, employs location interval constraints as a policy, and authorizes access to legitimate mobile users. The third contribution provides spatio-temporal anonymity for location-aware access control in mobile cloud. In particular, it presents a new decentralized multi-authority ABE scheme (i.e. IDMA-ABE), which sup-ports intervals for the domains of attributes/policies. Based on DMA-ABE scheme, a new

Location-Based Access Control Scheme (LBACS) is proposed. LBACS aims at : (a)

suppor-ting coexistence of spatio-temporal attributes as well as static attributes ; (b) using range of values (instead of a specific value) for domains of spatio-temporal policies and specific values for other policies/constraints ; and (c) protecting users’ identities against malicious

Cloud Service Provider (CSP). We also extend LBACS to ELBACS in order to provide

un-traceability and spatio-temporal statistical anonymity of users without trusting authorities and providers.

Keywords : Access Control, Mobile Cloud, Attribute-Based Encryption, Location-Based Services.

CONTENTS

Sommaire. . . . iii

Summary. . . . v

List of tables. . . . xiii

List of figures. . . . xv

List of acronyms and abbreviations. . . . xvii

Dedication. . . . xix

Acknowledgment. . . . xxi

Chapter 1. Introduction. . . . 1

1.1. Cloud Computing . . . 1

1.2. Mobile Cloud Computing. . . 2

1.2.1. Definition. . . 2 1.2.2. Architecture. . . 2 1.2.3. Motivation. . . 3 1.2.4. Characteristics. . . 3 1.2.5. Advantages. . . 4 1.2.6. Challenges. . . 4

1.2.7. Security Concerns and Challenges. . . 4

1.3. Access Control. . . 5

1.3.1. Access Control and Challenges in Cloud Computing. . . 6

1.3.2. Access Control and Challenges in Mobile Cloud Computing. . . 6

1.3.3. Access Control : Different Approaches. . . 7

1.3.4. Attribute-Based Encryption. . . 7

1.4. Motivation and Objective. . . 8

1.5. Contributions. . . 11 vii

1.5.1. Providing Privacy Preserving Anonymous Access of Resources in the

Cloud. . . 11

1.5.2. Providing Secure and Lightweight Location-Based Access Control for Mobile Cloud. . . 12

1.5.3. Protecting Spatio-Temporal Anonymity for Location-Based Access Control in Mobile Cloud. . . 13

1.6. Organization of the Thesis. . . 13

1.7. List of Publications. . . 13

Chapter 2. Literature Review. . . . 15

2.1. Attribute-Based Encryption. . . 15

2.1.1. ABE and Challenges of Providing Data Access for Mobile Cloud. . . 16

2.1.2. ABE : Techniques to Overcome Challenges. . . 17

2.1.2.1. Outsourcing of Computations. . . 17

2.1.2.2. Dynamic Attribute/Policy Update. . . 17

2.1.2.3. Multi-Authority Attribute-Based Encryption. . . 18

2.1.2.4. Anonymous Attribute-Based Encryption. . . 19

2.1.2.5. Temporal and Comparison-Based Encryption : An Extension to ABE. . . 20

2.1.2.6. Location-Aware ABE : An Extension to Support Mobility and Improve Security. . . 21

2.2. Chapter Summary. . . 23

Chapter 3. Privacy Protection and Anonymity Preservation in Cloud Data Access Control. . . . 25

3.1. Introduction. . . 26

3.2. Preliminaries. . . 28

3.2.1. Bilinear Group. . . 29

3.2.2. Tree Access Structure . . . 29

3.2.3. Commitment Scheme. . . 29

3.3. Anonymity Model : From Identity to Attributes. . . 30

3.4. Related Work : Cryptanalysis and Evaluation. . . 32

3.5.1. System Model. . . 34

3.5.2. Threat Model. . . 35

3.5.3. Security Assumptions. . . 36

3.5.4. Framework. . . 36

3.5.5. Security Model. . . 36

3.6. Construction of Fine-grained Access Control Scheme (FACS). . . 37

3.6.1. Setup Phase. . . 37

3.6.2. Key Generation Phase. . . 38

3.6.3. Encryption Phase. . . 39

3.6.4. Decryption Phase. . . 39

3.7. Security Discussion. . . 40

3.8. EFACS : Extended FACS to Achieve Statistical Anonymity. . . 44

3.9. Performance Evaluation. . . 48

3.10. Conclusion. . . 50

Chapter 4. Privacy Preserving Fine-grained Location-based Access Control for Mobile Cloud. . . . 51

4.1. Introduction. . . 52

4.1.1. Contributions. . . 53

4.1.2. Organization. . . 54

4.2. Related Work. . . 54

4.3. Preliminaries. . . 55

4.3.1. Composite Order Bilinear Map. . . 56

4.3.2. Multi-Dimensional Range Derivation Functions. . . 56

4.3.3. Tree Access Structure . . . 57

4.4. System and Security Models. . . 58

4.4.1. System Model. . . 58

4.4.2. Threat Model. . . 58

4.4.3. Framework. . . 59

4.4.4. Security Model. . . 62

4.5. The proposed scheme : a Detailed Description. . . 63

4.5.1. Setup Phase. . . 63 ix

4.5.2. Key Generation Phase. . . 65

4.5.2.1. Attribute Key Generation. . . 65

4.5.2.2. Location Key Generation. . . 65

4.5.3. Encryption Phase. . . 66

4.5.3.1. Data Uploading (First Round Encryption). . . 66

4.5.3.2. Access Time Encryption (Second Round Encryption). . . 67

4.5.4. Access Request Phase. . . 67

4.5.4.1. Attribute Key Transformation (First Round). . . 68

4.5.4.2. Location Key Transformation and Access Request (Second Round) 68 4.5.5. Decryption Phase. . . 68 4.5.5.1. Decryption Delegation. . . 68 4.5.5.2. Decryption. . . 69 4.5.5.3. Data Access. . . 70 4.6. Security Analysis. . . 70 4.6.1. Security Assumptions. . . 70 4.6.2. Location Privacy. . . 70 4.6.3. User Anonymity. . . 71 4.6.4. Location Unforgeability . . . 71

4.6.5. Security Against Authorities Collusion Attacks. . . 71

4.6.6. Security Against Chosen Plaintext Attacks. . . 72

4.7. Performance Evaluation. . . 75

4.7.1. Complexity Analysis. . . 75

4.7.2. Performance Comparison. . . 77

4.7.3. Experimental results. . . 78

4.8. Conclusion. . . 80

Chapter 5. Spatio-Temporal Anonymous Location-Aware Data Access Control in Mobile Cloud. . . . 83

