Provably Secure Role-Based Encryption with Revocation Mechanism

doi:10.1007/s11390-011-1169-9

Abstract

Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

Yan Zhu (朱岩), Member, CCF, Hong-Xin Hu (胡宏新), Gail-Joon Ahn, Senior Member, ACM, IEEE Huai-Xi Wang (王怀习), and Shan-Biao Wang (王善标). Provably Secure Role-Based Encryption with Revocation Mechanism[J]., 2011, 26(4): 697-710.

References

[1] Sandhu R, Ferraiolo D F, Kuhn D R. The nist model for role-basedaccess control: Towards a unified standard. In Proc. the 5th ACMWorkshop on Role Based Access Control (RBAC), Berlin, Germany,Jul.26-27, 2000, pp.47-63.

[2] Li Q, Zhang X W, Xu M W, Wu J P. Towards secure dynamiccollaborations with group-based RBAC model. Computers {&Security, 2009, 28(5): 260-275.

[3] Shafiq B, Joshi J, Bertino E, Ghafoor A. Secure interoperationin a multidomain environment employing RBAC policies. IEEETransactions on Knowledge and Data Engineering, 2005, 17(11): 1557-1577.

[4] Zhu Y, Ahn G J, Hu H X, Wang H X. Cryptographic role-basedsecurity mechanisms based on role-key hierarchy. In Proc. the 5thACM Symposium on Information, Computer and Communications Security(ASIACCS), Beijing, China, Apr.13-16, 2010, pp.314-319.

[5] Akl S G, Taylor P D. Cryptographic solution to a problem ofaccess control in a hierarchy. ACM Transactions on hbox Computer System,1983, 1(3): 239-248.

[6] Akl S G, Taylor P D. Cryptographic solution to a multilevelsecurity problem. In Proc. Advances in Cryptology: CRYPTO,Santa Barbara, USA, 1982, pp.237-249.

[7] Wallner D M, Harder E G, Agee R C. Key management formulticast: Issues and architecture. {Internet Draft,draft-waller-key-arch-01.txt, 1998.

[8] Wong C K, Gouda M, Lam S S. Secure group communications usingkey graphs. In Proc. the Annual Conference of the Association forComputing Machinery's Special Interest Group on Data Communication(SIGCOMM), Vancouver, Canada, Sept.2-4, 1998, 28, pp.68-79.

[9] Asano T. Reducing receiver's storage in CS, SD and LSDbroadcast encryption schemes. IEICE Transactions on Fundamentals ofElectronics, Communications and Computer Sciences,2005, 88(1): 203-210.

[10] Naor D, Naor M, Lotspiech J. Revocation and tracing schemesfor stateless receivers. In Proc. the 21st Annual InternationalCryptology Conference (CRYPTO), Santa Barbara, USA, Aug.19-23, 2001,pp.41-62.

[11] Halevy D, Shamir A. The LSD broadcast encryption scheme.In Proc. the 22nd International Cryptology Conference (Crypto),Santa Barbara, USA, Aug.18-22, 2002, pp.47-60.

[12] Boneh D, Franklin M. Identity-based encryption from the weilpairing. In Proc. the 21st Annual International CryptologyConference (CRYPTO), Santa Barbara, USA, Aug.19-23, 2001, pp.213-229.

[13] Yuen T H, Susilo W, Mu Y. How to construct identity-basedsignatures without the key escrow problem. International Journal of Information Security, 2010, 9(4): 297-311.

[14] Gentry C, Silverberg A. Hierarchical ID based cryptography.In Proc. the 8th International Conference on the Theory and Applicationof Cryptology and Information Security (ASIACRYPT), Queenstown, NewZealand, Dec.1-5, 2002, pp.548-566.

[15] Tzeng W G. A time-bound cryptographic key assignment scheme foraccess control in a hierarchy. IEEE Transactions on Knowledge andData Engineering, 2002, 14(1): 182-188.

[16] Sahai A, Waters B. Fuzzy identity-based encryption.In Proc. the 24th Annual International Conference on the Theory andApplications of Cryptographic Techniques (EUROCRYPT), Aarhus,Denmark, May 22-26, 2005, pp.457-473.

