Skip to main content
SpringerLink
Log in

Provably Secure Role-Based Encryption with Revocation Mechanism

  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Sandhu R, Ferraiolo D F, Kuhn D R. The nist model for role-based access control: Towards a unified standard. In Proc. the 5th ACM Workshop on Role Based Access Control (RBAC), Berlin, Germany, Jul. 26–27, 2000, pp.47-63.

  2. Li Q, Zhang X W, Xu M W, Wu J P. Towards secure dynamic collaborations with group-based RBAC model. Computers & Security, 2009, 28(5): 260–275.

    Article  Google Scholar 

  3. Shafiq B, Joshi J, Bertino E, Ghafoor A. Secure interoperation in a multidomain environment employing RBAC policies. IEEE Transactions on Knowledge and Data Engineering, 2005, 17(11): 1557–1577.

    Article  Google Scholar 

  4. Zhu Y, Ahn G J, Hu H X, Wang H X. Cryptographic role-based security mechanisms based on role-key hierarchy. In Proc. the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing, China, Apr. 13–16, 2010, pp.314-319.

  5. Akl S G, Taylor P D. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer System, 1983, 1(3): 239–248.

    Article  Google Scholar 

  6. Akl S G, Taylor P D. Cryptographic solution to a multilevel security problem. In Proc. Advances in Cryptology: CRYPTO, Santa Barbara, USA, 1982, pp.237-249.

  7. Wallner D M, Harder E G, Agee R C. Key management for multicast: Issues and architecture. Internet Draft, draft-waller-key-arch-01.txt, 1998.

  8. Wong C K, Gouda M, Lam S S. Secure group communications using key graphs. In Proc. the Annual Conference of the Association for Computing Machinery's Special Interest Group on Data Communication (SIGCOMM), Vancouver, Canada, Sept. 2–4, 1998, 28, pp.68-79.

  9. Asano T. Reducing receiver's storage in CS, SD and LSD broadcast encryption schemes. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2005, 88(1): 203–210.

    Article  Google Scholar 

  10. Naor D, Naor M, Lotspiech J. Revocation and tracing schemes for stateless receivers. In Proc. the 21st Annual International Cryptology Conference (CRYPTO), Santa Barbara, USA, Aug. 19–23, 2001, pp.41-62.

  11. Halevy D, Shamir A. The LSD broadcast encryption scheme. In Proc. the 22nd International Cryptology Conference (Crypto), Santa Barbara, USA, Aug. 18–22, 2002, pp.47-60.

  12. Boneh D, Franklin M. Identity-based encryption from the weil pairing. In Proc. the 21st Annual International Cryptology Conference (CRYPTO), Santa Barbara, USA, Aug. 19–23, 2001, pp.213-229.

  13. Yuen T H, Susilo W, Mu Y. How to construct identity-based signatures without the key escrow problem. International Journal of Information Security, 2010, 9(4): 297–311.

    Article  Google Scholar 

  14. Gentry C, Silverberg A. Hierarchical ID based cryptography. In Proc. the 8th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), Queenstown, New Zealand, Dec. 1–5, 2002, pp.548-566.

  15. Tzeng W G. A time-bound cryptographic key assignment scheme for access control in a hierarchy. IEEE Transactions on Knowledge and Data Engineering, 2002, 14(1): 182–188.

    Article  MathSciNet  Google Scholar 

  16. Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Aarhus, Denmark, May 22–26, 2005, pp.457-473.

  17. Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for ¯ne-grained access control of encrypted data. In Proc. the 13th ACM Conference on Computer and Communications Security (CCS), Alexandria, USA, Oct. 30-Nov. 3, 2006, pp.89-98.

  18. Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In Proc. the 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, USA, Oct. 28–31, 2007, pp.195-203.

  19. Chase M. Multi-authority attribute based encryption. In Proc. the 4th Theory of Cryptography Conference (TCC), Amsterdam, The Netherlands, Feb. 21–24, 2007, pp.515-534.

  20. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In Proc. 2007 IEEE Symposium on Security and Privacy (S&P), Oakland, USA, May 20–23, 2007, pp.321-334.

  21. Waters B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. Cryptology ePrint Archive, Report 2008/290, 2008, http://eprint.iacr.org/.

  22. Goyal V, Jain A, Pandey O, Sahai A. Bounded ciphertext policy attribute based encryption. In Proc. the 35th International Colloquium on Automata, Languages and Programming, Part II ― Track B: Logic, Semantics, and Theory of Programming & Track C: Security and Cryptography Foundations (ICALP(2)), Reykjavik, Iceland, Jul. 7–11, 2008, pp.579-591.

  23. Ibraimi L, Tang Q, Hartel P H, Jonker W. Efficient and provable secure ciphertext-policy attribute-based encryption schemes. In Proc. the 5th International Conference on Information Security Practice and Experience (ISPEC), Xi'an, China, Apr. 13–15, 2009, pp.1-12.

  24. Attrapadung N, Imai H. Dual-policy attribute based encryption. In Proc. the 7th International Conference on Applied Cryptography and Network Security (ACNS), Paris, France, Jun. 2–5, 2009, pp.168-185.