5.1. Introduction. . . 84

5.2. Related Work. . . 86

5.3. Preliminaries. . . 88

5.3.1. Composite Order Bilinear Map. . . 88

5.4. Proposed Decentralized Multi-Authority Attribute-Based Encryption. . . 90

5.4.1. Construction of IDMA-ABE. . . 90

5.4.2. Security of IDMA-ABE. . . 93

5.4.2.1. Immunity of IDMA-ABE Against Range Forgery Attack. . . 93

5.4.2.2. Immunity of IDMA-ABE Against Authorities Corruption Attack. 94 5.5. System and Security Models of LBACS. . . 95

5.5.1. System Model. . . 96

5.5.2. Threat Model. . . 97

5.5.3. Framework. . . 97

5.5.4. Security Model. . . 98

5.6. Proposed Location-Based Access Control Scheme : A Detailed Description 99 5.6.1. Setup Phase. . . 99

5.6.2. Key Generation Phase. . . 100

5.6.2.1. Static Key Generation. . . 100

5.6.2.2. Location Key Generation. . . 100

5.6.3. Encryption Phase. . . 101

5.6.3.1. Uploading Time Encryption (First Round Encryption). . . 101

5.6.3.2. Access Time Encryption (Second Round Encryption). . . 102

5.6.4. Decryption Phase. . . 102

5.6.4.1. Decryption Delegation. . . 102

5.6.4.2. Decryption. . . 102

5.7. Security Analysis. . . 103

5.8. ELBACS : Extended LBACS to Achieve Spatio-Temporal Statistical Anonymity. . . 104

5.8.1. Setup Phase. . . 105

5.8.2. Key Generation Phase. . . 105

5.8.2.1. Static Key Generation. . . 106

5.8.2.2. Anonymous Initialization. . . 106

5.8.2.3. Location Key Generation. . . 106

5.8.3. Encryption. . . 106

5.8.3.1. Uploading Time Encryption. . . 107

5.8.3.2. Access Time Encryption. . . 107

5.8.4. Decryption Phase. . . 108 xi

5.8.4.1. Decryption Delegation. . . 108

5.8.4.2. Decryption. . . 108

5.9. Performance Evaluation. . . 109

5.10. Conclusion. . . 110

Chapter 6. Conclusions and Perspectives. . . . 113

6.1. Conclusions. . . 113

6.2. Perspectives and Future Works. . . 114

6.2.1. Statistical Anonymity for Numerical Data.. . . 114

6.2.2. More Efficient Interval-Based Access Control Schemes.. . . 115

6.2.3. Anonymous Service Search for Location Based Access Control in Mobile Cloud Applications.. . . 115

LIST OF TABLES

1. I Significance of the issues in cloud computing and mobile cloud computing . . 4

1. II Mobile cloud computing : challenges, existing solutions, and future research areas [1].. . . 5

2. I Anonymous ABE, existing schemes and their properties. . . 20

2. II Location-based access control, existing schemes and their properties. . . 23

2. III Attribute-based encryption : challenges, existing solutions, and limitations. . 24

3. I Performance comparison of FACS, EFACS, [2, 3, 4, 5] : computation complexity and security characteristics (FGA : Fine-Grained Access, MA :Multi Authority, UA : User Anonymity, USA : User Statistical Anonymity, UAU :User Authorization, CA :Collusion Attacks, CPA :Chosen Plaintext Attacks) . . . 46

4. I Static registration overhead of PPLBAC . . . 76

4. II Dynamic data access overhead of PPLBAC . . . 76

4. III Uploading overhead of DO in PPLBAC . . . 77

4. IV Computation overhead related to static attributes in [6, 2] and PPLBAC (tv : threshold value representing minimum number of attribute authorities required to generate users’ secret key). . . 77

4. V Comparison between location-based access control schemes (Ni : Number of attribute values for i-th attribute, LA : Location Anonymity, LU : Location Unforgeability by users, MA : Multi-Authority, NSTA : Non-Spatial-Temporal Attributes) . . . 78

5. I Performance Comparison of LBACS, ELBACS, [7, 8] : Computation Complexity and Security Characteristics (LAN : Location Anonymity, LUF : Location Unforgeability by users, LUN : Location Untraceability by LSP, MA : Multi-Authority, NSTA : Non-Spatial-Temporal Attributes) . . . 108

LIST OF FIGURES

1.1 Mobile cloud computing architecture [9]. . . 3

1.2 Access control : different approaches. . . 8

1.3 Ciphertext policy attribute-based encryption (example). . . 9

1.4 Organization of the thesis. . . 14

3.1 Linking to re-identify data . . . 30

3.2 Architecture considered for FACS . . . 35

3.3 Computation time analysis of the proposed schemes : (a) the impact of number of authorities in Setup and Key Generation overhead while each authority issues five attributes for each user, (b) the impact of number of attributes for each user in Setup and Key Generation overhead (N = 5), (c) The impact of number of attributes in Encryption overhead, (d) the impact of number of attribute values, associated with attributes of quasi-identifier, in Encryption overhead (number of attributes = 20), (e) the impact of number of attributes in Decryption overhead, (f) the impact of number of attribute values, associated with attributes of quasi-identifier, in Decryption overhead (number of attributes = 20). . . 49

4.1 F(v_{li,j,li,k}) = v{li,jÕ ,lÕi,k}, if (li,j, li,k) ™ (l Õ i,j, lÕi,k). . . 57

4.2 F(v_{li,k,li,j}) = v{li,kÕ ,lÕi,j}, if (l Õ i,j, lÕi,k) ™ (li,j, li,k). . . 57

4.3 Architecture of the system (LSP : Location Service Provider, U : User, AAi : i-th Attribute Authority, CSP : Cloud Service Provider, DO : Data Owner). 59 4.4 The location range relation on loci (li,u œ (¯fl, fl)) . . . 66

4.5 Computation time analysis of PPLBAC : (a) the impact of number of

authorities in setup and attribute key generation overhead, (b) the impact of number of attributes for each user in attribute key generation and attribute key transformation overhead, (c) the impact of number of attributes in location key

generation, location key transformation, encryption and decryption overhead 79

4.6 Computation time overhead of PPLBAC and [7] in (a) key generation, (b)

encryption and (c) decryption. . . 80

5.1 F(v_{li,j,li,k}) = v{li,jÕ ,lÕi,k}, if (li,j, li,k) ™ (l

Õ

i,j, lÕi,k). . . 89

5.2 F(v_{li,k,li,j}) = v{l_i,kÕ ,l_i,jÕ }, if (li,jÕ , lÕi,k) ™ (li,j, li,k). . . 90

5.3 Architecture of the system (LSP : Location Service Provider, U : Mobile User,

AAi : i-th Attribute Authority, CSP : Cloud Service Provider, DO : Data

Owner). . . 96

5.4 The location range relation on loci (li,u œ (¯fl, fl)) . . . 101

5.5 Spatio-Temporal Anonymization. . . 105

5.6 Computation time analysis of the proposed schemes : (a) The impact of

number of attributes for each user in Key Generation overhead, (b) The impact of number of attributes in Encryption overhead, (c) The impact of

