Provably Secure Role-Based Encryption with Revocation Mechanism

Provably Secure Role-Based Encryption with Revocation Mechanism

导出

摘要 Role-Based Encryption （RBE） realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys. Role-Based Encryption （RBE） realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

作者朱岩胡宏新 Gail-Joon Ahn 王怀习王善标

机构地区 Institute of Computer Science and Technology Beijing Key Laboratory of Internet Security Technology School of Computing School of Mathematical Sciences

出处《Journal of Computer Science & Technology》 SCIE EI CSCD 2011年第4期697-710,共14页 计算机科学技术学报（英文版）

基金 supported by the National Development and Reform Commission under Project"A Cloud-based service for monitoring security threats in mobile Internet"and"A monitoring platform for web safe browsing" supported by the National Science Foundation of USA under Grant Nos.NSF-IIS-0900970and NSFCNS-0831360

关键词 CRYPTOGRAPHY role-based encryption role hierarchy key hierarchy collusion security REVOCATION cryptography, role-based encryption, role hierarchy, key hierarchy, collusion security, revocation

分类号 TN918.1 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献41

1Sandhu R, Ferraiolo D F, Kuhn D R. The nist model for role-based access control: Towards a unified standard. In Proc. the 5th ACM Workshop on Role Based Access Control (RBAC), Berlin, Germany, Jul. 26-27, 2000, pp.47-63.
2Li Q, Zhang X W, Xu M W, Wu J P. Towards secure dynamic collaborations with group-based RBAC model. Computers Security, 2009, 28(5): 260-275.
3Shafiq B, Joshi J, Bertino E, Ghafoor A. Secure interoper- ation in a multidomain environment employing RBAC poli- cies. IEEE Transactions on Knowledge and Data Engineer- ing, 2005, 17(11): 1557-1577.
4Zhu Y, Ahn G J, Hu H X, Wang H X. Cryptographic role- based security mechanisms based on role-key hierarchy. In Proc. the 5th ACM Symposium on Information, Computer and Communications Security ( ASIA CCS), Beijing, China, Apr. 13-16, 2010, pp.314-319.
5Akl S G, Taylor P D. Cryptographic solution to a prob- lem of access control in a hierarchy. ACM Transactions onComputer System, 1983, 1(3): 239-248.
6Akl S G, Taylor P D. Cryptographic solution to a multi- level security problem. In Proc. Advances in Cryptology: CRYPTO, Santa Barbara, USA, 1982, pp.237-249.
7Wallner D M, Harder E G, Agee R C. Key management for multicast: Issues and architecture. Internet Draft, draft- waller-key-arch-01.txt, 1998.
8Wong C K, Gouda M, Lam S S. Secure group communications using key graphs. In Proc. the Annual Conference of the As- sociation for Computing Machinery's Special Interest Group on Data Communication (SIGCOMM), Vancouver, Canada, Sept. 2-4, 1998, 28, pp.68-79.
9Asano T. Reducing receiver's storage in CS, SD and LSD broadcast encryption schemes. IEICE Transactions on Fun- damentals of Electronics, Communications and Computer Sciences, 2005, 88(1): 203-210.
10Naor D, Naor M, Lotspiech J. Revocation and tracing schemes for stateless receivers. In Proc. the 21st Annual Interna- tional Cryptology Conference (CRYPTO), Santa Barbara, USA, Aug. 19-23, 2001, pp.41-62.

1刘珊艳,张广泉.基于时序逻辑语言XYZ/E的实时系统应用研究[J].重庆师范大学学报（自然科学版）,2006,23(3):63-66. 被引量：1
2胡庆辉,赵正文,李丽萍.PKI技术在政府办公自动化系统信息安全中的应用[J].网络安全技术与应用,2004(9):43-45. 被引量：5
3廖俊,李世收,蔡瑞英.PKI技术在信息安全中的应用[J].南京化工大学学报,2001,23(5):57-60. 被引量：4
4刘洁,杨平强.PKI/CA在宁夏的应用和面临的问题[J].信息网络安全,2004(12):24-25.
5林丽君.网络加密及算法概述[J].煤炭工程,2002,34(12):32-34. 被引量：1
6刘文丽,王颖.浅谈SNMP协议的安全性实现[J].高性能计算技术,2004,0(4):46-49.
7王峥.微机应用系统中的可靠性剖析[J].微电子学与计算机,2006,23(11):74-77. 被引量：2
8胡国亮,石永华.微机应用系统中的可靠性剖析[J].滁州学院学报,2000,2(2):22-24.
9李铁男.数据加密技术的算法分析与研究[J].黑龙江科技信息,2009(21):70-70.
10朱建波,李萍,于炯,廖彬.改进的Kerberos协议在HDFS环境下的研究[J].计算机工程与设计,2014,35(10):3392-3398. 被引量：4

Journal of Computer Science & Technology

2011年第4期

浏览历史

内容加载中请稍等...

Provably Secure Role-Based Encryption with Revocation Mechanism

参考文献41

相关作者

相关机构

相关主题

浏览历史