Cryptographic Access Control in a Cloud Based File Storage Environment

Mads Lundt, Kristian Flamsted

AbstractThe goal of this master thesis is to look at the possibility to develop a cloud based file storage system. This system should include a local client and a remote file storage system, using MediaWiki.
The purpose is to explore whether it is a possibility to use cryptographic access control, to make sure only people with the correct cryptographic keys, are getting the right access. Avoiding the use of any regular access control meth-ods that already exist. When using cryptographic access control the all data is encrypted already at the client and this allows the trust level to the server to be much lower than in any regular cloud file storage setups. This is because nobody should ever be able to read the data at any time if they do not have the correct keys. When protecting the data using cryptographic access control a combination of symmetric- and asymmetric cryptography is used.
The possibility of sharing files among different users is also a part of this project, and this can be done using key rings. Each user have access to key ring, that includes keys for both files and for other key rings and these can be shared. The system is supposed to automatically create these keys when creating files, but sharing is something a user does manually.
The current prototype implemented shows that it is possible to create a cloud based file storage using MediaWiki. However, the current application is not using FUSE to automatically create keys when adding files due to errors. The reason is that the XML parser was not working properly with FUSE. However, as it was close to a solution so the FUSE library have been saved for possible future implementations. It is possible to share files in between users, but this needs to be done manually.
A risk analysis has been made showing possible attacks, how they are done and how big of a risk these are.
TypeMaster's thesis [Academic thesis]
Year2016
PublisherTechnical University of Denmark, Department of Applied Mathematics and Computer Science
AddressRichard Petersens Plads, Building 324, DK-2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk
SeriesDTU Compute M.Sc.-2016
NoteDTU supervisor: Christian D. Jensen, cdje@dtu.dk, DTU Compute
Electronic version(s)[pdf]
Publication linkhttp://www.compute.dtu.dk/english
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering