research-article

Cryptographically Enforced Orthogonal Access Control at Scale

Authors:

Bob Wall,

Patrick WalshAuthors Info & Claims

SCC '18: Proceedings of the 6th International Workshop on Security in Cloud Computing

Pages 57 - 65

https://doi.org/10.1145/3201595.3201602

Published: 23 May 2018 Publication History

Get Access

Abstract

We propose a new approach to cryptographically enforced data access controls that uses public key cryptography to secure large numbers of documents with arbitrarily large numbers of authorized users. Our approach uses a proxy re-encryption (PRE) scheme to handle the problems typical of public key cryptography including key management, rotation, and revocation, in a highly scalable way, while providing end-to-end encryption and provable access. In this paper we describe a system based on this approach. We call it an orthogonal access control system, because it allows the decision about the groups to which to encrypt a piece of data to be made independently and asynchronously from the decision about who belongs to a group and can therefore decrypt the data. We define specific requirements for a PRE scheme needed to support the system, and we provide a specific instance that meets these requirements. We detail the algorithms that make up the scheme, and we present an enhancement that provides better revocability of keys.

References

[1]

G. Ateniese, K. Fu, M. Green, and S. Hohenberger. 2006. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. ACM Transactions on Information and System Security (TISSEC) Vol. 9, 1 (2006), 1--30.

Digital Library

Google Scholar

[2]

M. Blaze, G. Bleumer, and M. Strauss. 1998. Divertible protocols and atomic proxy cryptography EUROCRYPT. Springer-Verlag, 127--144.

Google Scholar

[3]

Y. Cai and X. Liu. 2014. A Multi-use CCA-secure Proxy Re-encryption Scheme. IEEE 12th International Conference on Dependable, Autonomic, and Secure Computing Vol. 7 (2014).

Digital Library

Google Scholar

[4]

R. Canetti and S. Hohenberger. 2007. Chosen-ciphertext Secure Proxy Re-encryption. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). ACM, New York, NY, USA, 185--194.

Digital Library

Google Scholar

[5]

R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina. 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the ACM Workshop on Cloud Computing Security. ACM, 85--90.

Digital Library

Google Scholar

[6]

Q. Liu, G. Wang, and J. Wu. 2014. Time-based proxy re- encryption scheme for secure data sharing in a cloud environment. In Information Sciences, Vol. Vol. 258. Elsevier, 355--370.

Digital Library

Google Scholar

[7]

Z. Qin, H. Xiong, S. Wu, and J. Batamuliza. {n. d.}. A Survey of Proxy Re-Encryption for Secure Data Sharing in Cloud Computing IEEE Transactions on Services Computing, Vol. Vol. PP.

Google Scholar

[8]

G. Wang, Q. Liu, and J. Wu. 2010. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In Proceedings of the ACM Conference on Computer and Communications Security. IEEE, 735--737.

Digital Library

Google Scholar

[9]

H. Wang and Z. Cao. 2009. A Fully Secure Unidirectional and Multi-use Proxy Re-encryption Scheme. ACM CCS Poster Session (2009).

Google Scholar

[10]

H. Xiong, X. Zhang, D. Yao, and X. Wu. 2012. Towards End-to-End Secure Content Storage and Delivery with Public Cloud Proceedings of the second ACM conference on Data and Application Security and Privacy (CODASPY'12). 257--266.

Digital Library

Google Scholar

[11]

L. Xu, X. Wu, and X. Zhang. 2012. CL-PRE: A certificateless proxy re-encryption scheme for secure data sharing with public cloud. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, New York, NY, USA, 87--88.

Digital Library

Google Scholar

[12]

S. Yu, C. Wang, K. Ren, and W. Lou. {n. d.}. Achieving secure, scalable, and fine-grained data access control in cloud computing Proceedings of the IEEE International Conference on Computer Communications.

Digital Library

Google Scholar

[13]

J. Zhang and X. A. Wang. 2013. On the Security of Two Multi-use CCA-secure Proxy Re-encryption Schemes. Int. J. Intelligent Information and Database Systems Vol. 7, 5 (2013), 422--440.

Digital Library

Google Scholar

Cited By

View all

Mhiri SEgio ACompastié MCosio P(2024)Proxy Re-Encryption for Enhanced Data Security in Healthcare: A Practical ImplementationProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670874(1-11)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670874

Index Terms

Cryptographically Enforced Orthogonal Access Control at Scale
1. Security and privacy
  1. Cryptography
    1. Key management
    2. Public key (asymmetric) techniques
      1. Public key encryption
  2. Security services
    1. Access control

Recommendations

Secure access privilege delegation using attribute-based encryption
Abstract
Attribute-based encryption (ABE) is widely used for a secure and efficient data sharing. The predetermined access policy of ABE shares the data with intended data users. However, ABE is not preferable in many applications that require ...
Flexible attribute-based proxy re-encryption for efficient data sharing
Abstract
An increasing number of people are sharing their data through third-party platforms. Attribute-based encryption (ABE) is a promising primitive that allows enforcing fine-grained access control on the data to be shared. An issue in ABE ...
An Efficient Cryptography-Based Access Control Using Inner-Product Proxy Re-Encryption Scheme
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Inner-product encryption (IPE) is a well-known functional encryption primitive that allows decryption when the inner-product of the attribute vectors, upon which the encrypted data and the decryption key depend, is equal to zero. Using IPE, it is ...

Comments

Information & Contributors

Information

Published In

SCC '18: Proceedings of the 6th International Workshop on Security in Cloud Computing

May 2018

71 pages

ISBN:9781450357593

DOI:10.1145/3201595

Program Chairs:
Aziz Mohaisen
University of Central Florida, USA
,
Qian Wang
Wuhan University, China

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

SCC '18 Paper Acceptance Rate 6 of 17 submissions, 35%;

Overall Acceptance Rate 64 of 159 submissions, 40%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
254
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mhiri SEgio ACompastié MCosio P(2024)Proxy Re-Encryption for Enhanced Data Security in Healthcare: A Practical ImplementationProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670874(1-11)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670874

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Secure access privilege delegation using attribute-based encryption

Flexible attribute-based proxy re-encryption for efficient data sharing

An Efficient Cryptography-Based Access Control Using Inner-Product Proxy Re-Encryption Scheme

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Secure access privilege delegation using attribute-based encryption

Flexible attribute-based proxy re-encryption for efficient data sharing

An Efficient Cryptography-Based Access Control Using Inner-Product Proxy Re-Encryption Scheme

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations