Delegated Access Control using Attribute-Based Encryption (ABE)

Abstract

Delegated Access Control using Attribute-Based Encryption (ABE)Project Abstract/SummaryTo get a seamless cloud experience that doesn???t require authentication at multiple levels, users often share their Personally Identifiable Information (PII) data with service providers. The providers in turn delegate access authorization of this PII data to their internal employees and third parties who need it to provideservices to the consumers. This can result in a challenging problem: how to ensure that only people authorized by the consumers can access PII portions of user data and preventing data leakages or de-anonymization.Objective and MethodsThe objective of this research is to address the data security and privacy challenges of granting delegated authorization and access permissions to service providers based on their service attributes and context details. To achieve this goal and advance science, we will define novel access control models, develop new encryption algorithms that use those models, implement software prototypes for a variety of cloud applications, and provide a well-defined set of access control policies based on service and data attributes and context. We divide the research into three thrusts: theoretic advances, policy support, and prototype system building.ONR Research AreaThis proposal focuses on the third research area of Secure Information Management, Sharing and Interaction. Our specific focus is on developing new techniques and algorithms for secure and trusted information access in scenarios where authorization needs to be delegated to a set of providers for aseamless service without requiring multiple consumer approvals for every access. Broader Impact on Science, the Navy, and Education Cloud services are becoming more common for government agencies, including the DoD and the Navy. Securing these services against attacks on currently-stored as well as previously-stored data should be a priority. Scientifically, this research seeks to advance specific theoretic work in the proposed areas where open problems of feasibility and performance remain unanswered. This research also has broader impact on education and academic training through the support of a graduate research assistant at UMBC, and there is also a significant undergraduate focus at USNA via independent studies and the senior capstone projects. USNA also participates in STEM high school outreach this through the Navy???s Science and Engineering Apprenticeship Program (or SEAP). Finally, this research project will lead to educational output in the form of course design, at USNA, courses in computer security and cryptography will draw on topics from this grant, and at UMBC courses on cloud computing and will benefit from this project.

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 10, 2018

Source ID

N000141812453

Entities

Tags