  25. Attrapadung N, Imai H. Dual-policy attribute based encryption: Simultaneous access control with ciphertext and key policies. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2010, E93-A(1): 116–125.

    Article  Google Scholar 

  26. Wang L Y, Wijesekera D, Jajodia S. A logic-based framework for attribute based access control. In Proc. the 2004 ACM Workshop on Formal Methods in Security Engineering (FMSE), Washington DC, USA, Oct. 29, 2004, pp.45-55.

  27. Frikken K B, Atallah M J, Li J T. Attribute-based access control with hidden policies and hidden credentials. IEEE Transaction on Computers, 2006, 55(10): 1259–1270.

    Article  Google Scholar 

  28. Schoinas I, Falsafi B, Lebeck A R, Reinhardt S K, Larus J R, Wood D A. Fine-grain access control for distributed shared memory. In Proc. the 6th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), San Jose, USA, Oct. 4–7, 1994, pp.297-306.

  29. Damiani E, Vimercati S D C D, Paraboschi S, Samarati P. A fine-grained access control system for xml documents. ACM Transactions on Information and System Security, 2002, 5(2): 169–202.

    Article  Google Scholar 

  30. Shahandashti S F, Naini R S. Threshold attribute-based sig natures and their application to anonymous credential systems. In Proc. the 2nd International Conference on Cryptology in Africa (AFRICACRYPT), Gammarth, Tunisia, Jun. 21–25, 2009, pp.198-216.

  31. Maji H, Prabhakaran M, Rosulek M. Attribute-based signatures: Achieving attribute-privacy and collusion- resistance. Cryptology ePrint Archive, Report 2008/328, 2008, http://eprint.iacr.org/.

  32. Wang H X, Zhu Y, Feng R Q. Attribute-based signature with policy-and-endorsement mechanism. Journal of Computer Science and Technology, 2010, 25(6): 1293–1304.

    Article  MathSciNet  Google Scholar 

  33. Attrapadung N, Imai H. Attribute-based encryption supporting direct/indirect revocation modes. In Proc. the 12th IMA International Conference on Cryptography and Coding, Cirencester, UK, Dec. 15–17, 2009, pp.278-300.

  34. Boneh D, Boyen X, Goh E J. Hierarchical identity based encryption with constant size ciphertext. In Proc. the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Aarhus, Denmark, May 22–26, 2005, pp.440-456.

  35. Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Proc. the 25th Annual International Cryptology Conference (CRYPTO), Santa Barbara, USA, Aug. 14–18, 2005, pp.258-275.

  36. Toahchoodee M, Xie X, Ray I. Towards trustworthy delegation in role-based access control model. In Proc. the 12th International Conference on Information Security (ISC), Pisa, Italy, Sept. 7–9, 2009, pp.379-394.

  37. Microsoft Corporation. How encrypting file system works. Microsoft TechNet Report, 2009, http://technet.microsoft.com/en-us/library/cc781588(WS.10).aspx.

  38. SEC1. Standards for efficient cryptograhy group: Elliptic curve cryptography, Version 1.0, 2000.

  39. SEC2. Standards for efficient cryptograhy group: Recommended elliptic curve domain parameters, Version 1.0, 2000.

  40. Su D, Lv K W. A new hard-core predicate of paillier's trapdoor function. In Proc. the 10th International Conference on Cryptology in India (INDOCRYPT), New Delhi, India, Dec. 13–16, 2009, pp.263-271.

  41. Schultz E E. Windows 2000 security: A postmortem analysis. Network Security, 2004, 2004(1): 6–9.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science and Technology, Peking University, Beijing, 100871, China

    Yan Zhu (Member, CCF)

  2. Beijing Key Laboratory of Internet Security Technology, Peking University, Beijing, 100871, China

    Yan Zhu (Member, CCF)

  3. School of Computing, Informatics and Decision Systems Engineering, Arizona State University, Tempe, AZ, 85287, U.S.A.

    Hong-Xin Hu & Gail-Joon Ahn (Senior Member, ACM, IEEE)

  4. School of Mathematical Sciences, Peking University, Beijing, 100871, China

    Huai-Xi Wang & Shan-Biao Wang

Authors
  1. Yan Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hong-Xin Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gail-Joon Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Huai-Xi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shan-Biao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yan Zhu.

Additional information

This work of Yan Zhu, Huai-Xi Wang and Shan-Biao Wang were partially supported by the National Development and Reform Commission under Project “A Cloud-based service for monitoring security threats in mobile Internet” and “A monitoring platform for web safe browsing”. This work of Gail-J. Ahn and Hong-Xin Hu were partially supported by the National Science Foundation of USA under Grant Nos. NSF-IIS-0900970 and NSFCNS-0831360.

Electronic Supplementary Material

Below is the link to the electronic supplementary material.

(PDF 68.5 KB)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhu, Y., Hu, HX., Ahn, GJ. et al. Provably Secure Role-Based Encryption with Revocation Mechanism. J. Comput. Sci. Technol. 26, 697–710 (2011). https://doi.org/10.1007/s11390-011-1169-9

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-011-1169-9

Keywords

Search

Navigation