LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi-Doktora

Bu koleksiyon için kalıcı URI

http://hdl.handle.net/11527/19197

Gözat

Son Başvurular

Şimdi gösteriliyor 1 - 2 / 2
  • Öge
    A hierarchical key assignment scheme for access control in cloud computing
    (Graduate School, 2022-06-10) Çeliktaş, Barış ; Özdemir, Enver ; 707182002 ; Cyber Security Engineering and Cryptography
    Today, organizations no longer have to spend huge amounts of money on physical servers, related information technologies infrastructures such as server rooms or data centers because large initial capital expenditure and operational expenditures are significantly reduced due to relatively new method called cloud computing. In addition, administrative challenges include establishing well-designed disaster recovery and business continuity plans, building fault-tolerant and scalable systems, full-time availability, and greater collaboration with stakeholders needed by organizations. These all lead companies to outsource the services such as storage systems, large-scale computations and hosting. Among cloud deployment models, the public cloud is currently the most preferred by companies due to its cost-effectiveness, although it raises many concerns, especially for military, health, and banking organizations, where confidentiality and privacy are crucial. The main concerns of these organizations, which operate in a hierarchical manner, are confidentiality, privacy, availability, integrity, reliability, data lock-in, and regulatory compliance. Besides the above-mentioned concerns, the integration of data access control policy to any cloud deployment models by the data owner is also a challenging topic in the research community. In this thesis, we will focus on finding a solution to confidentiality and privacy concerns. The first solution that comes to mind for the focused concerns should be found in cryptography tools. It is very crucial to follow a secure key management policy by organizations to ensure the confidentiality of sensitive data using encryption. What motivates us to conduct this research is to introduce a secure, flexible, hierarchical, and practical key access control mechanism that eliminates or minimizes confidentiality and privacy concerns in the transition to the cloud for hierarchical organizations utilizing sensitive data. In this context, we will present two different hierarchical access control schemes to be used in the secure adoption of the public cloud for hierarchical organizational structures and demonstrate that the use of these schemes provides a flexible, efficient, and secure hierarchical key access control mechanism for the entirety of hierarchy. Note that these schemes can also be used for organizations that do not consume cloud services to manage their internal key management and access controls. The first proposed scheme is based on an inner product space and orthogonal projection method, whereas the second is based on Shamir's secret sharing algorithm and polynomial interpolation method. These are also different in approach. The first one adopts a top-down approach where a user of any security level can access the key/data of the same and/or lower security level by default, while the second one needs the approval of the users at the same and/or higher security level to access the key/data, in other words, it adopts a bottom-up approach. The first scheme is based on an inner product space and can be utilized in any cloud delivery model where the data owner implements a hierarchical access control policy. While distributing a basis for each class by the data owner, a left-to-right and bottom-up policy can ensure much more flexibility and efficiency, especially during any change in the structure. For each class, the secret keys can be derived only when a predetermined subspace is available. This scheme is resistant to collusion/collaboration attacks and privilege creep problems, as well as provides key recovery and key indistinguishability security. The performance analysis also shows us that the data storage overhead is much more tolerable than other schemes in the literature. In addition, the other advantage is that it requires only one operation to derive the secret key of child classes securely and efficiently. In other words, these experimental results satisfy all of the desired performance and security requirements. The second scheme is based on Shamir's secret sharing algorithm and polynomial interpolation method. We provide a secure method for each user of this entity to access the public cloud from both inside and outside the company's network. The scheme offers a secure, flexible, and hierarchical key access mechanism for organizations utilizing sensitive data. It also minimizes concerns about moving sensitive data to the public cloud and ensures that only users with sufficient approvals from the same or higher privileged users can access the data by making use of the topological ordering of a directed graph, including self-loop. Our policy in this scheme is to obtain permission approval for bottom-up access. Main overheads such as public and private storage needs are reduced to a tolerable level, and the key derivation is cost-effective. From a security perspective, this scheme is both resistant to collusion/collaboration attacks and provides key indistinguishability security. Since the key does not need to be kept anywhere, the key disclosure risk is also eliminated. In summary, in this thesis, to take full advantage of these different approaches, the data owner can choose the best one that is suitable for the security policy and hierarchical structure of the organization. If required, the data owner can also design an infrastructure that is a mixture of these two approaches.
  • Öge
    Group authentication for next generation networks
    (Graduate School, 2022-05-12) Aydın, Yücel ; Özdemir, Enver ; Kurt Karabulut, Güneş Zeynep ; 707172003 ; Cybersecurity Engineering and Cryptography
    In this thesis, it is proposed and simulated to perform handover operations as a group to decrease time latency and the number of communication. The security aspects of the authentication and handover for drone swarms are presented in the thesis. The reason to select drone swarms is to examine the authentication in a group and to raise the use of drones everywhere in daily life. The number of drones used for military or commercial applications is getting higher every day. Border security, visual shows, and cargo delivery can be some examples of drone applications. Due to their flying time and limited coverage area, a single drone cannot perform intensive tasks. While providing mobile service via aerial base stations, some UxNBs can turn back to the control station and new drones can be sent to the area to accomplish the tasks. Due to these reasons, it is preferred to use drone swarms for intensive tasks rather than a single drone. The first security problem for the drone swarm is the authentication of the new drones sent by the drone control station join to the swarm. If it is possible to include a drone in the swarm without authentication, any intruders can impersonate a drone and send it to the swarm for various attacks. In addition to the authentication, the communication inside the swarm should be encrypted and each party should use a group key. The group key may also be shared with the new authenticated drone. The next security requirement for the drone swarm is the mutual authentication of two drone swarms to perform more intensive tasks. If the authentication solution for the UAV authentication in 5G is exploited for mutual authentication, the number of communication and scalability should be taken into consideration since each party from a different swarm should perform authentication with the UAVs from another swarm. Group authentication solutions may be used to overcome scalability and the high number of communication issues. Drone swarms also have security and latency issues for the handover operations. There are two kinds of handover operations for drone swarms. One is the handover of drone swarms from serving terrestrial base station to the new base station. The next one is the handover of UxNBs if the base station is not terrestrial but an aerial. The serving UxNB may be out of flying time and drone swarm may start to receive service from new UxNB. The lightweight group authentication scheme is applied to the authentication and handover operations for the drone swarms in the thesis. 5G UAV authentication and handover methods and group-based solutions are implemented in the simulation and the results are compared. According to the results, the group authentication solutions provide better time, and less communication for the drone swarms.