[17] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryptionfor fine-grained access control of encrypted data. In Proc. the13th ACM Conference on Computer and Communications Security (CCS),Alexandria, USA, Oct.30-Nov.3, 2006, pp.89-98.

[18] Ostrovsky R, Sahai A, Waters B. Attribute-based encryptionwith non-monotonic access structures. In Proc. the 14th ACMConference on Computer and Communications Security (CCS), Alexandria,USA, Oct.28-31, 2007, pp.195-203.

[19] Chase M. Multi-authority attribute based encryption. In Proc. the 4th Theory of Cryptography Conference (TCC),Amsterdam, The Netherlands, Feb.21-24, 2007, pp.515-534.

[20] Bethencourt J, Sahai A, Waters B. Ciphertext-policyattribute-based encryption. In Proc. 2007 IEEE Symposium onSecurity and Privacy (S{&P), Oakland, USA, May 20-23, 2007, pp.321-334.

[21] Waters B. Ciphertext-policy attribute-based encryption: Anexpressive, efficient, and provably secure realization. {CryptologyePrint Archive, Report 2008/290, 2008, http://eprint.iacr.org/.

[22] Goyal V, Jain A, Pandey O, Sahai A. Bounded ciphertext policyattribute based encryption. In Proc. the 35th InternationalColloquium on Automata, Languages and Programming, Part II --- Track B:Logic, Semantics, and Theory of Programming {& Track C: Security andCryptography Foundations (ICALP(2)), Reykjavik, Iceland, Jul.7-11,2008, pp.579-591.

[23] Ibraimi L, Tang Q, Hartel P H, Jonker W. Efficient and provablesecure ciphertext-policy attribute-based encryption schemes. In Proc.the 5th International Conference on Information Security Practice andExperience (ISPEC), Xi'an, China, Apr.13-15, 2009, pp.1-12.

[24] Attrapadung N, Imai H. Dual-policy attribute based encryption.In Proc. the 7th International Conference on Applied Cryptographyand Network Security (ACNS), Paris, France, Jun.2-5, 2009, pp.168-185.

[25] Attrapadung N, Imai H. Dual-policy attribute based encryption:Simultaneous access control with ciphertext and key policies. IEICE Transactions on Fundamentals of Electronics, Communicationsand Computer Sciences, 2010, E93-A(1): 116-125.

[26] Wang L Y, Wijesekera D, Jajodia S. A logic-based framework forattribute based access control. In Proc. the 2004 ACM Workshop onFormal Methods in Security Engineering (FMSE),Washington DC, USA, Oct.29, 2004, pp.45-55.

[27] Frikken K B, Atallah M J, Li J T. Attribute-based accesscontrol with hidden policies and hidden credentials. IEEE Transactionon Computers, 2006, 55(10): 1259-1270.

[28] Schoinas I, Falsafi B, Lebeck A R, Reinhardt S K, Larus J R,Wood D A. Fine-grain access control for distributed shared memory.In Proc. the 6th International Conference on Architectural Supportfor Programming Languages and Operating Systems (ASPLOS), San Jose,USA, Oct.4-7, 1994, pp.297-306.

[29] Damiani E, Vimercati S D C D, Paraboschi S, Samarati P.A fine-grained access control system for xml documents. ACM Transactions on Information and System Security, 2002, 5(2):169-202.

[30] Shahandashti S F, Naini R S. Threshold attribute-basedsignatures and their application to anonymous credential systems.In Proc. the 2nd International Conference on Cryptology in Africa(AFRICACRYPT), Gammarth, Tunisia, Jun.21-25, 2009, pp.198-216.

[31] Maji H, Prabhakaran M, Rosulek M. Attribute-based signatures:Achieving attribute-privacy and collusion-resistance.{Cryptology ePrint Archive, Report 2008/328, 2008,http://eprint.iacr.org/.

[32] Wang H X, Zhu Y, Feng R Q. Attribute-based signature withpolicy-and-endorsement mechanism. Journal of Computer Science andTechnology, 2010, 25(6): 1293-1304.

