Abstract
Recently, more and more enterprises and individuals have moved their data into the cloud. To meet this practical requirement, this paper addresses how to establishes a bridge between role-based access control (RBAC) and cloud storage in order to fully preserve investment in existing RBAC systems. We present a new scheme for secure migrating the resources from RBAC systems to cloud storage. This scheme takes full advantage of RBAC, which provides a well-designed and easy-to-manage approach for accessing cloud resources without user intervention. This scheme, called Partially-ordered Hierarchical Encryption (PHE), which implements the partial-order key hierarchy, similar to role hierarchy in RBAC, in public-key infrastructure. In addition, this construction provides traitor tracing to support efficient digital forensics. The performance analysis shows that our construction has following features: dynamic joining and revoking users, constant-size ciphertexts and decryption keys, and lower overloads for large-scale systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The signature of P can be generated avoid tampering.
- 2.
The plaintext (ek or M) must be converted into an element of \(G_q\), see ElGamal encryption system.
- 3.
Given a set of \(t+1\) different data points \((x_0,y_0),\cdots ,(x_t,y_t)\), the language interpolation polynomial is a linear combination \(L(x)=\sum ^{t}_{j=0} y_j \lambda _j(x)\) where the coefficient \(\lambda _j(x)=\prod ^t_{i=0,i=j}\frac{x-x_i}{x_j-x_i}\). Here, we set \(x=0\) to compute L(0).
- 4.
For the different pathes, we have the same polynomial \(p_i(x)=s_i +\sum _{i=1}^{t} a_i x^i\), because \(p_i(x)=(s_i-s_{i-1}) +(s_{i-1}-s_{i-2})+\cdots +(s_{1}-s_l)+ p_l(x)\) for any path \(s_i,s_{i-1},\cdots ,s_1,s_l\).
- 5.
This game may be more strict than the other two games.
- 6.
The interesting readers may read the full proofs in the website: crypto.ustb.edu.cn.
References
F.R. Institute: Personal data in the cloud: a global survey of consumer attitudes (2010). http://www.fujitsu.com/downloads/SOL/fai/reports/fujitsu/personal-data-in-the-cloud.pdf
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conference on CCS, pp. 89–98 (2006)
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: ACM Conference on Computer and Communications Security, pp. 195–203 (2007)
Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden ciphertext policies. IEICE Trans. 92–A(1), 22–32 (2009)
Zhu, Y., Ahn, G.-J., Hu, H., Ma, D., Wang, S.: Role-based cryptosystem: a new cryptographic rbac system based on role-key hierarchy. IEEE Trans. Inf. Forensics Secur. 8(12), 2138–2153 (2013)
Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12(3), 1–43 (2009)
Blanton, M., Frikken, K.B.: Efficient multi-dimensional key management in broadcast services. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 424–440. Springer, Heidelberg (2010)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
Zhu, Y., Ahn, G.-J., Hu, H., Yau, S.S., An, H.G., Hu, C.-J.: Dynamic audit services for outsourced storages in clouds. IEEE Trans. Serv. Comput. 6(2), 227–238 (2013)
Wallner, D.M., Harder, E.G., Agee, R.C.: Key management for multicast: Issues and architecture. In: Internet draft draft-waller-key-arch-01.txt (1998)
Asano, T.: Reducing receiver’s storage in CS, SD and LSD broadcast encryption schemes. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 88(1), 203–210 (2005)
Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)
Tzeng, W.-G., Tzeng, Z.-J.: A public-key traitor tracing scheme with revocation using dynamic shares. In: Public Key Cryptography, pp. 207–224 (2001)
Goldreich, O.: Foundations of Cryptography. Basic Application, vol. II. Cambridge University Press, New York (2004)
Berkovits, S.: How to broadcast a secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)
Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)
Boneh, D., Franklin, M.K.: An efficient public key traitor scheme (extended abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 338–353. Springer, Heidelberg (1999)
Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)
Kim, H.K., Park, B., Ha, J.C., Lee, B., Park, D.G.: New key management systems for multilevel security. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 245–253. Springer, Heidelberg (2005)
Chung, Y.F., Lee, H.H., Lai, F., Chen, T.S.: Access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 178, 230–243 (2008)
Tzeng, W.G.: A time-bound cryptographic key assignment scheme for access control in a hierarchy. IEEE Trans. Knowl. Data Eng. 14(1), 182–188 (2002)
Chien, H.Y.: Efficient time-bound hierarchical key assignment scheme. IEEE Trans. Knowl. Data Eng. 16(10), 1301–1304 (2004)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)
De Santis, A., Ferrara, A.L., Masucci, B.: Efficient provably-secure hierarchical key assignment schemes. In: Kučera, L., Kučera, A. (eds.) MFCS 2007. LNCS, vol. 4708, pp. 371–382. Springer, Heidelberg (2007)
Acknowledgments
The authors are indebted to anonymous reviewers for their valuable suggestions. This work is supported by the National 973 Program (Grant No. 2013CB329605) and National Natural Science Foundation of China (Grant Nos. 61170264 and 61472032).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhu, Y., Li, D., Yang, L. (2015). Traitor Tracing Based on Partially-Ordered Hierarchical Encryption. In: Yung, M., Zhu, L., Yang, Y. (eds) Trusted Systems. INTRUST 2014. Lecture Notes in Computer Science(), vol 9473. Springer, Cham. https://doi.org/10.1007/978-3-319-27998-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-27998-5_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27997-8
Online ISBN: 978-3-319-27998-5
eBook Packages: Computer ScienceComputer Science (R0)