Secure Access to Outsourced Data from Resource-Constrained Devices

Abstract

Resource-constrained mobile devices, such as smart phones, wearables, and IoT devices, have produced many exciting and innovative applications by leveraging the extensive data storage and processing abilities of the cloud. Cloud data is expected to be stored in encrypted form to minimise the consequences of data breaches that are becoming more and more common. Nonetheless, processing encrypted data in resource-constrained devices is expensive in many aspects due to their limitations in processing capacity, bandwidth, storage, and battery power. Therefore, designing secure cloud data access mechanisms that are light-weight and can provide fine-grained read and write access for these devices is a very challenging problem. In this thesis we present the design of a novel architecture for performing secure read and write operations on outsourced data encrypted with Ciphertext-Policy Attribute-based Encryption (CP-ABE) from clients using resourceconstrained devices. We make three contributions. First, we address one of the fundamental shortcomings of CPABE schemes of not being able to maintain the data owner control during the write operation. We design and implement a light-weight cloud data access mechanism that ensures data owner control and supports small-scale data collaboration where users access cloud data through smart phones. Second, we propose a robust read/write access mechanism for cloud data for large-scale scenarios where multiple attribute authorities authenticate users' attributes and generate decryption keys, and users from various domains access the outsourced data. Finally, we propose an outsourced data access mechanism for power-constrained devices, such as wearables and IoT devices, in a multi-authority and multiple domain setting that overcomes the shortcoming of CP-ABE not being able to ensure the confidentiality of access policies from all unauthorised entities. For all three contributions, we conduct detailed analysis to ensure that the required security properties are satisfied. We implement all protocols and thoroughly analyse their performance. Our results indicate that the proposed protocols can be implemented without imposing significant processing, communications, and energy overheads on the resource-constrained devices.