Theses and Dissertations

Permanent URI for this collectionhttp://ir.daiict.ac.in/handle/123456789/1

Browse

Filters

2005 - 200922010 - 20181

Settings

Subject: search.filters.subject.Data security

Search Results

Now showing 1 - 3 of 3
  • Thumbnail Image
    ItemOpen Access
    Design and analysis of schemes for privacy preserving cloud storage services
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2018) Chaudhari, Payal; Das, Manik Lal
    Public cloud storage services have become the leading choice for individuals and organizations to store their data, as the service provides the benefits of availability and reliability together at a reduced cost. While storing data in public cloud storage server, preserving data security and privacy have become a prime concern. For providing data security on public cloud storage it is required to preserve the confidentiality of data and to enforce the data access policies. Before uploading the data to public cloud storage, data can be encrypted and assured that only authorized users access the data with a valid decryption key. The enforcement of fine-grained access control policies on encrypted data prevents the unauthorized disclosure of sensitive data among multiple users. On one hand the fine-grained access control policy helps to achieve the authorized access control on data, while on other hand, the access policy discloses the target recipient of the ciphertext. The receiver information for a ciphertext helps an adversary to gain the information about the underlying data. Therefore, it is essential to hide the receiver information for preserving the data security. Attribute Based Encryption (ABE) is a well-known cryptographic primitive that provides both the confidentiality and fine-grained access control together. In ABE, each data user is identified with a set of attribute values. Each data file has an access policy defined by its owner in terms of the attributes. A user can decrypt the document, only if the threshold number of attributes are matched between the access policy and user's attribute list. The customized version of ABE which hides the access policy within ciphertext is known as Anonymous Attribute Based Encryption (AABE).We have worked on AABE for designing and analyzing some schemes for achieving users anonymity in retrieving results from stored data in public cloud storage. The other research challenges for preserving public cloud data storage security include searching over encrypted data, authentication of data, secure data sharing etc. We have formulated five new AABE schemes which enhances the data storage security in public cloud. The common objective of all our proposed schemes is to maintain data confidentiality and preserve the receive anonymity. The proposed first three schemes facilitate searching over ABE data with hidden access policy. The first scheme "Data Owner based Searchable Encryption (DOSE)" provides searching using data owner's identity. The scheme enables a cloud server to perform the search operation with look-up approach and do not require any mathematical operations on cloud server side. The other two schemes provide keyword based search over attribute based encrypted data with hidden access policy. One of those schemes is "Receiver Anonymous Searchable Encryption (RASE)", which provides an efficient keyword based searching over attribute based encrypted data with receiver anonymity. It enables a user to selectively retrieve a subset of data from the vast amount of encrypted data stored on the cloud. The search operation of RASE scheme is performance efficient when compared with the existing schemes because for any ABE schemes, the number of pairing operations has a high impact on the operational time complexity. Irrespective of the number of attributes, the search operation in RASE requires a limited and constant number of pairing operations. The RASE scheme is built using the multi-linear pairing. The security of RASE has been proved secure against chosen keyword attack. The RASE scheme is applicable in a scenario, where the data owner has to include only one value per attribute in the access policy. The scheme does not allow the data owner to place multiple values per attribute to be included in the access policy. In our next scheme for searchable ABE, we have addressed this issue and proposed a "Privacy preserving Searchable Encryption (PSE)" scheme, that enables the data owner to place multiple values of an attribute in the access policy. For the PSE scheme we have also customized the system model and make it secure against the file injection attacks. The PSE scheme is also proven secure against chosen keyword attack. The searchable encryption schemes facilitate to retrieve the subset from encrypted document collection. However, after retrieval it is required that the user should be able to decrypt the retrieved documents with minimum computation overhead and verify the authenticity of the data. With this motive, we have proposed "Privacy preserving Attribute based Signcryption (PASC)" scheme. Th PASC scheme achieves the cost-efficient decryption operation when compared with that of existing AABE schemes. In addition to cost-effective decryption operation, it also allows the verification of data owner's attributes and unique identity. Unlike the existing ABSC schemes, the scheme supports data owner traceability with sender privacy. The sender privacy is referred to the point that only an authorized receiver is able to identify the data owner who has signed and uploaded the document. The PASC scheme supports data confidentiality, receiver