Key management is an essential component of a cryptographic access control system with a large number of resources.It manages the secret keys assigned to the system entities in such a way that only authorized users ca...Key management is an essential component of a cryptographic access control system with a large number of resources.It manages the secret keys assigned to the system entities in such a way that only authorized users can access a resource.Read access control allows read access of a resource by the authorized users and disallows others.An important objective of a key management is to reduce the secret key storage with each authorized user.To this end,there exist two prominent types of key management hierarchy with single key storage per user used for read access control in data outsourcing scenario:user-based and resource-based.In this work,we analyze the two types of hierarchy with respect to static hierarchy characteristics and dynamic operations such as adding or revoking user authorization.Our analysis shows that the resource-based hierarchies can be a better candidate which is not given equal emphasis in the literature.A new heuristic for minimizing the key management hierarchy is introduced that makes it practical in use even for a large number of users and resources.The performance evaluation of dynamic operations such as adding or revoking a user’s read subscription is shown experimentally to support our analytical results.展开更多
Key management is an essential component of a cryptographic access control system with a large number of resources.It manages the secret keys assigned to the system entities in such a way that only authorized users ca...Key management is an essential component of a cryptographic access control system with a large number of resources.It manages the secret keys assigned to the system entities in such a way that only authorized users can access a resource.Read access control allows read access of a resource by the authorized users and disallows others.An important objective of a key management is to reduce the secret key storage with each authorized user.To this end,there exist two prominent types of key management hierarchy with single key storage per user used for read access control in data outsourcing scenario:user-based and resource-based.In this work,we analyze the two types of hierarchy with respect to static hierarchy characteristics and dynamic operations such as adding or revoking user authorization.Our analysis shows that the resource-based hierarchies can be a better candidate which is not given equal emphasis in the literature.A new heuristic for minimizing the key management hierarchy is introduced that makes it practical in use even for a large number of users and resources.The performance evaluation of dynamic operations such as adding or revoking a user’s read subscription is shown experimentally to support our analytical results.展开更多
Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism ...Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.展开更多
文摘Key management is an essential component of a cryptographic access control system with a large number of resources.It manages the secret keys assigned to the system entities in such a way that only authorized users can access a resource.Read access control allows read access of a resource by the authorized users and disallows others.An important objective of a key management is to reduce the secret key storage with each authorized user.To this end,there exist two prominent types of key management hierarchy with single key storage per user used for read access control in data outsourcing scenario:user-based and resource-based.In this work,we analyze the two types of hierarchy with respect to static hierarchy characteristics and dynamic operations such as adding or revoking user authorization.Our analysis shows that the resource-based hierarchies can be a better candidate which is not given equal emphasis in the literature.A new heuristic for minimizing the key management hierarchy is introduced that makes it practical in use even for a large number of users and resources.The performance evaluation of dynamic operations such as adding or revoking a user’s read subscription is shown experimentally to support our analytical results.
文摘Key management is an essential component of a cryptographic access control system with a large number of resources.It manages the secret keys assigned to the system entities in such a way that only authorized users can access a resource.Read access control allows read access of a resource by the authorized users and disallows others.An important objective of a key management is to reduce the secret key storage with each authorized user.To this end,there exist two prominent types of key management hierarchy with single key storage per user used for read access control in data outsourcing scenario:user-based and resource-based.In this work,we analyze the two types of hierarchy with respect to static hierarchy characteristics and dynamic operations such as adding or revoking user authorization.Our analysis shows that the resource-based hierarchies can be a better candidate which is not given equal emphasis in the literature.A new heuristic for minimizing the key management hierarchy is introduced that makes it practical in use even for a large number of users and resources.The performance evaluation of dynamic operations such as adding or revoking a user’s read subscription is shown experimentally to support our analytical results.
基金supported by the National Development and Reform Commission under Project"A Cloud-based service for monitoring security threats in mobile Internet"and"A monitoring platform for web safe browsing"supported by the National Science Foundation of USA under Grant Nos.NSF-IIS-0900970and NSFCNS-0831360
文摘Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.
