City Research Online City, University of London Institutional Repository Citation: Li, F. (2015). Context-Aware Attribute-Based Techniques for Data Security and Access Control in Mobile Cloud Environment. (Unpublished Doctoral thesis, City University London) This is the accepted version of the paper. This version of the publication may differ from the final published version. Permanent repository link: https://openaccess.city.ac.uk/id/eprint/11891/ Link to published version: Copyright: City Research Online aims to make research outputs of City, University of London available to a wider audience. Copyright and Moral Rights remain with the author(s) and/or copyright holders. URLs from City Research Online may be freely distributed and linked to. Reuse: Copies of full items can be used for personal research or study, educational, or not-for-profit purposes without prior permission or charge. Provided that the authors, title and full bibliographic details are credited, a hyperlink and/or URL is given for the original metadata page and the content is not changed in any way. City Research Online: http://openaccess.city.ac.uk/ [email protected] Context-Aware Attribute-Based Techniques for Data Security and Access Control in Mobile Cloud Environment A Thesis Submitted to City University London, School of Engineering and Mathematical Sciences In Fulfillment of the Requirements for the Degree Doctor of Philosophy in Information Engineering By FEI LI April, 2015 Table of Contents List of Figures………………………………………………………………………………………………….....V List of Tables……………………………………………………………………………………………………VIII Acknowledgements…………………………………………………………………………………………...IX Declaration…………………………………………………………………………………………………………X Abstract……………………………………………………………………………………………………………..XI Notation and Abbreviation……………………………………………………………………………….XII Publications…………………………………………………………………………………………………..…XVI 1 Introduction ............................................................................................................................. 1 1.1 Motivation ................................................................................................................. 2 1.1.1 Problems with the Current Technologies .............................................................. 4 1.2 Contributions of the Thesis ....................................................................................... 7 1.3 Outline of the Thesis ................................................................................................. 9 2 Identity, Privacy, and Security in Mobile Cloud Environment ............................................... 12 2.1 Mobile Cloud Computing ......................................................................................... 13 2.1.1 Concept of Mobile Cloud Computing .................................................................. 13 2.1.2 Advantages of Mobile Cloud Computing ............................................................. 19 2.1.3 Issues of Mobile Cloud Computing ...................................................................... 21 2.2 Case Study ............................................................................................................... 24 2.2.1 Existing Data Protection Laws ............................................................................. 27 2.3 Security Concepts, Technologies and Mechanisms ................................................. 30 2.3.1 Security Technologies and Mechanisms .............................................................. 31 2.3.2 Protocols and Standards ...................................................................................... 36 2.4 Summary.................................................................................................................. 39 3 Identity Management Systems .............................................................................................. 41 I 3.1 Single-Sign-On (SSO) and Federation....................................................................... 42 3.2 Microsoft .NET Passport: ......................................................................................... 43 3.3 The Liberty Alliance(Kantara) .................................................................................. 46 3.4 OpenID ..................................................................................................................... 48 3.5 Higgins ..................................................................................................................... 51 3.6 OAuth ...................................................................................................................... 53 3.7 Comparison and Literature Review ......................................................................... 55 3.8 Conclusion ............................................................................................................... 61 4 Access Control Technologies ................................................................................................. 62 4.1 Access Control Models ............................................................................................ 63 4.1.1 Discretionary Access Control ............................................................................... 64 4.1.2 Mandatory Access Control .................................................................................. 66 4.1.3 Role-Based Access Control .................................................................................. 68 4.1.4 Attribute Based Access Control ........................................................................... 71 4.2 Privacy-Preserving Languages ................................................................................. 74 4.2.1 The Platform for Privacy Preferences .................................................................. 75 4.2.2 Enterprise Privacy Authorization Language ......................................................... 76 4.2.3 Extensible Access Control Markup Language ...................................................... 76 4.3 Attribute Based Encryption ..................................................................................... 83 4.3.1 Key-Policy Attribute-Based Encryption ................................................................ 86 4.3.2 Ciphertext-Policy Attribute-Based Encryption ..................................................... 87 4.3.3 Multi-Authority Attribute-Based Encryption ....................................................... 89 4.3.4 Challenges ........................................................................................................... 95 4.4 Conclusion ............................................................................................................... 97 5 User-Centric Attribute-Based Access Control Model Using XACML ...................................... 99 5.1 Architecture of Policy-Based User-Centric Approach ............................................ 100 5.1.1 System Initialization ........................................................................................... 104 5.1.2 Design of the Model .......................................................................................... 105 5.2 Policy Evaluation Component (PEC) ...................................................................... 110 5.3 Security Evaluation ................................................................................................ 115 5.3.1 Protocols on Authentication .............................................................................. 115 II 5.3.2 Security Analysis ................................................................................................ 117 5.3.3 User-Centric Approach ...................................................................................... 122 5.3.4 Use Case Study .................................................................................................. 123 5.4 Proof of Concept .................................................................................................... 125 5.4.1 Protocol Verification .......................................................................................... 125 5.4.2 Implementation and Tests ................................................................................. 130 5.4.3 Sample Screenshots of the Client Application................................................... 131 5.4.4 Possible Extension ............................................................................................. 136 5.4.5 XACML Message Standard ................................................................................. 136 5.5 Discussion .............................................................................................................. 137 5.6 Conclusion ............................................................................................................. 139 6 Context-Aware Attribute-Based Encryption Schemes ......................................................... 140 6.1 Introduction ........................................................................................................... 140 6.2 Context-Aware Single Authority Attribute-Based Encryption Scheme .................. 143 6.2.1 Preliminaries ...................................................................................................... 144 6.2.2 Construction ...................................................................................................... 146 6.3 Context-Aware Multi-Authority Attribute-Based Encryption Scheme