anonymity, message authentication and fine-grained access control altogether. The scheme has been proven secure against adaptively chosen ciphertext attack. The cost-effective unsigncryption operation makes the scheme PASC a better choice for users who wants to download the searched documents and decrypt them. However, there are certain real-life cases where a user instead of downloading and decrypting the documents, wants to forward them to other user for the purpose of sharing the data. To address this requirement of sharing the encrypted data, we have designed a scheme that is an "Proxy ReEncryption for Anonymous Attribute Based Encrypted data (PRE-AABE)". In traditional proxy reencryption scheme a semi-trusted proxy such as the cloud server converts a data encrypted for Alice into the data for Bob without learning the plaintext contents. Our proposed scheme on attribute based proxy reencryption allows the alteration of ciphertext access policy which is hidden inside the ciphertext. The reencryption task in our scheme does not allow the cloud server to learn about the access policy or the plaintext contents concealed in the ciphertext. The scheme imposes minimal decryption overhead on user side. The scheme also facilitates a delegator to put the reencryption control on the ciphertext, so that the further sharing of data can be controlled. The scheme has been proven secure against chosen plaintext attack. We have experimented the proposed schemes using the pbc cryptography library. The experimental setup for the proposed schemes on end user side used Intel - i5 processor with 3 GB RAM and the cloud side operations were run on a Google compute engine. We have shown the performance analysis of all proposed schemes and compared the results with related schemes.
  • Thumbnail Image
    ItemOpen Access
    Contributions to parasitic computing
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2005) Jain, Rajul; Mathuria, Anish M.
    Internet is a huge connection of networks. To ensure reliable communication on the Internet a layered architecture is used, with various protocols functional at each layer. The way these protocols are used on the Internet, it is possible to exploit them to do computations covertly. This kind of computing is known as Parasitic Computing. Parasitic computing is a kind of covert exploitation in which the parasite hides the computation in standard communication protocol and sends it to target(s), who unwillingly produce the output of the hidden computation as part of the communication session. We show that Internet checksum based parasitic computing can be used to solve three well-known problems, Discrete Fourier Transform, Matrix multiplication and Pattern matching. We describe how CRC checksum can be used to do primality testing using parasitic computing. A more efficient implementation of Internet checksum based parasitic computing is proposed and simulated. A comparison based on false negatives with the existing implementation is given. Results show that the proposed scheme performs better in terms of the selected parameter of false negatives. However, there is additional communication overhead associated with it. Parasitic computing can be applied in the field of security protocols. A novel sorting algorithm, Ker-sort is devised by exploiting ticket lifetimes in Kerberos and tested on Kerberos version 5.0. Run time analysis of the algorithm is given, and a comparison with existing distributed sorting algorithms is also presented. Brute-force cryptanalysis involves doing an exhaustive search in the key space. Using parasitic computing the parasite can offload the encryption or decryption operations involved in doing exhaustive search to the target(s). A theoretical cryptanalysis of SKIP and IP authentication header protocols using distributed exhaustive search is proposed.
  • Thumbnail Image
    ItemOpen Access
    Hybrid approach to digital image watermarking using singular value decomposition and spread spectrum
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2005) Bhandari, Kunal; Jadhav, Ashish
    We have seen an explosive growth in digitization of multimedia (image, audio and video) content and data exchange in the Internet. Consequently, digital data owners are able to massively transfer multimedia documents across the Internet. This leads to wide interest in security and copyright protection of multimedia documents. Watermarking technology has evolved during the last few years to ensure the authenticity of multimedia content. We compare the widely used spread spectrum technique with the newly evolved technique based on Singular Value Decomposition (SVD) for watermarking digital images. The techniques are tested for a variety of attacks and the simulation results show that the watermarks generated by both the techniques have complimentary robustness properties. We propose a new hybrid technique for watermarking digital images, combining both paradigms, which is capable of surviving an extremely wide range of attacks. Our technique first embeds a watermark in an image using spread spectrum concepts and then to increase the robustness, another SVD based watermark is added such that they do not interfere with each other. Our technique is robust against a wide range of distortions like filtering, noise adding, lossy compression, print & rescan and non-linear deformations of the signal such as, histogram manipulation, dithering and gamma correction. The watermark added by our technique is perceptually invisible. The effectiveness of this technique is demonstrated against a variety of standard image processing attacks.