隨著雲端資料分享需求的提升以及越來越複雜的密文存取控制策略，傳統基於公鑰基礎設施 (Public Key Infrastructure) 的加密機制必須面對龐大的處理開銷和網路占用問題。近十年前被提出的屬性加密 (Attribute-Based Encryption) 成為了這難題的解決方案之一，加密者僅需根據屬性集合制定一個有效的存取公式 (Access Policy)來決定具備哪些條件的使用者可以成功解開密文，而另一個優點在於它能進行非常靈活、細微的密文存取控制 (Fine-Grained Access Control)。然而大部份的研究內容集中在屬性撤銷、多授權機構、訪問結構設計及密鑰追蹤等議題上，比較少涉及儲存空間效率問題。在本研究中，我們提出一個結合密文策略屬性加密 (CP-ABE)、收斂加密 (Convergent Encryption) 及區塊層級資料去重複技術 (Bock-Level Deduplication) 的資料共享系統，使檔案擁有者可以在不完全信任 (Semi-Trust) 的第三方雲儲存環境下，利用屬性加密的優勢進行靈活的密文資料分享和控制，同時資料庫又保有在線刪除數據冗餘的能力。以上特性讓我們提出的系統擁有良好的應用場景，而實驗結果也顯示在加解密及上傳下載上的效能上是可被接受的。

As the demand of data sharing and complex access-control policies growing, the traditional encryption mechanism, which is usually established on Public Key Infrastructure, has to face with the huge processing overhead and network bandwidth occupying. However, the Attribute-Based Encryption schemes proposed in last decade become a potential solution for above-mentioned issues. The senders only need to encrypt the message depending on an expressive access policy, then only the receivers whose attributes satisfying the policy can successfully decrypt. Most of studies focus on revocation mechanism, multi-authority, access structure design and traceability, however, few of them involved the storage efficiency problem. In this thesis, we design a new cloud storage system that combines ciphertext-policy ABE with convergent encryption and block-level data deduplication technique. The proposed scheme, which can be deployed in a third-party semi-trust environment, supports flexible, fine-grained access control over encrypted data and allowing database in-line eliminating the redundancies to save storage space at the same time. The experiment results show that the computational overheads are acceptable and verify that our proposed scheme can be applied to actual scenarios with good prospect.

[1] Barth, D., “Google Cloud Storage now provides server-side encryption”, Retrieved 2016/05/26 from https://cloudplatform.googleblog.com/2013/08/google-cloud-storage-now-provides.html
[2] Dropbox, “Your stuff is safe with Dropbox”, Retrieved 2016/05/28 from https://www.dropbox.com/security
[3] Boxcryptor, Retrieved 2016/05/23 from https://www.boxcryptor.com/
[4] Covington & Burling, “Data Privacy in China 2015 Year in Review”, (2016), https://www.cov.com/-/media/files/corporate/publications/2016/01/data_privacy_in_china_2015_year_in_review.pdf
[5] Fu, K., “Group Sharing and Random Access in Cryptographic Storage File Systems, Massachusetts Institute of Technology”, Master’s thesis, Massachusetts Institute of Technology, (1999)
[6] Harrington, A., & Jensen, C., “Cryptographic Access Control in a Distributed File System”, The 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, (2003)
[7] Liu, Z., & Wong, D.S., “Practical Attribute-Based Encryption: Traitor Tracing, Revocation, and Large Universe”, The Computer Journal, Vol. 59, Iss. 7, pp. 983-1004, (2016)
[8] Raji, F., Miri, A., & Jazi, M.D., “CP2: Cryptographic privacy protection framework for online social networks”, Journal of Computers and Electrical Engineering, Vol. 39, Iss. 7, pp. 2282-2298, (2013)
[9] Biggar, H., “Experiencing Data De-Duplication: Improving Efficiency and Reducing Capacity Requirements”, White Paper: The Enterprise Strategy Group, (2007)
[10] Kathleen Gay Figueroa, Susan Pancho-Festin, "An Access Control Framework for Semi-trusted Storage Using Attribute-Based Encryption with Short Ciphertext and Mediated Revocation", International Symposium on Computing and Networking, Shizuoka, Japan, (2014)