[33] Attrapadung N, Imai H. Attribute-based encryption supportingdirect/indirect revocation modes. In Proc. the 12th IMAInternational Conference on Cryptography and Coding,Cirencester, UK, Dec.15-17, 2009, pp.278-300.

[34] Boneh D, Boyen X, Goh E J. Hierarchical identity basedencryption with constant size ciphertext. In Proc. the 24th AnnualInternational Conference on the Theory and Applications of CryptographicTechniques (EUROCRYPT), Aarhus, Denmark, May 22-26, 2005, pp.440-456.

[35] Boneh D, Gentry C, Waters B. Collusion resistant broadcastencryption with short ciphertexts and private keys. In Proc. the25th Annual International Cryptology Conference (CRYPTO),Santa Barbara, USA, Aug.14-18, 2005, pp.258-275.

[36] Toahchoodee M, Xie X, Ray I. Towards trustworthy delegation inrole-based access control model. In Proc. the 12th InternationalConference on Information Security (ISC), Pisa, Italy, Sept.7-9,2009, pp.379-394.

[37] Microsoft Corporation. How encrypting file system works.Microsoft TechNet Report, 2009, http://te-chnet.mi-crosoft.com/en-us/library/cc781588(WS.10).aspx.

[38] SEC1. Standards for efficient cryptograhy group: Ellipticcurve cryptography, Version 1.0, 2000.

[39] SEC2. Standards for efficient cryptograhy group: Recommendedelliptic curve domain parameters, Version 1.0, 2000.

[40] Su D, Lv K W. A new hard-core predicate of paillier's trapdoorfunction. In Proc. the 10th International Conference on Cryptologyin India (INDOCRYPT), New Delhi, India, Dec.13-16, 2009, pp.263-271.

[41] Schultz E E. Windows 2000 security: A postmortem analysis. Network Security, 2004, 2004(1): 6-9.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 10

[1]	Min Yinghua; Han Zhide;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[2]	Zhang Bo; Zhang Ling;. On Memory Capacity of the Probabilistic Logic Neuron Network[J]. , 1993, 8(3): 62 -66 .
[3]	Huang Guoyong; Li Sanli;. TSP: A Heterogeneous Multiprocessor Supercomputing System Based on i860XP[J]. , 1994, 9(3): 285 -288 .
[4]	ZHENG Fang; XU Mingxing; MOU Xiaolong; WU Jian; WU Wenhu; FANG Ditang;. HarkMan—A Vocabulary-Independent Keyword Spotter for Spontaneons Chinese Speech[J]. , 1999, 14(1): 18 -26 .
[5]	WANG Xiaodong; XU Ming; ZHOU Xingming;. Fast Multicast on Multistage Interconnection Networks Using Multi-Head Worms[J]. , 1999, 14(3): 250 -258 .
[6]	Ben Leslie, Peter Chubb, Nicholas Fitzroy-Dale, Stefan Gotz, Charles Gray, Luke Macpherson, Daniel Potts, Yue-Ting Shen, Kevin Elphinstone, and Gernot Heiser. User-Level Device Drivers: Achieved Performance[J]. , 2005, 20(5): 654 -664 .
[7]	Zhou-Wang Yang, Chun-Lin Wu, Jian-Song Deng,and Fa-Lai Chen. Specification of Initial Shapes for Dynamic Implicit Curve/Surface Reconstruction[J]. , 2006, 21(2): 249 -254 .
[8]	Dong-Xi Liu. CSchema: A Downgrading Policy Language for XML Access Control[J]. , 2007, 22(1): 44 -53 .
[9]	Yu-Bao Liu, Jia-Rong Cai, Jian Yin, and Ada Wai-Chee Fu. Clustering Text Data Streams[J]. , 2008, 23(1): 112 -128 .
[10]	Shao-Lin Chen (陈绍林), Xi-Yuan Hu (胡晰远), Member, IEEE, and Si-Long Peng (彭思龙). Hyperspectral Imagery Denoising Using a Spatial-Spectral Domain Mixing Prior[J]. , 2012, 27(4): 851 -861 .