Provably secure role-based encryption with revocation mechanism

Yan Zhu, Hong Xin Hu, Gail-Joon Ahn, Huai Xi Wang, Shan Biao Wang

Research output: Contribution to journalArticle

16 Citations (Scopus)

Abstract

Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

Original languageEnglish (US)
JournalJournal of Computer Science and Technology
Volume26
Issue number4
DOIs
StatePublished - Jul 2011

Fingerprint

Revocation
Encryption
Cryptography
Access control
Joining
Collusion Attack
Public Key Infrastructure
Role-based Access Control
File System
Partial Order
Access Control
Subgroup

Keywords

  • Collusion Security
  • Cryptography
  • Revocation
  • Role HierarchyKey Hierarchy
  • Role-Based Encryption

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Computational Theory and Mathematics
  • Theoretical Computer Science
  • Computer Science Applications

Cite this

Provably secure role-based encryption with revocation mechanism. / Zhu, Yan; Hu, Hong Xin; Ahn, Gail-Joon; Wang, Huai Xi; Wang, Shan Biao.

In: Journal of Computer Science and Technology, Vol. 26, No. 4, 07.2011.

Research output: Contribution to journalArticle

Zhu, Yan ; Hu, Hong Xin ; Ahn, Gail-Joon ; Wang, Huai Xi ; Wang, Shan Biao. / Provably secure role-based encryption with revocation mechanism. In: Journal of Computer Science and Technology. 2011 ; Vol. 26, No. 4.
@article{08ccd1d3a8f44f29b7f78de68b984e7f,
title = "Provably secure role-based encryption with revocation mechanism",
abstract = "Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.",
keywords = "Collusion Security, Cryptography, Revocation, Role HierarchyKey Hierarchy, Role-Based Encryption",
author = "Yan Zhu and Hu, {Hong Xin} and Gail-Joon Ahn and Wang, {Huai Xi} and Wang, {Shan Biao}",
year = "2011",
month = "7",
doi = "10.1007/s11390-011-1169-9",
language = "English (US)",
volume = "26",
journal = "Journal of Computer Science and Technology",
issn = "1000-9000",
publisher = "Springer New York",
number = "4",

}

TY - JOUR

T1 - Provably secure role-based encryption with revocation mechanism

AU - Zhu, Yan

AU - Hu, Hong Xin

AU - Ahn, Gail-Joon

AU - Wang, Huai Xi

AU - Wang, Shan Biao

PY - 2011/7

Y1 - 2011/7

N2 - Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

AB - Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.

KW - Collusion Security

KW - Cryptography

KW - Revocation

KW - Role HierarchyKey Hierarchy

KW - Role-Based Encryption

UR - http://www.scopus.com/inward/record.url?scp=80054995027&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80054995027&partnerID=8YFLogxK

U2 - 10.1007/s11390-011-1169-9

DO - 10.1007/s11390-011-1169-9

M3 - Article

VL - 26

JO - Journal of Computer Science and Technology

JF - Journal of Computer Science and Technology

SN - 1000-9000

IS - 4

ER -