[11] Wikipedia, “iCloud leaks of celebrity photos”, Retrieved 2016/05/29 from https://en.wikipedia.org/wiki/ICloud_leaks_of_celebrity_photos
[12] Ostrovsky, R., Sahai, A., & Waters, B., "Attribute-Based Encryption with Non-Monotonic Access Structures", The 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, (2007)
[13] V. Goyal, O. Pandey, A. Sahai, & B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data”, The 13th ACM conference on Computer and Communications Security, Alexandria, VA, USA, (2006)
[14] Garg, S., Kumarasubramanian, A., Sahai, A., & Waters, B., “Building Efficient Fully Collusion-Resilient Traitor Tracing and Revocation Schemes”, The 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA, (2010)
[15] Boyen, X., “Attribute-Based Functional Encryption on Lattices”, 10th Theory of Cryptography Conference, Tokyo, Japan, (2013)
[16] National Institute of Standards and Technology, “Archived NIST Technical Series Publication 800-57 Part 1 : Recommendation for Key Management”, (2012)
[17] Beimel, A., “Secure Schemes for Secret Sharing and Key Distribution”, PhD’s thesis, Technion - Israel Institute of Technology, (1996)
[18] Lewko, A., Waters, B., “Decentralizing Attribute-Based Encryption”, 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, (2010)
[19] Liu, Z., Cao, Z. & Wong, D., “Efficient Generation of Linear Secret Sharing Scheme Matrices from Threshold Access Trees”, Cryptology ePrint Archive: Report 2010/374 (IACR), (2010)
[20] Shamir, A., & Waters, B., “Fuzzy Identity-Based Encryption”, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, (2005)
[21] Bethencourt, J., Sahai, A., & Waters, B. “Ciphertext-Policy Attribute-Based Encryption”, The 2007 IEEE Symposium on Security and Privacy, Washington, DC, USA, (2007)
[22] Chase, M., “Multi-Authority Attribute-Based Encryption”, The 4th Conference on Theory of Cryptography, Berlin, Heidelberg, (2007)
[23] Goyal, V., Jain, A., Pandey, O., & Sahai, A., “Bounded Ciphertext-Policy Attribute-Based Encryption”, The 35th international colloquium on Automata, Languages and Programming, Reykjavik, Iceland, (2008)
[24] Han, Y., Jiang, D., & Yang, X., “The Revocable Attribute based Encryption Scheme for Social Networks”, International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec), Hangzhou, China, (2015)
[25] Boldyreva, A., Goyal, V., & Kumar, V., “Identity-based Encryption with Efficient Revocation”, The 15th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, (2008)
[26] Attrapadung, N., & Imai, H, “Conjuncative Broadcast and Attributed-Based Encryption”, The 3rd International Conference Palo Alto on Pairing-Based Cryptography, Palo Alto, CA, USA, (2009)
[27] Liu, Z., Cao, Z., & Wong, D., “Blackbox Traceable CP-ABE: How to Catch People Leaking Their Keys by Selling Decryption Devices on eBay”, The 2013 ACM SIGSAC conference on Computer & Communications Security, Berlin, Germany, (2013)
[28] Waters, B., “Ciphertext-Policy Attribute-Based Encryption An expressive, Efficient, and Provably Secure Realization”, The 14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, (2011)
[29] Okamoto, T., & Takashima, K., “Fully Secure Unbounded Inner-Product and Attribute-Based Encryption”, The 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, (2012)
[30] Rouselakis, Y., & Waters, B., “Practical Constructions and New Proof Methods for Large Universe Attribute-based Encryption”, The 20th ACM Conference on Computer and Communications Security, Berlin, Germany, (2013)
