Degree Name

Doctor of Philosophy


School of Computer Science and Software Engineering


An access control scheme is designed to restrict users access to the protected data in distributed systems. To satisfy different access requirements, various access control schemes have been proposed. Nevertheless, the privacy problem in them has not been considered extensively, while it is a primary concern of network users. Hence, constructing access control schemes with a sound privacy protection is an important task.

The main contribution of this thesis is to propose privacy-preserving access control schemes in the following three aspects. First, we design access control schemes where the contents required by users are protected against any proxy servers or other parties. We develop two identity-based data storage schemes, which are secure against collusion attacks. In these schemes, a user can access one of the data outsourced by the owner if he has obtained an access permission from the owner. A proxy server can transfer a ciphertext for the owner to a ciphertext for the requester without observing anything about the plaintext.

Second, we construct three access control schemes where users’ personal sensitive information, such as access credentials, identities and attributes, can be protected. We develop two attribute-based access control schemes, each with distinctive features. The first scheme is a decentralized attribute-based encryption scheme where a user can obtain secret keys from multiple authorities without releasing anything about his/her identifier to them and furthermore, it is secure against collusion attacks. Multiple authorities can work independently without any cooperation. Especially, an authority can dynamically leave or add in the system without re-initializing the system and re-issuing secret keys to users. Further, the second scheme captures the feature that only the senders whose attributes satisfy the access structure specified by the receiver can send messages to him/her and only the receiver whose attributes satisfies the access structure published by the sender can obtain the protected data. Furthermore, we give a provable generic construction of dynamic single sign-on schemes where a user can access multiple services using one credential and only the designated service providers can validate his credential.

Third, we develop several access control schemes where an authorized user can access the protected data without releasing anything about his personal sensitive information and the accessed contents to the database. We construct an attributebased oblivious access control scheme by introducing an attribute-based encryption scheme with constant computation and communication cost to an oblivious transfer scheme. Furthermore, we design efficient oblivious transfer with access control schemes by introducing oblivious signature-based envelope schemes to an oblivious transfer scheme. In these schemes, an authorized user can access the protected data obliviously, while the database only knows the number of the data accessed by the user.

Notably, all schemes developed in this thesis are derived from cryptographic primitives and formally proven in the proposed security models under complexity assumptions.