LIST OF ACRONYMS AND ABBREVIATIONS

AA Attribute Authority

ABAC Attribute-Based Access Control

ABE Attribute-Based Encryption

APs Access Points

ASR Anonymizing Spatial Region

BTS Base Transceiver Station

CA Collusion Attacks

CC Cloud Computing

CDH Computational Diffie-Hellman

CPA Chosen Plaintext Attacks

CP-ABE Ciphertext Policy Attribute-Based Encryption

CSP Cloud Service Provider

DaaS Data-as-a-Service

DAC Discretionary Access Control

DBDH Decisional Bilinear Diffie–Hellman

DO Data Owner

DL Discrete Logarithm

DMA-ABE Decentralized Multi Authority ABE

DO Data Owner

EFACS Extended Fine-grained Access Control Scheme ELBACS Extended Location-Based Access Control Scheme FACS Fine-grained Access Control Scheme

FGA Fine-Grained Access

H-ABE Hierarchical Attribute-Based Encryption HIBE Hierarchical Identity-Based Encryption

IBE Identity-Based Encryption

IDC International Data Corporation

IND-CPA Indistinguishability against Chosen Plaintext Attacks IaaS Infrastructure-as-a-Service

ID IDentifier

jPBC java Pairing-Based Cryptography

KP-ABE Key Policy ABE

LA Location Anonymity

LBACS Location-Based Access Control Scheme

LU Location Unforgeability

LBACS Location-Based Access Control Scheme

LBS Location-Based Services

LSP Location Service Provider

MA Multi Authority

MA-ABE Multi Authority ABE

MAC Mandatory Access Control

MCC Mobile Cloud Computing

MDRDF Multi-Dimensional Range Derivation Functions

NM-ABE Non-Monotonic ABE

NSTA Non-Spatial-Temporal Attributes

PaaS Platform-as-a-Service

PBC Pairing-Based Cryptography

PK Public Key

PPT Probabilistic Polynomial Time

PPLBAC Privacy Preserving Location-Based Access Control

RBAC Role-Based Access Control

SaaS Software-as-a-Service

SK Secret Key

SOA Service-Oriented Architecture

SSL Secure Socket Layer

TTP Trusted Third Party

U User

UA User Anonymity

UAU User Authorization

USA User Statistical Anonymity

DEDICATION

To my beloved family.

ACKNOWLEDGMENT

It gives me great pleasure to thank those who contributed to the successful completion of my studies at Université de Montréal. First and foremost, I would like to express my special appreciation to my Ph.D. supervisor, Prof. Abdelhakim Senhaji Hafid, for his persistent sup-port, encouragement, and patience during my doctoral studies. I enjoyed working with him, with all his considerate, thoughtful principles, and learning from him, with his vast know-ledge about all aspects of my work. His brilliant supervision is behind all my achievements during my Ph.D. studies. What I have learned from him in research, as well as in real life, is absolutely ineffable.

At the same time, I owe my deepest gratitude to collaborate with Prof. Soumaya

Cher-kaoui during my Ph.D. research. I would like to thank her for constant encouragement,

fruitful discussion, and valuable advice in this thesis.

I also feel fortunate to have had the opportunity to collaborate with Prof. Indrakshi

Ray and Dr. Amin Togou during my Ph.D. research. I am thankful for their supportive

collaboration, valuable feedbacks, and sharing their experiences and perceptions in this thesis. I would also like to express my sincere gratitude to my thesis committee members, Prof.

Esma Aïmeur, Prof. Louis Salvail, Prof. Amr Youssef and Prof. David Grondin for their

time and comments.

I would like also to thank all my colleagues at Network Research Lab (NRL) for the beneficial discussions, research collaborations, and continuous exchange of knowledge. No doubt all NRL members are great people.

I am especially thankful to my first advisor in doing research, who showed me how to be a good researcher, Prof. Javad Mohajeri at Sharif University of Technology. He was always patient, kind and willing to discuss with me about my ideas. I acknowledge his support and encouragement and I wish him health and success.

Last but not least, I would like to say Thank you ! to my family, my father, my mother and my brother for their affection and support during my life.

Chapter 1

INTRODUCTION

Nowadays, we witness the increasing use of capabilities provided by cloud players, such as Dropbox, Microsoft, Google and Amazon in the market. Some cloud applications, such as iCloud and Dropbox [10, 11] provide storage for users to easily upload their files, have access to them elsewhere from mobiles, iPads or other computers and share them with other people. Some others, such as Google Compute Engine [12] and Amazon’s AWS EC2 [13] provide computation resources for users to perform complicated calculations. While using cloud provides unlimited resources for users, both enterprises and individual users have some security and privacy concerns to keep their data safe and secret from other Internet users and even service providers [14].

In this chapter, we start by presenting the context of the thesis ; particularly, we describe mobile cloud computing, its characteristics and challenges. Then, we present the problem of data access control as one of the key security challenges in mobile cloud and the contributions of the thesis. Finally, we present the organization of the thesis.

1.1. Cloud Computing

In recent years, Cloud Computing (CC) has attracted great attention and frameworks like

Amazon Web Services, Microsoft Azure and Google App Engine which have gained a lot of

popularity among cloud consumers. CC delivers application as services over the Internet and provides the hardware in the datacenters to support those services [15]. CC does not have a common and precise accepted definition yet [16]. However, National Institute of Standards

and Technology (NIST) [17] introduced CC with five essential characteristics : on-demand self-service, rapid elasticity or expansion, broad network access, resource pooling, and mea-sured services [18]. Furthermore, CC can be defined as a flexible and scalable platform to provide virtualized resources to end users through the Internet [19]. Basically, CC archi-tecture offers three service models, namely : (a) Infrastructure-as-a-Service (IaaS), which enables provision of compute, storage and networking elements (e.g. Amazon Elastic

deploy, test and verify custom applications (e.g. Google App Engine and Microsoft Azure) ; and (c) Softwaas-a-Service (SaaS), which supports software distribution with specific re-quirements (e.g. SalesForce). Additionally, another view introduces cloud computing with five architectural components as clients, applications, platforms, infrastructure and servers [15].

1.2. Mobile Cloud Computing

CC allows users to use resources in a dynamic and on-demand fashion, which enables

rapid provision and release of applications with minimal management efforts or service provi-ders’ interactions. Mobile Cloud Computing (MCC) has been introduced as the combination of cloud computing, mobile computing and wireless networks. MCC has developed thanks to the rapid explosion of mobile applications and the support of cloud computing for a variety of services for mobile users. This combination makes powerful computational resources for mobile users, network operators, as well as cloud servers. It reduces the development and running cost of mobile applications, achieves rich experience of a variety of mobile services with low cost, and provides a promising solution for green IT [20], [21], [22].

1.2.1. Definition

According to MCC forum, definition of MCC is "mobile cloud computing at its simplest, refers to an infrastructure where both the data storage and data processing happen outside of the mobile device. Mobile cloud applications move the computing power and data storage away from mobile phones and into the cloud, bringing applications and mobile computing to not just smart phone users but a much broader range of mobile subscribers" [23]. Aepona describes MCC as "a new paradigm for mobile applications whereby most of data processing and storage associated with the applications is moved off the mobile device to powerful, centralized computing platforms located in clouds. These centralized apps are then accessed over the wireless connection based on a thin native client or web browser on the devices" [24].

