Li, F. (2015). Context-Aware Attribute-Based Techniques for Data Security and Access Control in Mobile Cloud Environment. (Unpublished Doctoral thesis, City University London) City Research Online Original citation: Li, F. (2015). Context-Aware Attribute-Based Techniques for Data Security and Access Control in Mobile Cloud Environment. (Unpublished Doctoral thesis, City University London) Permanent City Research Online URL: http://openaccess.city.ac.uk/11891/ Copyright & reuse City University London has developed City Research Online so that its users may access the research outputs of City University London's staff. Copyright © and Moral Rights for this paper are retained by the individual author(s) and/ or other copyright holders. All material in City Research Online is checked for eligibility for copyright before being made available in the live archive. URLs from City Research Online may be freely distributed and linked to from other web pages. Versions of research The version in City Research Online may differ from the final published version. Users are advised to check the Permanent City Research Online URL above for the status of the paper. Enquiries If you have any enquiries about any aspect of City Research Online, or if you wish to make contact with the author(s) of this paper, please email the team at [email protected]. Context-Aware Attribute-Based Techniques for Data Security and Access Control in Mobile Cloud Environment A Thesis Submitted to City University London, School of Engineering and Mathematical Sciences In Fulfillment of the Requirements for the Degree Doctor of Philosophy in Information Engineering By FEI LI April, 2015 Table of Contents List of Figures………………………………………………………………………………………………….....V List of Tables……………………………………………………………………………………………………VIII Akoledgeets…………………………………………………………………………………………...IX Delaratio…………………………………………………………………………………………………………X Astrat……………………………………………………………………………………………………………..XI Notatio ad Areiatio……………………………………………………………………………….XII Puliatios…………………………………………………………………………………………………..…XVI 1 Introduction ............................................................................................................................. 1 1.1 Motivation ................................................................................................................. 2 1.1.1 Problems with the Current Technologies .............................................................. 4 1.2 Contributions of the Thesis ....................................................................................... 7 1.3 Outline of the Thesis ................................................................................................. 9 2 Identity, Privacy, and Security in Mobile Cloud Environment ............................................... 12 2.1 Mobile Cloud Computing ......................................................................................... 13 2.1.1 Concept of Mobile Cloud Computing .................................................................. 13 2.1.2 Advantages of Mobile Cloud Computing ............................................................. 19 2.1.3 Issues of Mobile Cloud Computing ...................................................................... 21 2.2 Case Study ............................................................................................................... 24 2.2.1 Existing Data Protection Laws ............................................................................. 27 2.3 Security Concepts, Technologies and Mechanisms ................................................. 30 2.3.1 Security Technologies and Mechanisms .............................................................. 31 2.3.2 Protocols and Standards ...................................................................................... 36 2.4 Summary.................................................................................................................. 39 3 Identity Management Systems .............................................................................................. 41 I 3.1 Single-Sign-On (SSO) and Federation....................................................................... 42 3.2 Microsoft .NET Passport: ......................................................................................... 43 3.3 The Liberty Alliance(Kantara) .................................................................................. 46 3.4 OpenID ..................................................................................................................... 48 3.5 Higgins ..................................................................................................................... 51 3.6 OAuth ...................................................................................................................... 53 3.7 Comparison and Literature Review ......................................................................... 55 3.8 Conclusion ............................................................................................................... 61 4 Access Control Technologies ................................................................................................. 62 4.1 Access Control Models ............................................................................................ 63 4.1.1 Discretionary Access Control ............................................................................... 64 4.1.2 Mandatory Access Control .................................................................................. 66 4.1.3 Role-Based Access Control .................................................................................. 68 4.1.4 Attribute Based Access Control ........................................................................... 71 4.2 Privacy-Preserving Languages ................................................................................. 74 4.2.1 The Platform for Privacy Preferences .................................................................. 75 4.2.2 Enterprise Privacy Authorization Language ......................................................... 76 4.2.3 Extensible Access Control Markup Language ...................................................... 76 4.3 Attribute Based Encryption ..................................................................................... 83 4.3.1 Key-Policy Attribute-Based Encryption ................................................................ 86 4.3.2 Ciphertext-Policy Attribute-Based Encryption ..................................................... 87 4.3.3 Multi-Authority Attribute-Based Encryption ....................................................... 89 4.3.4 Challenges ........................................................................................................... 95 4.4 Conclusion ............................................................................................................... 97 5 User-Centric Attribute-Based Access Control Model Using XACML ...................................... 99 5.1 Architecture of Policy-Based User-Centric Approach ............................................ 100 5.1.1 System Initialization ........................................................................................... 104 5.1.2 Design of the Model .......................................................................................... 105 5.2 Policy Evaluation Component (PEC) ...................................................................... 110 5.3 Security Evaluation ................................................................................................ 115 5.3.1 Protocols on Authentication .............................................................................. 115 II 5.3.2 Security Analysis ................................................................................................ 117 5.3.3 User-Centric Approach ...................................................................................... 122 5.3.4 Use Case Study .................................................................................................. 123 5.4 Proof of Concept .................................................................................................... 125 5.4.1 Protocol Verification .......................................................................................... 125 5.4.2 Implementation and Tests ................................................................................. 130 5.4.3 Sample Screenshots of the Client Application................................................... 131 5.4.4 Possible Extension ............................................................................................. 136 5.4.5 XACML Message Standard ................................................................................. 136 5.5 Discussion .............................................................................................................. 137 5.6 Conclusion ............................................................................................................. 139 6 Context-Aware Attribute-Based Encryption Schemes ......................................................... 140 6.1 Introduction ........................................................................................................... 140 6.2 Context-Aware Single Authority Attribute-Based Encryption Scheme .................. 143 6.2.1 Preliminaries ...................................................................................................... 144 6.2.2 Construction