Efficient Provably-Secure Hierarchical Key Assignment Schemes

Santis, Alfredo De; Ferrara, Anna Lisa; Masucci, Barbara

doi:10.1007/978-3-540-74456-6_34

Cited by 22 publications

(22 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The rich literature on the interplay between cryptography and access control ranges from schemes that employ encryption and/or key-distribution schemes to implement various forms of hierarchical access control [21], [3], [30], [4], [16] to the design and implementation of cryptographic file systems [27], [7], [11], [26] and on to the recent cryptographic primitives motivated by access control [37], [24], [28], [31], [12], [6]. However, while the syntax, functionality and security of the primitives (e.g.…”

Section: B Related Workmentioning

confidence: 99%

Policy Privacy in Cryptographic Access Control

Ferrara

Fachsbauer

Liu

et al. 2015

2015 IEEE 28th Computer Security Foundations Symposium

Self Cite

View full text Add to dashboard Cite

Abstract-Cryptographic access control offers selective access to encrypted data via a combination of key management and functionality-rich cryptographic schemes, such as attribute-based encryption. Using this approach, publicly available meta-data may inadvertently leak information on the access policy that is enforced by cryptography, which renders cryptographic access control unusable in settings where this information is highly sensitive.We begin to address this problem by presenting rigorous definitions for policy privacy in cryptographic access control. For concreteness we set our results in the model of Role-Based Access Control (RBAC), where we identify and formalize several different flavors of privacy; however, our framework should serve as inspiration for other models of access control. Based on our insights we propose a new system which significantly improves on the privacy properties of state-of-the-art constructions. Our design is based on a novel type of privacy-preserving attribute-based encryption, which we introduce and show how to instantiate.We present our results in the context of a cryptographic RBAC system by Ferrara et al. (CSF'13), which uses cryptography to control read access to files, while write access is still delegated to trusted monitors. We give an extension of the construction that permits cryptographic control over write access. Our construction assumes that key management uses out-of-band channels between the policy enforcer and the users but eliminates completely the need for monitoring read/write access to the data.

show abstract

Section: B Related Workmentioning

confidence: 99%

Policy Privacy in Cryptographic Access Control

Ferrara

Fachsbauer

Liu

et al. 2015

2015 IEEE 28th Computer Security Foundations Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…De Santis et al [12] proposed a construction which is based on symmetric encryption schemes only, achieves KI security and is simpler than the KI-secure scheme proposed in [8]. The construction uses only a chosen plaintext secure symmetric encryption scheme and the required private key storage is small at one key per class.…”

Section: Comparison With Previous Schemesmentioning

confidence: 99%

“…Formally, the hierarchy is modelled as a partially ordered set (poset), each data item is labelled by a class u in the hierarchy, and is encrypted using the encryption key k u corresponding to that class. Now a user, given access to the private information S u , can derive the relevant encryption key k v for any descendant class v, and hence gain access to the data of class v. Since the original paper by Akl and Taylor, a large number of different schemes have been proposed, offering different trade-offs in terms of the amount of public and private storage required and the complexity of key derivation -see for example [2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]. Many additional issues are addressed in these works: time-dependent constraints, dynamic addition and removal of classes, and revocation, for example.…”

mentioning

confidence: 99%

Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes

Freire

Paterson

Poettering

2013

Topics in Cryptology – CT-RSA 2013

View full text Add to dashboard Cite

Hierarchical Key Assignment Schemes can be used to enforce access control policies by cryptographic means. In this paper, we present a new, enhanced security model for such schemes. We also give simple, efficient, and strongly-secure constructions for Hierarchical Key Assignment Schemes for arbitrary hierarchies using pseudorandom functions and forward-secure pseudorandom generators. We compare instantiations of our constructions with state-of-the-art Hierarchical Key Assignment Schemes, demonstrating that our new schemes possess an attractive trade-off between storage requirements and efficiency of key derivation.

show abstract

“…They proposed an HKA scheme to enforce an HAC policy. After that, many researches proposed methods for improving performance, supporting dynamic access control policies, or providing distinct features [2,3,12,16,19,20,24,26,30]. Atallah et al formalized the security requirement for HKA schemes and provided an efficient and provably-secure HKA scheme against key recovery attacks [3].…”

Section: Introductionmentioning

confidence: 99%

CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing

Chen

Chu

Tzeng

et al. 2013

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient for successful cloud services is to control data access while considering the specific features of cloud services. The specific features include great quantity of outsourced data, large number of users, honest-but-curious cloud servers, frequently changed user set, dynamic access control policies, and data accessing for light-weight mobile devices. This paper addresses a cryptographic key assignment problem for enforcing a hierarchical access control policy over cloud data. We propose a new hierarchical key assignment scheme CloudHKA that observes the BellLaPadula security model and efficiently deals with the user revocation issue practically. We use CloudHKA to encrypt outsourced data so that the data are secure against honest-butcurious cloud servers. CloudHKA possesses almost all advantages of the related schemes, e.g., each user only needs to store one secret key, supporting dynamic user set and access hierarchy, and provably-secure against collusive attacks. In particular, CloudHKA provides the following distinct features that make it more suitable for controlling access of cloud data.(1) A user only needs a constant computation time for each data accessing. (2) The encrypted data are securely updatable so that the user revocation can prevent a revoked user from decrypting newly and previously encrypted data. Notably, the updates can be outsourced by using public information only. (3) CloudHKA is secure against the legal access attack. The attack is launched by an authorized, but malicious, user who pre-downloads the needed information for decrypting data ciphertexts in his authorization period. The user uses the pre-downloaded information for future decryption even after he is revoked. Note that the pre-downloaded information are often a small portion of encrypted data only, e.g. the headercipher in a hybrid encrypted data ciphertext. (4) Each user can be flexibly authorized the access rights of Write or Read, or both.

show abstract

Efficient Provably-Secure Hierarchical Key Assignment Schemes

Cited by 22 publications

References 24 publications

Policy Privacy in Cryptographic Access Control

Policy Privacy in Cryptographic Access Control

Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes

CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing

Contact Info

Product

Resources

About