1.2.2. Architecture

The architecture of MCC can be described as follows (see Figure 1.1) : A mobile user can connect to a mobile network via base stations (either satellites, Access Points (APs) or

Base Transceiver Stations (BTSs)). A base station works as a functional interface for the

network and send user’s queries including his request and information to a central mobile network processor. Mobile network processors, which are connected to servers providing mobile network services, recognize required information for connection such as location and

ID of the connection, connect to servers providing mobile network services, and forward the

provide appropriate services for mobile devices. It is interesting to note that these services are deployed in cloud data centers with the concepts of virtualization, utility computing and

Service-Oriented Architecture (SOA) in the form of web, application, and database servers.

Figure 1.1. Mobile cloud computing architecture [9] 1.2.3. Motivation

Mobile devices have recently increased considerably in numerous entities like governmen-tal agencies, enterprises, social service providers (e.g. police, fire departments), healthcare, education, and engineering organizations [25], [26]. Processing capability, energy resources, local storage and security, safety and privacy of data are some of limitations of mobile devices. These limitations influence the usability and durability of real-time mobile applica-tions, such as m-gaming, m-health, which require the smooth application execution in MCC. To overcome these shortcomings and improve the performance of compute-intensive mobile applications, the applications are migrated from mobile device to the cloud and employ the services and resources available there [27], [20].

1.2.4. Characteristics

In [28], the authors enumerate and compare the characteristics and features of CC and

MCC in terms of significance of issues. Table 1. I presents a summary of this comparison.

Issue Cloud Computing Mobile Cloud Computing

Device Energy ◊ X

Bandwidth Utilization Cost _{◊ X}

Network Connectivity _{◊ X} Mobility _{◊ X} Context Awareness _{◊ X} Location Awareness _{◊ X} Bandwidth _{◊ X} Security _{X X}

Table 1. I. Significance of the issues in cloud computing and mobile cloud computing

1.2.5. Advantages

MCC is a promising solution to overcome difficulties of mobile computing ; indeed, the

advantages of MCC include (a) extending battery lifetime ; (b) improving data storage ca-pacity and processing power ; and (c) Improving reliability. In addition, MCC inherits the advantages of CC for mobile services : (a) dynamic on-demand provisioning of resources on a fine-grained and self-service basis ; (b) scalability of mobile applications to unpredictable user demands due to flexible resource provisioning ; (c) multi-tenancy of resources and costs between service providers ; and (d) ease of integration of multiple services from different service providers through the cloud and the Internet to meet the user’s demands [29]. 1.2.6. Challenges

In [1], the authors describe five challenging issues for building MCC applications, survey existing solutions in the literature, research gaps, and suggest some future research directions for building MCC applications to overcome these challenges. Table 1. II shows a summary of their findings.

1.2.7. Security Concerns and Challenges

Despite the benefits of CC and MCC, most IT and chief executive officers are concern about the risks associated with security and privacy of enterprises’ stored-data. The IDC survey shows that security is the most important concern for enterprises while using this technology [30]. According to [31], we can classify security challenges of CC into six cate-gories : (a) authentication and identity management, which can help authenticate users and services based on credentials and characteristics ; it investigates interoperability drawbacks that could result from using different identity tokens and identity negotiation protocols ; (b) access control and accounting, which addresses access control models to protect users’ data

Challenges Existing solutions Future directions Code/computation offloading Static partitioning, Dynamic

pro-filing, Local/cloud processing deci-sion

Automation of code, computation offloading

Task-oriented mobile services Mobile data as a service, Mobile computing as a service, Mobile multimedia as a service, Location based services

Creating human-centric task-oriented mobile services

Elasticity and scalability Data intensive computation, Re-source allocation, Scheduling, VM migration

Design and validation of resource allocation, scheduling algorithms using valid traffic models for MCC applications

Security Authentication, Authorization Cloud-to-mobile authentication, Authorization without releasing user credential

Cloud service pricing Data/code integrity, Auctio-ning/bidding, Game theory based

Code integrity verification, Empi-rical validation, Pricing optimiza-tion

Table 1. II. Mobile cloud computing : challenges, existing solutions, and future research areas [1].

and providing fine-grained access for different users ; this category must integrate privacy-preserving requirements expressed by a set of rules ; (c) trust management and policy in-tegration, which considers heterogeneity among the cloud provider policies and develops a trust framework to adaptively support policy integration ; (d) secure-service management, which addresses quality of service, price, and service-level agreement in service search and composition ; it develops an automatic and systematic service provisioning and composition framework in which security and privacy issues play a crucial role ; (e) privacy and data protection, which address security risks and protection of data against those risks ; and (f) organizational security management, which helps organizations adopt cloud computing and immune them against risks associated with moving to the cloud. Although all of these fea-tures are fundamental and vital to the security of CC, this thesis focuses on access control issue.

1.3. Access Control

In this thesis, we concentrate on access control as a security concern for MCC. An access control model is typically designed to provide authorization, authentication, access approval, and audit. It can protect data from (a) unauthorized use and disclosure (confidentiality) ; and (b) unauthorized or improper modification and destruction (integrity). Such a protection can be achieved by ensuring that decisions, for access requests by users for protected objects (data), should go through certain operations that are regulated by a set of access control policies [32].

1.3.1. Access Control and Challenges in Cloud Computing

Sharing of physical resources among potential untrusted tenants can cause some security and access control challenges in the cloud, which increase the risk of side-channel attacks. The interference of computation among tenants can cause unauthorized information flow. Heterogeneity of services in cloud computing environments causes different degrees of gra-nularity in access control mechanisms. Therefore, an inadequate or unreliable access control mechanism can increase the risk of unauthorized use of resources and services in the cloud. Beside preventing these types of attacks, a fine-grained access control mechanism can help in implementing standard security measures. Such access control challenges and the complexi-ties associated with their management need adequate security architecture to satisfy access management requirements and ensure secure inter-operation across multiple clouds [33].

1.3.2. Access Control and Challenges in Mobile Cloud Computing

Multi-tenancy1_{, elasticity}2_{, massive scalability}3_{, and mobility cause unique novel}

challenges to authorization and access control in mobile cloud. Multi-tenancy makes the co-residency of machines (e.g. virtual machines, database engines etc.) and other resources, owned by different tenants, at the same privileged access level in the cloud with respect to others. This results in exploiting vulnerabilities in the hypervisor ; also running processes on different clients will add more security breach concerns. Dynamicity of mobile cloud4

results in (a) changing active users over the time ; (b) creating or modifying resources that need protection ; and (c) changing users’ access requirements to resources during applications runtime. Mobility of users allows them to move from one service provider to another and obtain the requested services and resources that are provided, distributed and managed by different service providers. To support mobility of users and obtain specific requested services, coordination and interaction of different providers are required. Thus, proper authorization and access control techniques should not only protect resources from unauthorized disclosure and modification of attackers, but also should allow segregation of tenants from one another, and isolation of computation, storage and network resources of the cloud provider from tenants [34].