[31] Liu, Z., Cao Z., & Wong, D.S., “Traceable CP-ABE How to Trace Decryption Devices Found in the Wild”, IEEE Transactions on Information Forensics and Security, Vol. 10, Iss. 1, pp. 55-68, (2015)
[32] Fu, Y., Jiang, H., Xiao, N., Tian, L., Liu, F., & Xu, L., “Application-Aware Local-Global Source Deduplication for Cloud Backup Services of Personal Storage”, Vol. 25, Iss. 5, pp. 1155-1165, IEEE Transactions on Parallel and Distributed Systems, (2014)
[33] Xu, X., & Tu, Q., “Data Deduplication Mechanism for Cloud Storage Systems”, International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Xi'an, China, (2015)
[34] EMC Corporation, “EMC Avamar: Deduplication Backup Software and System”, Retrieved 2016/07/05 from http://taiwan.emc.com/data-protection/avamar.htm
[35] Mao, B., Jiang, H., Wu, S., & Tian, L., “Leveraging Data Deduplication to Improve the Performance of Primary Storage Systems in the Cloud”, IEEE Transactions on Computers, Vol. 65, Iss. 6, pp. 1775-1788, (2015)
[36] Du, X., Hu, W., Wang, Q., & Wang, F., “ProSy: A Similarity Based Inline Deduplication System For Primary Storage”, IEEE International Conference on Networking, Architecture and Storage, Boston, MA, USA(2015)
[37] Microsoft TechNet, “Windows Server - Single Instance Storage (SIS)”, Retrieved 2016/07/12 from https://technet.microsoft.com/en-us/library/gg232683(v=ws.10).aspx
[38] Meyer, D.T., & Bolosky, W.J., “A study of Practical Deduplication”, The 9th USENIX Conference on File and Storage Technologies, Berkeley, CA, USA, (2011)
[39] Moh, T.S., & Chang, B.C., “A Running Time Improvement for the Two Thresholds Two Divisors Algorithm”, The 48th Annual Southeast Regional Conference, Oxford, MS, USA, (2010)
[40] Eshghi, K., & Tang, H.K., “A Framework for Analyzing and Improving Content-Based Chunking Algorithms”, Hewlett-Packard Labs Technical Report, (2005)
[41] Bobbarjung, D.R., Jagannathan, S., & Dubnick, C., “Improving Duplicate Elimination in Storage System”, ACM Transactions on Storage, Vol. 2, Iss. 4, pp. 424-448, (2006)
[42] Wang, C., Qin, Z.G., Peng, J., & Wang, J., “A Novel Encryption Scheme for Data Deduplication System”, International Conference on Communications, Circuits and Systems, Chengdu, China, (2010)
[43] Pettitt, J., “Re: Hash of plaintext as key ?”, Cypherpunks Mailing List, Retrieved 2016/07/13 from http://cypherpunks.venona.com/date/1996/02/msg02013.html, (1996)
[44] Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., & Theimer, M., “Reclaiming Space from Duplicate Files in a Serverless Distributed File System”, The 22nd International Conference on Distributed Computing Systems, Vienna, Austria, (2002)
[45] Storer, M.W., Greenan, K., Long, D.D.E., & Miller, E.L., “Secure data deduplication”, The 15th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, (2008)
[46] Perez, S., “Finally! Bitcasa CEO Explains How The Encryption Works”, TechCrunch, Retrieved 2016/07/17 from https://techcrunch.com/2011/09/18/bitcasa-explains-encryption/, (2011)
[47] GNUnet, GNU’s Framework for Secure Peer-to-Peer Networking, Retrieved 2016/07/07 from https://gnunet.org/
[48] Chai, Q., & Gong, G., “Verifiable Symmetric Searchable Encryption For Semi-honest-but-curious Cloud Servers”, IEEE International Conference on Communications, Ottawa, ON, Canada, (2012)
[49] Devi, R., & Elias, E., “Secure Manipulation of Deduplicated Data for Cloud Storage”, International Journal of Science and Research, Vol. 4, Iss. 12, pp.1036-1040, (2015)
