LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi-Doktora

Bu koleksiyon için kalıcı URI

http://hdl.handle.net/11527/19197

Gözat

Konu "erişim kontrolü" ile LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi-Doktora'a göz atma
  • Öge
    A hierarchical key assignment scheme for access control in cloud computing
    (Graduate School, 2022-06-10) Çeliktaş, Barış ; Özdemir, Enver ; 707182002 ; Cyber Security Engineering and Cryptography
    Today, organizations no longer have to spend huge amounts of money on physical servers, related information technologies infrastructures such as server rooms or data centers because large initial capital expenditure and operational expenditures are significantly reduced due to relatively new method called cloud computing. In addition, administrative challenges include establishing well-designed disaster recovery and business continuity plans, building fault-tolerant and scalable systems, full-time availability, and greater collaboration with stakeholders needed by organizations. These all lead companies to outsource the services such as storage systems, large-scale computations and hosting. Among cloud deployment models, the public cloud is currently the most preferred by companies due to its cost-effectiveness, although it raises many concerns, especially for military, health, and banking organizations, where confidentiality and privacy are crucial. The main concerns of these organizations, which operate in a hierarchical manner, are confidentiality, privacy, availability, integrity, reliability, data lock-in, and regulatory compliance. Besides the above-mentioned concerns, the integration of data access control policy to any cloud deployment models by the data owner is also a challenging topic in the research community. In this thesis, we will focus on finding a solution to confidentiality and privacy concerns. The first solution that comes to mind for the focused concerns should be found in cryptography tools. It is very crucial to follow a secure key management policy by organizations to ensure the confidentiality of sensitive data using encryption. What motivates us to conduct this research is to introduce a secure, flexible, hierarchical, and practical key access control mechanism that eliminates or minimizes confidentiality and privacy concerns in the transition to the cloud for hierarchical organizations utilizing sensitive data. In this context, we will present two different hierarchical access control schemes to be used in the secure adoption of the public cloud for hierarchical organizational structures and demonstrate that the use of these schemes provides a flexible, efficient, and secure hierarchical key access control mechanism for the entirety of hierarchy. Note that these schemes can also be used for organizations that do not consume cloud services to manage their internal key management and access controls. The first proposed scheme is based on an inner product space and orthogonal projection method, whereas the second is based on Shamir's secret sharing algorithm and polynomial interpolation method. These are also different in approach. The first one adopts a top-down approach where a user of any security level can access the key/data of the same and/or lower security level by default, while the second one needs the approval of the users at the same and/or higher security level to access the key/data, in other words, it adopts a bottom-up approach. The first scheme is based on an inner product space and can be utilized in any cloud delivery model where the data owner implements a hierarchical access control policy. While distributing a basis for each class by the data owner, a left-to-right and bottom-up policy can ensure much more flexibility and efficiency, especially during any change in the structure. For each class, the secret keys can be derived only when a predetermined subspace is available. This scheme is resistant to collusion/collaboration attacks and privilege creep problems, as well as provides key recovery and key indistinguishability security. The performance analysis also shows us that the data storage overhead is much more tolerable than other schemes in the literature. In addition, the other advantage is that it requires only one operation to derive the secret key of child classes securely and efficiently. In other words, these experimental results satisfy all of the desired performance and security requirements. The second scheme is based on Shamir's secret sharing algorithm and polynomial interpolation method. We provide a secure method for each user of this entity to access the public cloud from both inside and outside the company's network. The scheme offers a secure, flexible, and hierarchical key access mechanism for organizations utilizing sensitive data. It also minimizes concerns about moving sensitive data to the public cloud and ensures that only users with sufficient approvals from the same or higher privileged users can access the data by making use of the topological ordering of a directed graph, including self-loop. Our policy in this scheme is to obtain permission approval for bottom-up access. Main overheads such as public and private storage needs are reduced to a tolerable level, and the key derivation is cost-effective. From a security perspective, this scheme is both resistant to collusion/collaboration attacks and provides key indistinguishability security. Since the key does not need to be kept anywhere, the key disclosure risk is also eliminated. In summary, in this thesis, to take full advantage of these different approaches, the data owner can choose the best one that is suitable for the security policy and hierarchical structure of the organization. If required, the data owner can also design an infrastructure that is a mixture of these two approaches.
  • Öge
    A hierarchical key assignment scheme: A unified approach for scalability and efficiency, with a specialized implementation in cloud computing
    (Graduate School, 2024-07-16) Çelikbilek, İbrahim ; Özdemir, Enver ; 707202005 ; Cybersecurity Engineering and Cryptography
    Access control is a fundamental component of information security management, defined as the process of selectively restricting access to resources. This process includes policies and protocols that determine who can access various system resources, under what conditions, and when. It primarily aims to protect data integrity and confidentiality. The proper configuration and implementation of access control systems are crucial, especially for organizations that handle critical and sensitive data. Access methods prevent unauthorized access, thereby protecting sensitive data within the organization from disclosure, alteration, or destruction. Configuring and managing access control processes require the establishment of systems that control and monitor access to resources. These systems operate within the framework of predefined dynamic or static rules and policies. The primary goal is to ensure that only authorized users can access target resources and perform specific actions. Various access models have been developed to effectively implement access controls. These models, which regulate access to system resources, include mandatory, discretionary, role-based, rule-based, attribute-based, and identity-based access methods. Each model aims to provide solutions that meet the requirements of the access environment and comply with institutional or organizational policies. In cases where these models alone are insufficient, particularly in environments with resources and users that have different security and clearance levels, the use of multilevel access control models like Bell-LaPadula may be necessary. These and similar models can typically be configured to the needs of the access environment by combining multiple simple access models and making various additions and modifications. If the users and/or resources in an access environment have a hierarchical structure, and access to resources is granted hierarchically, this type of control is called hierarchical access control. Such access environments require various access tools and policies, along with multilevel access control models, to make access secure, hierarchical, and effective. Hierarchical key assignment schemes are one of the most crucial components within the information security management systems of organizations that handle sensitive data. As an application of hierarchical access control, these schemes ensure hierarchical and secure access to secret cryptographic keys for users at various clearance levels. In hierarchical key assignment schemes, users within the access environment are divided into different classes (groups) that form a hierarchical structure, and a unique secret cryptographic key is assigned to each class. The hierarchical structure based on these classes forms a partially ordered set, which is often represented by an access graph. Typically, these structures define public/private key components for the scheme itself, and for the classes and/or edges within the access graph. In an access graph, a user in a class at a higher security (classification) level can derive the secret key of their own class, and also the secret keys of all descendant classes, using a combination of their own class's secret key and the public/private key components of descendant classes, scheme and/or edges. These schemes serve as a crucial component of cryptographic key management systems in various critical domains today. Among these domains are cloud computing, organizational data access, healthcare systems, multilevel databases, the Internet of Things, drone swarm coordination, and the protection of customer information in the finance sector. Particularly in cloud computing environments, the presence of different user roles and access levels necessitates hierarchical and multi-layered access to system resources.