1. Multi-tenancy refers to an architecture in which a single instance of a software application serves multiple customers

2. Elasticity means that the resource capability appears to be unbounded and can be purchased in any quantity at any time.

3. Scalability relies on allocating proper computing resources to each virtual machine and allowing virtual machine migration for load balancing across multiple clouds or data centers

1.3.3. Access Control : Different Approaches

There are four approaches to data access control [35, 36] : (a) Discretionary Access

Control model (DAC) [37] ; (b) Mandatory Access Control model (MAC) [38] ; (c) Role-Based

Access Control model (RBAC) [39] ; and (d) Attribute-Based Access Control model (ABAC) [40, 41]. In DAC, data owners determine the access decisions and is based on the identity of subjects (users) and objects (data) (Figure 1.2a). In MAC, a security policy administrator centrally controls and determines access control decisions based on labels of object (security classification label) and subjects (security clearance labels) ; data owners do not have the ability to override the policy (Figure1.2b). There are several open issues in DAC and MAC in terms of scalability and dynamic adaptability to changes in security policies [38]. In

RBAC, access to data is based on the role of subjects or their specific job functions ; the data

access decisions are made based on the mapping between (a) subjects and roles, and (b) roles and permissions, according to assignments of subjects to roles and roles to permissions (Figure 1.2c). RBAC is known for its simple administration of permissions for large number of users. However, since RBAC supports coarse-grained and predetermined access control, due to the use of roles and the assignments of roles to users, it is hard to define and structure roles supporting dynamic changes of environment conditions (e.g. user’s current location, the object being currently in a specific state, and the time of day when the access is requested [42]) [39]. ABAC uses attributes of subjects, objects and environments to describe and differentiate them from all others. Based on assigned attributes of a subject, assigned attributes of an object, environment conditions, and a set of policies, that are specified in terms of those attributes and conditions, access requests of the subject to perform an operation on the object are granted or denied [43, 35] (Figure 1.2d).

1.3.4. Attribute-Based Encryption

Despite unlimited resources provided by cloud, data owners can not rely on cloud ser-vice providers to store their data, enforce access policies, and grant permissions to perform operations on the data for users. Attribute-Based Encryption (ABE) is a cryptographic access control mechanism that makes access decisions based on attributes and policies in an encrypted way [44,45]. It allows data owners to define access policies and encrypt data based on that policy. It is a one-to-many public-key cryptography used to enforce the fine-grained access policies for large-scale systems. There are two types of ABE : (a) Key Policy ABE

(KP-ABE) [45], and (b) Ciphertext Policy ABE (CP-ABE) [46]. KP-ABE uses attributes to describe the encrypted data and associates a key with access structures describing the ciphertexts that the key holder will be allowed to decrypt. CP-ABE embeds access structures, policies defined by data owner, in the ciphertext and provides access such that encrypted data can be decrypted only by a user possessing a set of attributes. Verifying the legitimacy of a

Object 1 Subject 1 Subject 2 Subject 3 Subject 4 Object 2 Object 3 (a) DAC Object 1 Subject 1 Subject 2 Subject 3 Subject 4 Object 2 Object 3 Top Secret Secret Classified (b) MAC Subject 1 Subject 2 Subject 3 Subject 4 Object 2 Object 3 Role 1 Role 2 Role 2 Object 1 (c) RBAC Subject _Object .. . Object Attributes Access Policy .. . Subject Attributes Enviroment Conditions Rule Decision Enforce (d) ABAC Figure 1.2. Access control : different approaches

user for a set of attributes and issuing the corresponding user secret key is either done by (1) a fully trusted single authority, or (2) multiple authorities where each of them is responsible for a subset of attributes [47, 6, 48, 49]. Based on the attributes associated with user, and also based on access policy embedded in ciphertext, different users are able to access different pieces of data. Since ABE encrypts data without exact knowledge of receivers, it is suitable for large-scale applications [50].

1.4. Motivation and Objective

The research presented in this thesis has been conducted with the objective of providing secure access control schemes for authorized mobile users of the cloud. Due to the risks associated with security and privacy of enterprises’ stored data in the cloud, most IT and chief executive officers are concerned about using this type of technology. These concerns grow more due to the fact that users/employees tend to use wireless devices (e.g. laptops and smart phones) to stay connected while moving across/outside the enterprise instead of staying at their offices and do their jobs or daily activities [51]. More specifically, providing authorized access to stored data in the cloud is more critical for dynamic resource-constrained mobile users.

In this thesis, we investigate security threats and challenges related to access provision of data stored in the cloud for mobile users. Since sensitive data should be kept secure and

Attribute Authority

Secret KeySarah:

“manager”

“IT dept.” User (Sarah) Secret KeyKevin:

“manager” “sales” User (Kevin)

Data Owner

Public Key

Master Secret Key

Plaintext

Ciphertext

Ciphertext

Ciphertext

Figure 1.3. Ciphertext policy attribute-based encryption (example)

only accessible by authorized users, it should be encrypted before uploading. Attribute-Based

Encryption (ABE), is a cryptographic approach that allows data owners to encrypt data, and

provides fine-grained access control using defined policies and constraints. However, using

ABE for mobile cloud has challenging issues related to anonymity, mobility and limited

computational resources of mobile devices. To address these issues, this thesis concentrates on providing secure access control for mobile cloud which guarantees security of cloud-stored data as well as privacy of users.

The first part of the thesis addresses the problem of providing user privacy in attribute-based encryption. Since, in ABE, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. 1990 U.S. Census summary data shows that 87% of the population in the United States had reported attributes that likely made them unique based only on 5-digit ZIP code, gender and date of birth [52, 53]. Hence, malicious authorities and providers (i.e. cloud service providers) may aggregate different attributes of users like gender, age, blood type, etc., re-identify them and relate their critical and sensitive information to their identities. Thus, supporting anonymity of users requires providing anonymity for the combination of attributes containing users’ individual-specific information which may be used to re-identify them.

Several anonymous attribute-based encryption have been proposed to deal with this issue [54, 2, 3,4,5]. In [54], Zhang et al. proposed match-then-decrypt technique to anonymously verify the users’ legitimacy, match the ciphertext policy by CSPs before decryption, and

reduce the computation overhead of users in decryption process. In [4], Zhang et al. extended [54] and proposed match-then-re-encrypt technique to anonymously match and update policy, and provide anonymous ciphertext-policy attribute-based proxy re-encryption. In [5], the authors proposed an anonymous CP-ABE scheme secure against adaptive chosen-ciphertext attack, which extends their previous contribution [54]. In [2], Jung et al. extended [55] and proposed a multi-authority access control scheme and reported that their work supports data privacy, users’ anonymity and data access privilege. In [3], Jung et al. extended [55] to make it immune against the leakage of master secret key. However, our cryptanalysis results (see Section 3.4) show that all of them are vulnerable to (1) user anonymity attacks [54, 5, 4] ; (2) user authorization attacks [2] ; (3) coarse-grained access control [2, 3] ; and (4) user and authority collusion attacks [3].

