direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Master Thesis: On Challenges and Solutions: Designing a Generic Access Revocation Scheme for Data Sharing Scenarios Supporting Attribute-based Encryption

On Challenges and Solutions: Designing a Generic Access Revocation Scheme for Data Sharing Scenarios Supporting Attribute-based Encryption


Large Online Social Networks (OSNs) are commonplace, but trust in appropriate handling of personal information is lacking for the majority of users. Consequently, most users to want to improve this situation. The obvious way to protect personal data is through the use of encryption, but key management constitutes a challenging task in a private setting. Decentralized approaches for data sharing provide a high level of trust because of a lack of a central controlling entity optionally supported by open protocols and a common open-source code base. As an example, a common solution to provide a communication in a decentralized system is to use a Distributed Hash Table (DHT), which is a key-value store built on the consensus of a common implementation or specification. An issue in such a system is the combination with an encryption scheme supporting flexible access rules in order to handle various sharing scenarios. Ciphertext-Policy ABE (CP-ABE) is such a cryptosystem, which enables remote access enforcement by checking whether the user’s attribute set satisfies a boolean function associated with a ciphertext. Dynamic access granting would be achieved by giving users new attributes without the need to change previous ciphertexts. The main challenge is the revocation of access rights or attributes in a decentralized system. This thesis will examine various generic architectures for sharing data in a private setting and conduct feasibility as well as vulnerability analyses, because prior research on OSNs lacks a detailed view on revocation. The main idea is to provide each user with their own additional secret, which can be used to derive pseudo-random DHT locations for proactively storing encrypted attribute keys for each user. Revocation happens when the stored keys expire and are automatically deleted because of the intrinsic property of the Vuze DHT. The implemented system needs a permanently running service in the home domain of the data owner, which is only externally accessible through the DHT. A centralized alternative to the DHT is proposed to alleviate the permanent overhead of being a part of the DHT network.

Supervisor: Dirk Thatmann

Type:  Master Thesis

Duration: 6 months

Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe

TU Berlin - Service-centric Networking - TEL 19
Ernst-Reuter-Platz 7
10587 Berlin, Germany
Phone: +49 30 8353 58811
Fax: +49 30 8353 58409