網際網路的發達以及雲端運算的崛起，越來越多的使用者將大量的資料存放於雲儲存空間，也有不少的企業為了要以較低的成本達到異地備援的目的，轉而採用雲端空間。由於這些存放的資料皆詳細記載著企業的機密資訊或是使用者的個人隱私，以至於這些私密的資料，經常會是惡意程式攻擊或竊取的焦點。對資料加密是最直接的保護方式，但是大多數的雲端服務提供商或是企業所採取的加密保護只是針對員工以外的外部攻擊者，任何一位企業內部的員工皆可以直接存取、閱讀私密保護的資料，導致企業內部的人可以盜取、窺視甚至竄改這些機密資料，藉此謀取不法的利益。由以上可知，將資料存放於外部儲存空間的安全性及隱私性是一個迫切需要解決的議
題。
為了解決上述的隱私性及安全性問題，資料不能只以密文的型態儲存，對內部人員也需要根據不同的階級職等給予不同的安全等級以預防不相關的內部人員去存取到完整的資料。然而，當不同安全等級的人需要存取同一份資料時，就必須要創造出兩份相同內容的密文，對於使用者來說，大量的資料若重複儲存，將會浪費大量的儲存空間也會浪費大量的運算資源，導致使用效率低落。
有鑑於此，我們提出了一個以對偶多項式內插法實現相似資料群集屬性加密法，藉此可以根據內部人員的階級職等給予不同的權限範圍，當權限範圍重疊時，對於密文重複儲存的問題，我們也已經解決; 因此，對該份密文擁有完整權限的人才可以存取完整的資料，安全等級不足的人皆只能看到部分的資料內容。除此之外，使用者權限也可以依據需求隨時地增加或刪除，且只有變更權限的人需重新發送私鑰。我們所提出的方法善加運用了儲存空間也減少了大量的運算量，藉由此機制可以解決內部攻擊者的隱私威脅及外部惡意攻擊者竊取資料。

The development of the Internet, especially the rise of cloud computing, is providing more and more users (individuals as well as enterprises) access to cloud storage for large amounts of data. In fact, most enterprises today prefer cloud storage for cost-effective remote backup. However, because of the confidential nature of the data stored, cloud storage is usually a target of malicious users. A typical approach for protecting confidential data is to encrypt them with private keys before storing them in the cloud, but most cloud service providers or enterprises protect their data only from outside attackers, who are hackers, rather than from inside attackers, who are employees. The inside attackers can directly access, read privacy data, and even steal or tamper with the confidential data, e.g., for financial benefits. To solve such privacy and security issues, the data are not only encrypted as ciphertexts but are also given different security levels, depending on the relationship between the data and the staff, so as to control unauthorized employee access to the confidential data. In addition, when employees with different security levels need to access the same data, it is necessary to create two or more ciphertexts of the same content. However, if a large amount of duplicate data were stored in the cloud storage, it would waste storage space and computing resources. Therefore, in view of the aforementioned reasons, we propose an Attribute-Based Encryption with Dual Lagrange Polynomials for Multiple Overlapped Data (ABE-DLPNOD). The proposed new encryption method provides different security levels according to employee authorization and a solution to the problem of duplicate ciphertexts. Fully authorized employees can access the entire confidential data, while others can access only part of the data. In addition, user’s authorized access can be granted or denied without renewing the other users’ secret keys. The proposed method optimizes storage space and reduces computation costs.

Contents
論文審定書i
Acknowledgments iii
摘要iv
Abstract v
List of Figures viii
List of Tables ix
Chapter 1 Introduction 1
1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Preliminaries 5
2.1 Backgrounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 Lagrange Interpolation . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Bilinear Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.3 Access Tree Structure  . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.4 Attribute-Based Encryption . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.5 Hard Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Functional Definition of the Proposed Scheme . . . . . . . . . . . . . . . . . . 8
Chapter 3 Related Works 10
3.1 Bethencourt-Sahai-Waters CP-ABE . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Hur-Noh ABE with Efficient Revocation . . . . . . . . . . . . . . . . . . . . . 13
Chapter 4 Our Construction 18
4.1 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.3 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.4 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Chapter 5 Security Proof 31
5.1 Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.2 CCA Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 6 Conclusion 39
Bibliography 40
Appendix A Implementation 43
A.1 Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
A.2 Major Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
A.3 Implementation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Bibliography
[1] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, I. Stoica A. Rabkin, and M. Zaharia. A view of cloud computing. Communications of the ACM, 53:50–58, 2010.