The second part of this dissertation focuses on the problem of supporting secure and lightweight location-based access control for mobile users of the cloud. In this part, we inves-tigate providing Location-Based Services (LBSs) for attribute-based access control in mobile cloud. In LBSs, location of a device represents one of the most important contextual in-formation about that device and its owner ; it is exploited to improve data security, and to support access to services and information provided by the cloud for mobile users. Un-like other policies and attributes used in attribute-based encryption, location of user is an intrinsic dynamic attribute changing over time. Nevertheless, by integrating access control mechanisms with conditions based on the physical position of users, we can improve data security and immune users data against unauthorized accesses and disclosures. Furthermore, in some applications, we need this information to provide convenient services for mobile users based on their positions (e.g. social networking as an entertainment service which uses information on the geographical position of the mobile device). Thus, in the second part of this thesis, we concentrate on providing LBSs for ABE, which not only provides access of data based on attributes of users (including their real-time locations), but also protects identities of users against malicious authorities and providers.

In the literature, only a few location-based access control schemes have been proposed to be used in mobile cloud [56, 7, 8]. In [56], Androulaki et al. proposed a scheme based on traditional access control in which servers are trusted. The scheme uses onion encryption to increase the security and decrease trust level of servers ; it also adds an encryption layer to model the time. In [7], Shao et al. used ciphertext policy anonymous attribute-based encryp-tion [57] to provide location privacy, and confidentiality of location-based service data and access policy. In [8], Zhu et al. proposed a scheme, based on comparison-based encryption [58], to construct a special-temporal predicate-based encryption by means of secure integer comparison. However, existing contributions suffer from several drawbacks : (1) high com-putational overhead on data owners to enforce access policies and encrypt data for each user [56] ; (2) declaring fake location by malicious users and getting ineligible access to services

and information [7, 8] ; (3) breaking the location privacy of mobile users when the coarse locations are not sufficiently dense [8] ; and (4) giving the role of data owner, that defines access policy and encrypts data, and Location Service Provider (LSP), that provides location services, to the same entity [7, 8].

Finally, in the last part of the thesis, we investigate providing spatio-temporal anonymous location-based access control for mobile cloud. In the second part of the thesis, we assumed that LSP, which provides location access right for each user and knows location informa-tion of the user, is honest. In this part, we assume that LSP can be malicious and with this assumption, we show that only protecting identities of users is not enough to preserve their anonymity. A malicious LSP may keep current locations, previous movements and other tracking information for individual users. It may store users’ spatio-temporal location infor-mation, and spy on their activities, preferences, health, backgrounds and other aspects of their private life. Even, it may uniquely or nearly uniquely identify users using their spatio-temporal tracking information [59,60,61]. Unicity test shows that only four spatio-temporal chosen points are enough to uniquely identify 95% of the individual users [62]. Such com-bination of spatio-temporal location information, which disclose users’ individual-specific identification is called the quasi-identifier of users [63, 64]. Thus, supporting anonymity of users and protecting their identities require protecting their spatio-temporal location infor-mation as well as their identities.

Providing privacy protection location-based access control for cloud mobile users has been studied in [56, 7, 8, 65, 66]. To the best of our knowledge, our proposed scheme is the first location-based access control scheme, which supports spatio-temporal statistical anonymity for mobile users ; none of the existing contributions supports users’ untraceability and provides users’ anonymity against spatio-temporal statistical analysis without trusting

LSP, authorities and providers.

1.5. Contributions

In this thesis, we made three contributions to, respectively, (1) provide privacy preserving anonymous access of resources in the cloud ; (2) provide secure and lightweight location-based access control for mobile cloud ; and (3) protect spatio-temporal anonymity for location-based access control in mobile cloud.

1.5.1. Providing Privacy Preserving Anonymous Access of Resources in the Cloud

To address the issue of proving privacy preserving anonymous attribute-based access of resources in the cloud, first we introduce statistical anonymity model for attribute-based en-cryption. In particular, we define K-anonymity of attributes, formulate quasi-identifier, and extend K-anonymity model of attributes to quasi-identifier of users. Providing K-anonymity

for quasi-identifier of users makes users anonymous and protect them against attributes sta-tistical analysis. It is worth noting that recognizing and protecting quasi-identifiers represent research topics in data mining as well [53, 67, 68, 69]. Next, we provide cryptanalytic re-sults for existing contributions in anonymous attribute-based encryption (i.e. [2,3,4,5]) and show their vulnerabilities in users collusion attacks, authorities collusion attacks, user au-thorization and user anonymity protection. Then, we propose a Fine-grained Access Control

Scheme (FACS), which supports multi-authority authorization, anonymizes user identity

(without trusting any authority or provider), and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. To provide K-anonymity and make

FACS immune against statistical analysis, we propose an extension to FACS, called EFACS. EFACS supports user statistical anonymity without trusting authorities and providers. In

this scheme, even if cloud service providers collude with adversary, they can not guess the attributes embedded in quasi-identifier and consequently can not re-identify the user who has sent his request to access a ciphertext stored in the cloud. This contribution is the subject of chapter3 of the thesis. The content of this chapter has been submitted for publication in

IEEE Transactions on Dependable and Secure Computing : Baseri, Y., Hafid, A., Cherkaoui,

S., Ray, I., "Privacy Protection and Anonymity Preservation in Cloud Data Access Control". 1.5.2. Providing Secure and Lightweight Location-Based Access Control for

Mo-bile Cloud

To address the issue of providing secure and lightweight location-based access control for mobile users of the cloud, we propose a new Privacy Preserving Location-Based Access

Control (PPLBAC) scheme which supports coexistence of authorities, provides anonymity

of users and protects their identities against malicious authorities. The proposed scheme uses dynamic location of mobile users as contextual information about those users, employs lo-cation range constraints as a policy in attribute-based encryption and authorizes users with dynamic locations satisfying access policies. The proposed attribute-based encryption is in-tegrated with proxy re-encryption to (a) transform secret information received from different authorities and protect users’ identities from disclosure to cloud server, and (b) outsource the computation to a cloud server with unlimited computational power. This results in achieving more efficiency and reducing the computation cost on resource-constrained mobile users. To the best of our knowledge, this is the first work suitable for dynamic location-based access control in mobile cloud to achieve multi-authority and fine-grained access control, provide dynamic anonymous and unforgeable location and support confidentiality of users without imposing significant computational overhead on mobile devices. This contribution is the sub-ject of chapter4 of the thesis. The content of this chapter has been accepted for publication in Computers & Security, Elsevier Journal : Baseri, Y., Hafid, A., Cherkaoui, S., "Privacy Preserving Fine-grained Location-based Access Control for Mobile Cloud".

