Provably secure role-based encryption with revocation mechanism

Yan Zhu; Hong Xin Hu; Gail-Joon Ahn; Huai Xi Wang; Shan Biao Wang

doi:10.1007/s11390-011-1169-9

Provably secure role-based encryption with revocation mechanism

Yan Zhu, Hong Xin Hu, Gail-Joon Ahn, Huai Xi Wang, Shan Biao Wang

Research output: Contribution to journal › Article › peer-review

21 Scopus citations

Abstract

Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

Original language	English (US)
Pages (from-to)	697-710
Number of pages	14
Journal	Journal of Computer Science and Technology
Volume	26
Issue number	4
DOIs	https://doi.org/10.1007/s11390-011-1169-9
State	Published - Jul 2011

Keywords

Collusion Security
Cryptography
Revocation
Role HierarchyKey Hierarchy
Role-Based Encryption

ASJC Scopus subject areas

Software
Theoretical Computer Science
Hardware and Architecture
Computer Science Applications
Computational Theory and Mathematics

Access to Document

10.1007/s11390-011-1169-9

Cite this

@article{08ccd1d3a8f44f29b7f78de68b984e7f,

title = "Provably secure role-based encryption with revocation mechanism",

abstract = "Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.",

keywords = "Collusion Security, Cryptography, Revocation, Role HierarchyKey Hierarchy, Role-Based Encryption",

author = "Yan Zhu and Hu, {Hong Xin} and Gail-Joon Ahn and Wang, {Huai Xi} and Wang, {Shan Biao}",

note = "Funding Information: Regular Paper This work of Yan Zhu, Huai-Xi Wang and Shan-Biao Wang were partially supported by the National Development and Reform Commission under Project “A Cloud-based service for monitoring security threats in mobile Internet” and “A monitoring platform for web safe browsing”. This work of Gail-J. Ahn and Hong-Xin Hu were partially supported by the National Science Foundation of USA under Grant Nos. NSF-IIS-0900970 and NSFCNS-0831360. ∗Corresponding Author {\textcopyright}2011 Springer Science + Business Media, LLC & Science Press, China",

year = "2011",

month = jul,

doi = "10.1007/s11390-011-1169-9",

language = "English (US)",

volume = "26",

pages = "697--710",

journal = "Journal of Computer Science and Technology",

issn = "1000-9000",

publisher = "Springer New York",

number = "4",

}

TY - JOUR

T1 - Provably secure role-based encryption with revocation mechanism

AU - Zhu, Yan

AU - Hu, Hong Xin

AU - Ahn, Gail-Joon

AU - Wang, Huai Xi

AU - Wang, Shan Biao

N1 - Funding Information: Regular Paper This work of Yan Zhu, Huai-Xi Wang and Shan-Biao Wang were partially supported by the National Development and Reform Commission under Project “A Cloud-based service for monitoring security threats in mobile Internet” and “A monitoring platform for web safe browsing”. This work of Gail-J. Ahn and Hong-Xin Hu were partially supported by the National Science Foundation of USA under Grant Nos. NSF-IIS-0900970 and NSFCNS-0831360. ∗Corresponding Author ©2011 Springer Science + Business Media, LLC & Science Press, China

PY - 2011/7

Y1 - 2011/7

N2 - Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

AB - Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

KW - Collusion Security

KW - Cryptography

KW - Revocation

KW - Role HierarchyKey Hierarchy

KW - Role-Based Encryption

UR - http://www.scopus.com/inward/record.url?scp=80054995027&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80054995027&partnerID=8YFLogxK

U2 - 10.1007/s11390-011-1169-9

DO - 10.1007/s11390-011-1169-9

M3 - Article

AN - SCOPUS:80054995027

SN - 1000-9000

VL - 26

SP - 697

EP - 710

JO - Journal of Computer Science and Technology

JF - Journal of Computer Science and Technology

IS - 4

ER -

Provably secure role-based encryption with revocation mechanism

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this