Secure sharing system with proxy re-encryption
Master thesis
Permanent lenke
http://hdl.handle.net/11250/299614Utgivelsesdato
2015-06-12Metadata
Vis full innførselSamlinger
- Studentoppgaver (TN-IDE) [823]
Sammendrag
This work introduces a new and secure mechanism for sharing files. In providing a complete
implementation of a relatively recent cryptographic primitive known as proxy re-encryption,
the thesis sharing system design enables file owners to store their private files in an arbitrary
location while delegating access to others through the BitTorrent protocol.
A proxy re-encryption scheme involves, as the name implies, re-encryption of already encrypted
content known as ciphertexts. To clarify, a file owner may initially encrypt a private file
before uploading it to an arbitrary location on the Internet. Subsequently, the file owner may
provide an untrusted third party known as the proxy instance with a special key. In possession
of said special key, known as the re-encryption key, the proxy instance (the sharing system) is capable
of re-encrypting the ciphertext originally intended for party A (the source) such that party
B (the destination) can decrypt it. After re-encryption, Party B may decrypt the ciphertext with
his or her secret decryption key, all while the sharing system (proxy) never need to access to the
underlying plaintext.
The genius of the proxy re-encryption primitive entails that while a proxy instance is capable
of delegating access to files that the respective file owner has permitted, a faulty or compromised
proxy instance is unable to performany hazardous actionswithout the file owner’s say so. This is
because the proxy instance has no means to access the underlying files. The proxy instance only
has access to the original ciphertext and the re-encryption keys, both of which the file owner
generates and may be publicly available without security concern. The thesis sharing system
design inherits these very attractive properties.
As mentioned, this work also relies on the BitTorrent protocol. This protocol is responsible
for providing the sharing system’s file transfer capability. More specifically, when users delegate
access to their files, they actually delegate access to encrypted metadata files known as torrent
files.
To clarify, if Bob wants to share a picture with Alice, he does so by letting the sharing system
generate and encrypt a torrent file corresponding to the picture. Moreover, Bob lets the systemgenerate
a re-encryption key that enables re-encryption of ciphertexts intended for Bob for
decryption by Alice’s secret decryption key. Bob then provides the system with the encrypted
iv
torrent and the re-encryption key. When Alice makes an inquiry about the picture, the system
will re-encrypt the picture’s encrypted torrent file so that Alice may decrypt it. Once Alice has
decrypted the torrent file, she can download the picture through a BitTorrent client.
For this to work in a secure manner, the thesis sharing system design makes some modifications
to the BitTorrent protocol. More specifically, it provides a customized embedded Bit-
Torrent tracker, which is responsible for coordinating file transfer between its users. To ensure
secure file transfer, the BitTorrent tracker implements some cryptographic protocols while simultaneously
enforcing its clients to do so as well.
Finally, to ensure easy incorporation of the sharing system into existing applications, all user
interaction is available through a standardized web service interface.
Beskrivelse
Master's thesis in Computer science