1.5.3. Protecting Spatio-Temporal Anonymity for Location-Based Access Control in Mobile Cloud

Finally, to address the issue of protecting spatio-temporal anonymity for location-based access control in mobile cloud, we propose a new privacy preserving dynamic

Location-Based Access Control Scheme (LBACS) for dynamic cloud mobile users. Aiming to introduce LBACS, first, we propose a Decentralized Multi-Authority ABE scheme, called IDMA-ABE,

to support range policies and define intervals for domains of attributes/constraints. Then, based on IDMA-ABE, we introduce LBACS that supports coexistence of static and dyna-mic attributes for mobile users, provides decentralized multi-authority, considers intervals as well as specific values for domains of attributes/constraints, and protects identity of users against malicious CSP. LBACS uses real-time dynamic locations of users as contextual in-formation, employs location range constraints as range policies in ABE and authorizes users with locations that satisfy those policies. To provide statistical-anonymity and make LBACS immune against LSP’s spatio-temporal statistical analysis of individual users, we propose an extension to LBACS called ELBACS. ELBACS supports user spatio-temporal statistical anonymity without trusting authorities, including LSP, and CSP. This contribution is the subject of Chapter5of the thesis. The content of this chapter has been submitted for publi-cation in IEEE Transactions on Information forensics and security : Baseri, Y., Hafid, A., Cherkaoui, S., "Spatio-Temporal Anonymous Location-Aware Data Access Control in Mobile Cloud".

1.6. Organization of the Thesis

The rest of this dissertation is organized as shown in Figure1.4. Chapter2presents a cri-tical review of the pertinent literature in the context of the problems stated earlier. Chapter3

presents "Privacy Protection and Anonymous Preservation in Cloud Data Access". Chapter4

presents "Privacy Preserving Fine-grained Location-based Access Control for Mobile Cloud". Chapter 5 presents "Spatio-Temporal Anonymous Location-Aware Data Access Control in Mobile Cloud". Finally, Chapter 6 concludes the dissertation and outlines future research directions.

1.7. List of Publications

In this section, we list the papers produced in the context of this thesis :

1. Y. Baseri, A. Hafid, S. Cherkaoui, Ray, I. Privacy Protection and Anonymity Preservation in Cloud Data Access Control. Submitted for publication in IEEE Transactions on Dependable and Secure Computing, 2017.

Chapter 1

Introduction

Chapter 2

Literature Review

Chapter 3

Privacy Protection and Anonymity Preservation in Cloud Data Access Control

Thesis

Secure Access Control in Mobile Cloud

Chapter 4

Privacy Preserving Fine-grained Location-based Access Control for Mobile Cloud

Chapter 5

Location-Based Authoriz-ation for Spatio-Temporal Anonymous Access Control in Mobile Cloud Chapter 6 Coclusion Anonymity Model: From Identity to Attributes Cryptanalysis of Related Work Fine-grained Access Control Scheme (FACS) Extended Fine-grained Access Control Scheme (EFACS) Location-Based Access Control Scheme (LBACS) Extended Location-Based Access Control Scheme (ELBACS) A decentralized MA-ABE supporting intervals for domains of attributes and policies A centralized MA-ABE advocating intervals as well as points for domains of attributes and policies Privacy Preserving Location-Based Access Control Scheme (PPLBAC) extending extending

Figure 1.4. Organization of the thesis

2. Y. Baseri, A. Hafid, S. Cherkaoui. Privacy Preserving Fine-grained Location-based Access Control for Mobile Cloud. Accepted for publication in Computers & Security, Elsevier Journal, 2017.

3. Y. Baseri, A. Hafid, S. Cherkaoui. Spatio-Temporal Anonymous Location-Aware Data Access Control in Mobile Cloud. Submitted for publication in IEEE Transactions on Information Forensics and Security, 2017.

4. Y. Baseri, A. Hafid, S. Cherkaoui, A. Togou. Controlling Cloud Data Access Privilege : Cryptanalysis and Security Enhancement. In 2017 IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC2017), Montreal, Canada, 2017.

5. Y. Baseri, A. Hafid, S. Cherkaoui. K-anonymous Location-based Fine-grained Access Control for Mobile Cloud. In 2016 13th Annual IEEE Consumer Communications and Networking Conference (CCNC 2016), Las Vegas, USA, 2016.

Chapter 2

LITERATURE REVIEW

In this thesis, we mainly focus on analysis and design of attribute-based access control schemes for mobile cloud. Therefore, in this chapter, we present the literature review re-garding access control issues to provide secure and efficient access of data for mobile cloud users. We investigate attribute-based encryption, its challenges and existing solutions. More specifically, we analyze the strengths and limitations, in the context of access control, with respect to the characteristics of mobile cloud including dynamicity, mobility and and scarce computing resources for mobile users. In our study, we investigate design and analysis of (a) an access control scheme providing anonymous access of resources stored in the cloud ; (b) a lightweight and secure location-based access control scheme for dynamic mobile users ; and (c) a spatio-temporal-anonymous attribute-based access control scheme for mobile cloud users to have access permission based on their dynamic locations.

2.1. Attribute-Based Encryption

The main objective of access control is to release information only to authorized users ; this is called fine-grained access control. Attribute-Based Encryption (ABE) is a cryptogra-phical approach to provide fine-grained access control of encrypted data stored in the cloud. It was introduced in [44], as an extension of Identity-Based Encryption (IBE) [70], in which a data owner can encrypt a message specifying an attribute set and a threshold number. Each recipient who has at least the threshold number of the given attributes can decrypt the message. The threshold semantic of IBE [44] can only express the minimum number of attributes a user should have to get access to a resource or service. Thus, it is not very expressive to allow for the description of policies in more general access control structure.

Key Policy Attribute-Based Encryption (KP-ABE) has been proposed in [45] as an exten-sion of ABE [44] to achieve fine-grained access control and provide more generalized access control structure. In KP-ABE, a key is associated with a boolean formula representing access policy and a ciphertext with a set of attributes. A user can decrypt a ciphertext if the set of attributes associated with ciphertext satisfies the boolean formula embedded in his key.

In KP-ABE, since access policies are embedded in users’ private keys, data owners lack the ability to control who can decrypt the data. Moreover, enforcing access policies requires a trusted server to store the data and mediate access control. However, if the server storing the data is compromised, the confidentiality of the data will be breached.

To overcome the challenging issues of KP-ABE, Ciphertext Policy ABE (CP-ABE) has been introduced in [46]. In CP-ABE, a key is associated with a set of attributes and the data owner encrypting data embeds a policy in the ciphertext. Thus, based on policy embedded in ciphertext, different users are able to access different pieces of data based on the attributes associated with their keys. In addition, data owners are able to determine who can decrypt ciphertext, and update policy by only changing access structure embedded in ciphertext.