[50] Puzio, P., Molva, R., Önen, M., & Lourerio, S., “PerfectDedup: Secure Data Deduplication”, The 10th International Workshop on Data Privacy Management (DPM), Vienna, Austria, (2015)
[51] Dropbox, https://www.dropbox.com/
[52] Zoolz, http://www.zoolz.com/
[53] Google Drive, https://www.google.com/intl/zh-TW/drive/
[54] Box, https://www.box.com/
[55] Pairing-Based Cryptography Library (PBC) , https://crypto.stanford.edu/pbc/
[56] Java Pairing-Based Cryptography Library, http://gas.dia.unisa.it/projects/jpbc/
[57] De Caro, A., & Iovino, V., “jPBC: Java pairing based cryptography”, IEEE Symposium on Computers and Communications, Kerkyra, Greek, (2011)
[58] Zhang, J., Han, S., Wan, J., Zhu, B., Zhou, L., Ren, Y., & Zhang, W., “IM-Dedup: An Image Management System Based on Deduplication Applied in DWSNs”, International Journal of Distributed Sensor Networks, Vol. 9, No.7, (2013)
[59] Kamliya, V., & Aluvalu, R., “A Survey on Hierarchical Attribute Set based Encryption (HASBE) Access Control Model for Cloud Computing”, International Journal of Computer Applications, Vol. 112, No. 7, (2015)
[60] Liu, X., Ma, J., Xiong, J., & Liu, G, “Ciphertext-Policy Hierarchical Attribute-based Encryption for Fine-Grained Access Control of Encryption Data”, International Journal of Network Security, Vol.16, No.6, pp.437-443, (2014)
[61] Liu, Z., Cao, Z., & Wang, D.S., “Efficient Generation of Linear Secret Sharing Scheme Matrices from Threshold Access Trees”, Cryptology ePrint Archive: Report 2010/374 (IACR), (2010)
[62] Fiat, A., & Naor, M, “Broadcast Encryption”, The 13th annual international cryptology conference on Advances in cryptology, Santa Barbara, California, USA, (1993)
[63] Boneh, D., & Franklin, M., “Identity-Based Encryption from the Weil Pairing”, SIAM Journal on Computing, Vol. 32, No. 3, pp. 586-615, (2003)
[64] Gopularam, B.P., Dara, S., & Niranjan, N., “Experiments in Encrypted and Searchable Network Audit Logs”, International Conference on Emerging Information Technology and Engineering Solutions, Mahashtra, India, (2015)
[65] Lubicz, D., & Sirven, T., “Attribute-Based Broadcast Encryption Scheme Made Efficient”, The 1st International Conference on Cryptology in Africa, Casablanca, Morocco, (2008)
[66] Akinyele, J.A., Pagano, M.W., Green, M.D., Lehmann, C.U., Peterson, Z.N.J., & Rubin, A.D., “Self-Protecting Electronic Medical Records Using Attribute-Based Encryption”, The 1st ACM workshop on Security and privacy in smartphones and mobile devices, Chicago, IL, USA, (2011)
[67] Fu, Y., Jiang, H., & Xiao, N., “A Scalable Inline Cluster Deduplication Framework for Big Data Protection”, The 13th International Middleware Conference, Montreal, QC, Canada, (2012)
[68] Watanabe1 , Y., Shikata, J., Imai, h., “Equivalence between Semantic Security and Indistinguishability against Chosen Ciphertext Attacks”, The 6th International Workshop on Theory and Practice in Public Key Cryptography, Miami, FL, USA, (2003)
[69] Goldwasser, S., & Micali, S., "Probabilistic encryption", Journal of Computer and System Sciences, Vol. 28, Iss. 2, pp. 270-299, (1984)
[70] Goh, E.J., “Encryption Schemes from Bilinear Maps”, PhD's thesis, Stanford University, (2007)
[71] Rabah, K., "Elliptic Curve ElGamal Encryption and Signature Schemes", Information Technology Journal, Vol. 4, Iss. 3, pp. 299-306, (2005)
[72] Frey, G., Muller, M., & Ruck, H.G., "The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems", IEEE Transactions on Information Theory, Vol. 45, Iss. 5, pp. 1717-1719, (1999)