Abstract
Resource-constrained mobile devices, such as smart phones, wearables, and IoT devices, have produced many
exciting and innovative applications by leveraging the extensive data storage and processing abilities of the cloud.
Cloud data is expected to be stored in encrypted form to minimise the consequences of data breaches that are
becoming more and more common. Nonetheless, processing encrypted data in resource-constrained devices is
expensive in many aspects due to their limitations in processing capacity, bandwidth, storage, and battery power.
Therefore, designing secure cloud data access mechanisms that are light-weight and can provide fine-grained read
and write access for these devices is a very challenging problem.
In this thesis we present the design of a novel architecture for performing secure read and write operations on
outsourced data encrypted with Ciphertext-Policy Attribute-based Encryption (CP-ABE) from clients using resourceconstrained
devices. We make three contributions. First, we address one of the fundamental shortcomings of CPABE
schemes of not being able to maintain the data owner control during the write operation. We design and
implement a light-weight cloud data access mechanism that ensures data owner control and supports small-scale
data collaboration where users access cloud data through smart phones. Second, we propose a robust read/write
access mechanism for cloud data for large-scale scenarios where multiple attribute authorities authenticate users'
attributes and generate decryption keys, and users from various domains access the outsourced data. Finally, we
propose an outsourced data access mechanism for power-constrained devices, such as wearables and IoT devices,
in a multi-authority and multiple domain setting that overcomes the shortcoming of CP-ABE not being able to ensure
the confidentiality of access policies from all unauthorised entities.
For all three contributions, we conduct detailed analysis to ensure that the required security properties are satisfied.
We implement all protocols and thoroughly analyse their performance. Our results indicate that the proposed
protocols can be implemented without imposing significant processing, communications, and energy overheads on
the resource-constrained devices.