Secure multi-authority attribute-based encryption access control with cache-aware scheduling in mobile cloud computing

Mobile Cloud Computing (MCC) is the combination of cloud computing, mobile computing, and wireless network to bring rich computational resources to mobile users, network operators, as well as cloud computing providers. MCC has raised various security concerns and delayed access due to hosting sensitive data on an untrusted cloud environment, and the control over such data by their owners is lost after uploading to the cloud. Fine-grained access control using Attribute-Based Encryption (ABE) mechanisms can be enforced as the first line of defense on the untrusted cloud to forbid unauthorized access to the stored data. Some schemes have been proposed to deliver such access control using Ciphertext-policy attribute-based encryption (CP-ABE) that can enforce data owners’ access policies to achieve such cryptographic access control and tackle the majority of those concerns. However, some challenges are still outstanding due to the complexity of frequently changing the cryptographic enforcements of the owners’ access policies in the hosted cloud data files, and the key issuing process which poses computational and communicational overheads to data owners. These challenges are: 1) single point failure in the cryptography scheme, 2) key abuse problem in the key generating process, and 3) delayed access to the data in the cloud for the user. This thesis analyzed some of the existing, related issues and proposed a scheme that extends the relevant existing techniques to resolve the inherent problems in CP-ABE without incurring heavy computation overhead. In particular, the Certificate Authority is a single entity that leads to a single point of failure, while the Attribute Authority works independently. A user’s secret key to acquire data from the cloud will not be generated if there is a failure in one of the Attribute Authority’s nodes. The proposed scheme offers a solution to perform a novel technique using a neighbor node backup concept that will minimize the mean downtime and increase the availability of the scheme during the failure of one or more authority nodes. Each authority node will have a failover node that will take over the failed node function to maintain the scheme operation. Furthermore, in all ABE schemes, a single point of failure runs in a centralized storage manner, which in return may collapse the system. Although the key generator is distributed among the authority nodes, the decision to generate user credential is based on a single decision. An adversary can force the authority to produce false private keys that can tarnish the integrity of the ABE system. To achieve the integrity of the scheme, this research proposed a decentralized attribute storage and authority consensus by lowering the Mean Time To Detect (MTTD) and maintaining the new storage count during a security attack. Also, user attributes are stored in the block storage using an InterPlanetary File System (IPFS) protocol to eliminate the concept of centralizing storage. In addition, during peak hours, increasing requests from mobile devices to the cloud storage will result in network congestion and significant delays for the cloud to entertain user requests which can cause the required data to become unavailable. By leveraging the existing work, a cache-aware scheduling technique was developed to minimize communication and read time between cloud storage and the mobile device to reduce the unavailability of required data. The proposed scheme experiment showed that the scheme managed to overcome the limitations on the existing solution. The result indicated that the Mean Downtime Time for the proposed solution was only 3.88 minutes compared to the existing solution, which was 38.56 minutes. During a security attack, the MTTD for the existing solution was very high because the existing scheme could not detect the attack. For the proposed scheme, the MTTD was very low which is 4.89 minutes, because of the consensus algorithm. Furthermore, by using the cache-aware scheduling, the proposed scheme managed to save 2.18% reads more than those of the existing work solution; this could reduce the time taken to access required data. The proposed Multi-Authority Attribute-Based Encryption with Cache-Aware Scheduling for Mobile Cloud Access Control in Mobile Cloud Computing environment analysis of the theoretical and implemented results demonstrated that the scheme performed better compared to the previous work solution in terms of availability and integrity. The proposed schemes were carefully designed to minimize computation and communication overhead to suit the device’s resource constraint in MCC.

Text FSKTM 2021 2 - IR.1.pdf Download (1MB)

Actions (login required)

View Item