Both KP-ABE and CP-ABE can express only monotone access structure that is asso-ciated with a Boolean formula consisting of AND, OR, or threshold gates (and not NOT gate). To express negation of attributes, the authority can explicitly include attributes that express absence of attributes in the attribute space [45]. For example, in KP-ABE, to encrypt a message for attribute x1, one should encrypt the message for a set that includes x1 and attributes Not xj (’j ”= 1). Then, a user whose private key satisfies Not x2 ia able to decrypt

the ciphertext and recover the message as desired (since Not x2 œ {x1, N ot x2, N ot x3, . . . ,}) [71]. This solution is not appropriate for many applications, because the number of attributes will be doubled causing considerable overhead. To express non-monotonic access structure and reduce the number of negative attributes, the authors in [72] presented the first

Non-Monotonic ABE (NM-ABE) ; however, their scheme still has overhead on the system [73]. Indeed, each attribute adds a negative word to describe it, while some but not all of them are useful to decrypt the ciphertext. As a consequence, the overhead generated by scheme [72] is considerably increased.

2.1.1. ABE and Challenges of Providing Data Access for Mobile Cloud

Although ABE ensures security of cloud-stored data and provides fine-grained access control, using it as an access control mechanism for mobile cloud users introduces some critical challenges including : (a) high computational overhead : the computational cost grows with the complexity of the access formula ; (b) dynamic attribute/policy update : attributes are shared among an arbitrary number of users ; thus, changing an attribute/policy may involve key update for other users and/or re-encryption of data stored in the cloud. This may happen a lot for mobile users ; (c) user anonymity protection : a single authority knows about all attributes requested by a user. Thus, it can easily identify the user and consequently break his anonymity ; (d) attribute anonymity protection : users are identified by their attributes ; collecting and analyzing these attributes may reveal their identities and violate their anonymity ; (e) handling temporal and continuous attributes : temporal (or time varying) attributes are very common in mobile cloud ; (f) supporting time-triggered access

control : it is required by real-time applications ; (g) mobility : the location is an attribute which should be dynamically updated ; each time the location of a mobile user changes, the entire secret key of that user must be changed. Hence, an efficient location updating method for mobile users without changing their entire secret keys is required.

2.1.2. ABE : Techniques to Overcome Challenges

To overcome the challenges of ABE, solutions including outsourcing, key revocation and policy update, multi-authority, anonymous encryption, temporal and comparison-based en-cryption, and location-aware encryption have been proposed [74, 75, 76, 77, 78, 79, 80, 77,

81, 82, 83, 45, 84, 85, 86, 87, 48, 88, 54, 5, 4, 2, 58, 89, 90, 91, 56, 7, 8, 65]. Table 2. III

summarizes challenges, existing solutions, and their limitations for access control in mobile cloud.

2.1.2.1. Outsourcing of Computations

One of the main challenges of ABE is that the decryption involves expensive compu-tational pairing operations ; this compucompu-tational complexity increases with the complexity of access policy. One solution is to outsource decryption to the cloud server in ABE. We can use homomorphic-based techniques proposed in [74, 75] to outsource the decryption of ciphertexts. However, this solution has high computational overhead [92]. In [76], Green et al. proposed a method to outsource the highly computational pairing in decryption to the cloud server. In this method, a user provides a transformation key to the cloud server. Then, the cloud server transforms ABE ciphertext, which is satisfied by the user’s attributes, to an ElGamal ciphertext [93]. The transformed ciphertext incurs only a small computation to decrypt. This type of outsourcing has been used in several ABE access control schemes [94, 82, 95]. The outsourcing, proposed in [76], provides a way to transfer all the expensive pairing to the cloud server. However, it does not guarantee the correctness of transformations launched by untrusted cloud server. Hence, other schemes have been proposed where all the transformations, performed by cloud server, can be verified by the user [78, 79, 80,77, 77]. 2.1.2.2. Dynamic Attribute/Policy Update

In ABE, when a user leaves the set of authorized users or some of his attributes are revoked, his private key is no more valid. This leads to a new key generation and re-encryption of the ciphertext with a new key to handle key revocation1_{. This becomes more challenging}

when ABE is used to describe dynamic contextual policies/attributes to provide access decision.

To deal with the key revocation issue in ABE, Yu et al. [81] proposed a key revoca-tion algorithm for CP-ABE. This solurevoca-tion requires a trusted proxy server to decide which

1. A revoked user is a user whose certificate is cancelled and should no longer be trusted

users can update their secret keys according to the revoked user identity list. Hur et al. [82] proposed a key revocation algorithm for CP-ABE based on stateless key distribution and access control on the attribute level. However, the algorithm requires a trusted authority and imposes expensive pairing operations on data owners. In [83], Tysowki et al. propose an efficient revocation algorithm which does not require removal of attributes. Consequently, there is no need for key re-generation. The revocation algorithm can be performed by a cloud server without involvement of the data owner. However, the algorithm still requires a trusted cloud server to re-generate the ciphertext with a new revocation key.

Revocation of dynamic attributes for mobile users (e.g. time) requires changing of access policies defined by data owner. To deal with policy update issue, data owner can retrieve a copy of data already stored in the cloud, re-encrypt it under new policy and upload it to the cloud. This method imposes high computation and communication overhead on data owner. The other solution which was suggested to deal with policy update issue is the use of key delegation mechanism (as discussed in [45] and [84] for KP-ABE and CP-ABE respectively). However, this methods would be able to update policies to more restrictive ones. Yang et al. [85] proposed a policy updatable attribute-based encryption based on an adopted multi-authority CP-ABE scheme [48]. They outsourced policy update to cloud server and proposed a multi-authority ABE scheme, which supports policy update in an efficient way. Although for policy update, the cloud server does not have access to plaintext, it is still trusted to update the policies of encrypted data. To the best of our knowledge, there is no efficient attribute/policy update mechanism to handle real-time dynamic contextual attributes of mobile users.

2.1.2.3. Multi-Authority Attribute-Based Encryption

Providing fine-grained access control for ABE requires issuing different attributes for each user. These attributes can be issued either by a single authority or multiple authorities. In single authority ABE, the authority should be fully trusted to verify users’ legitimacy and issue all secret keys. While, in multi-authority ABE, each authority verifies the legitimacy of users for a part of attributes it is responsible for, and issues their corresponding secret keys.

Multiple authorities may cause some challenges regarding encryption security, and pri-vacy of users [96]. Chase [86] proposed the first Multi-Authority ABE (MA-ABE), which supports simultaneous existence of authorities ; each one issues a subset of attributes for a particular user. However, the scheme uses a trusted third party to synchronize authorities, which may act maliciously and causes security breaches. In [87], Chase and Melissa improved [86] to support multiple authorities without requiring a trusted third party. In their scheme, each user should be authorized by each authority and take at least one attribute from each, even if not required. Lewko and Waters [48] proposed a Decentralized MA-ABE (DMA-ABE) in which neither global coordination nor trusted third party are required and users can get