[2] J. Baek,W. Susilo, and J. Zhou. New constructions of fuzzy identity-based encryption. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pages 368–370, 2007.
[3] J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of IEEE Symposium on Security and Privacy, pages 321–334, 2007.
[4] D. Boneh and M. Franklin. Identity-based encryption from the weil pairing. In Advances in Cryptology CRYPTO 2001, pages 213–229, 2001.
[5] A. Branden and E. W. Weisstein. Lagrange interpolating polynomial. MathWorld–A Wolfram Web Resource, http://mathworld.wolfram.com.
[6] Chun-I Fan, Vincent Shi-Ming Huang, and He-Ming Rung. Arbitrary-state attribute-based encryption with dynamic membership. IEEE Transactions on Computers, 2013. Article In Press.
[7] Judy Foreman. At risk of exposure - in the push for electronic medical records, concern is growing about how well privacy can be safeguarded. Los Angeles Times, http://articles.latimes.com/2006/jun/26/health/he-privacy26.
[8] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute based encryption for finegrained access control of encrypted data. In Proceedings of the 13th ACM conference on computer and communications security, pages 89–98, 2006.
[9] Junbeom Hur and Dong Kun Noh. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on parallel and distributed systems, 22:1214–1221, 2011.
[10] Neal Koblitz, Alfred Menezes, and Scott Vanstone. The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19:173–193, 2000.
[11] Jin Li, Qian Wang, Cong Wang, and Kui Ren. Enhancing attribute-based encryption with attribute hierarchy. Mobile Networks and Applications, 16:553–561, 2011.
[12] Ming Li, Shucheng Yu, Kui Ren, and Wenjing Lou. Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In Proceedings of the 6th International Conference on Security and Privacy in
Communication Networks, pages 89–106, 2010.
[13] Hans Lohr, Ahmad-Reza Sadeghi, and Marcel Winandy. Securing the e-health cloud. In Proceedings of the 1st ACM International Health Informatics Symposium, pages 220–229, 2010.
[14] Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. Handbook of Applied Cryptography. CRC Press, Inc. Boca Raton, 2001.
[15] Tapas Pandit and Rana Barua. Efficient fully secure attribute-based encryption schemes for general access structures. In Proceedings of the 6th International Conference on Provable Security, pages 193–214, 2012.
[16] Michael Scott. Implementing cryptographic pairings. In Proceedings of the Pairing-Based Cryptography, pages 177–196, 2007.
[17] A. Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.
[18] Yang Tang, Patrick P. C. Lee, John C. S. Lui, and Radia Perlman. Secure overlay cloud storage with access control and assured deletion. IEEE Transactions on Dependable and Secure Computing, 9:903–916, 2012.
[19] Zhiguo Wan, Jun’e Liu, and Robert H. Deng. Hasbe: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Transactions on Information Forensics and Security, 7:743–754, 2012.
[20] Lei Xu, Xiaoxin Wu, and Xinwen Zhang. A certificateless proxy re-encryption scheme for secure data sharing with public cloud. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pages 87–88, 2012.
[21] Shucheng Yu, Cong Wang, KuiRen, and Wenjing Lou. Achieving secure, scalable,and finegrained data access control in cloud computing. In Proceedings of the IEEE International Conference on Computer Communications, pages 1–9, 2010.
[22] Yanchao Zhang, Wei Liu, Wenjing Lou, and Yuguang Fang. Securing mobile ad hoc networks with certificateless public keys. IEEE Transactions on Dependable and Secure Computing, 3:386 – 399, 2006.