根據各種原因，有很多數據管理系統將高計算量的工作量指派到公共雲服務提供商。眾所周知，一旦我們將任務委託給雲服務器，我們可能會面臨一些威脅，例如用戶屬性信息的隱私侵權;因此，一個適當的隱私保護機制是構建基於雲的安全數據管理系統（SCBDMS）的必需條件。即使服務器是以誠實但好奇的方式工作的，設計可靠的SCBDMS並且具有服務器強制的撤銷能力是一項非常具有挑戰性的任務。在現有的數據管理系統中，很少提供隱私保護撤銷服務，特別是外包給第三方時。在這項工作中，透過無意識轉移的幫助和新提出的無狀態延遲重新加密（SLREN）機制，建立了具有安全，可靠和高效的服務器強制屬性撤銷能力的SCBDMS。與相關工作相比，實驗結果表明，在新建的SCBDMS中，由於SLREN的性質，雲服務器的存儲需求和雲服務器與系統用戶之間的通信開銷大大減少。

There are lots of data management systems, according to various reasons, designating their high computational work-loads to public cloud service providers. It is well-known that once we entrust our tasks to a cloud server, we may face several threats, such as privacy-infringement with regard to users’ attribute information; therefore, an appropriate privacy preserving mechanism is a must for constructing a secure cloud-based data management system (SCBDMS). To design a reliable SCBDMS with server-enforced revocation ability is a very challenging task even if the server is working under the honest-but-curious mode. In existing data management systems, there seldom provide privacy-preserving revocation service, especially when it is outsourced to a third party. In this work, with the aids of oblivious transfer and the newly proposed stateless lazy re-encryption (SLREN) mechanism, a SCBDMS, with secure, reliable and efficient server-enforced attribute revocation ability is built. Comparing with related works, our experimental results show that, in the newly constructed SCBDMS, the storage-requirement of the cloud server and the communication overheads between cloud server and systems users are largely reduced, due to the nature of late involvement of SLREN.

口試委員審定書 1
誌謝 i
中文摘要 ii
ABSTRACT iii
LIST OF FIGURES vii
LIST OF TABLES viii
Chapter 1 INTRODUCTION 1
1.1 RELATED WORK 2
Chapter 2 SYSTEM OVERVIEW 6
2.1 SYSTEM ARCHITECTURE 6
2.2 APPLICATION SCENARIOS 8
2.3 THREAT MODEL 10
2.4 SECURITY REQUIREMENTS 11
Chapter 3 PRELIMINARIES AND SYSTEM DEFINITION 13
3.1 BACKGROUND KNOWLEDGE 13
3.1.1 Access Structure 13
3.1.2 Bilinear Pairings 13
3.1.3 Security Assumption 14
3.1.4 Proxy Re-encryption 14
3.1.5 ElGamal Cryptosystem 15
3.2 SYSTEM DEFINITION 16
3.2.1 Basic Operations 16
3.2.2 The Proposed Privacy-preserving Data Management System with Efficient Revocation Scheme 17
Chapter 4 THE PROPOSED SCHEME 20
4.1 ACCESS TREE 20
4.1.1 Access Tree Definition 20
4.1.2 Satisfying An Access Tree 21
4.2 BASIC CONSTRUCTION 21
4.2.1 System Setup 22
4.2.2 Secret Key Generation (MK,A) 22
4.2.3 Encrypt (M,PK,Å) 23
4.2.4 Decrypt (CT'',SKey'') 24
4.3 EFFICIENT REVOCATION 26
4.3.1 Lazy Re-encryption 26
4.3.2 Re-encryption Key Generation 28
4.3.3 CipherText Re-encryption 29
4.3.4 SecretKey Re-encryption 29
4.3.5 Stateless Lazy Re-encryption 30
4.4 PRIVACY PRESERVING TOWARD PROXY SERVER 37
4.4.1 Randomization Process 38
4.4.2 Oblivious Transfer 38
Chapter 5 PERFORMANCE EVALUATION 42
Chapter 6 SECURITY 48
Chapter 7 CONCLSION AND FUTURE WORK 50
REFERENCE 51

[1] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-policy attribute based encryption," in Security and Privacy, 2007. SP ''07. IEEE Symposium on, 2007, pp. 321–334.
[2] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, "Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption," IEEE Transactions on Parallel and Distributed Systems, vol. 24, pp. 131–143, Jan. 2013.
[3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in Proceedings of the 13th ACM conference on Computer and communications security, 2006, pp. 213–229.
[4] S. Yu, C. Wang, and K. Ren, "Achieving secure, scalable, and fine-grained data access control in cloud computing," in Infocom, 2010 proceedings IEEE, 2010, pp. 1–9.
[5] D. Boneh and M. Franklin, "Identity-based encryption from the weil pairing," in Advances in Cryptology — CRYPTO 2001, 2001, pp. 213–229.
[6] A. Sahai and B. Waters, "Fuzzy identity-based encryption," in Advances in Cryptology — EUROCRYPT 2005, 2005, pp. 457–473.
[7] T. Jung, X. Li, and Z. Wan, "Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption," IEEE Transactions on Information Forensics and Security, vol. 10, pp. 190–199, Jan. 2015.
[8] S. Ruj, M. Stojmenovic, Milos Stojmenovic, and A. Nayak, "Privacy preserving access control with authentication for securing data in clouds," in Cluster, Cloud and Grid Computing (CCGrid), 2012 12th IEEE/ACM International Symposium on, 2012, pp. 556–563.
[9] X. Liang, R. Lu, X. Lin, and X. Shen, "Ciphertext policy attribute based encryption with efficient revocation," Technical Report, University of Waterloo, 2010.
[10] M. Blaze, G. Bleumer, and M. Strauss, "Divertible protocols and atomic proxy cryptography," in Advances in Cryptology — EUROCRYPT''98, 1998, pp. 127–144.
[11] S. Yu, C. Wang, K. Ren, and W. Lou, "Attribute based data sharing with attribute revocation," in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010, pp. 261–270.
[12] J. Hur and D. Noh, "Attribute-based access control with efficient revocation in data outsourcing systems," IEEE Transactions on Parallel and Distributed Systems, vol. 99, pp. 1214–1221, Nov. 2011.
[13] Kallahalla, Mahesh, et al. "Plutus: Scalable Secure File Sharing on Untrusted Storage." in Proc. of FAST’03, 2003. pp. 29–42
[14] A. Beimel, "Secure schemes for secret sharing and key distribution," PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.
[15] Ciphertext-Policy Attribute-based Encryption Toolkit. [Online]. Available: http://acsc.csl.sri.com/cpabe/, accessed 2016.