research-article

Cryptographic role-based security mechanisms based on role-key hierarchy

Authors:

Yan Zhu,

Gail-Joon Ahn,

Hongxin Hu,

Huaixi WangAuthors Info & Claims

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

Pages 314 - 319

https://doi.org/10.1145/1755688.1755728

Published: 13 April 2010 Publication History

Get Access

Abstract

Even though role-based access control (RBAC) can tremendously help us minimize the complexity in administering users, it is still needed to realize the notion of roles at the resource level. In this paper, we propose a practical cryptographic RBAC model, called role-key hierarchy model, to support various security features including signature and encryption based on role-key hierarchy. With the help of rich algebraic structure of elliptic curve, we introduce a role-based cryptosystem construction to verify the rationality and validity of our proposed model. Also, a proof-of-concept prototype implementation and performance evaluation are discussed to demonstrate the feasibility and efficiency of our mechanisms.

References

[1]

E. Bertino, N. Shang, and S. Wagstaff. An efficient time-bound hierarchical key management scheme for secure broadcasting. IEEE Trans. on Dependable and Secure Computing, 5(2):65--70, 2008.

Digital Library

Google Scholar

[2]

D. Boneh and M. Franklin. Identity-based encryption from the weil pairing. In Advances in Cryptology (CRYPTO'01), volume 2139 of LNCS, pages 213--229, 2001.

Digital Library

Google Scholar

[3]

D. Boneh and M. Hamburg. Generalized identity based and broadcast encryption schemes. In ASIACRYPT, pages 455--470, 2008.

Digital Library

Google Scholar

[4]

D. Boneh and H. Shacham. Group signatures with verifier-local revocation. In ACM Conference on Computer and Communications Security, pages 168--177, 2004.

Digital Library

Google Scholar

[5]

B. W. D. Boneh, C. Gentry. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Advances in Cryptology (CRYPTO'2005), volume 3621 of LNCS, pages 258--275, 2005.

Digital Library

Google Scholar

[6]

E. Goh, H. Shacham, N. Modadugu, and D. Boneh. Sirius: Securing remote untrusted storage. In Proceedings of the Internet Society (ISOC) Network and Distributed Systems Security (NDSS) Symposium, pages 131--145, 2003.

Google Scholar

[7]

J. Jing and G.-J. Ahn. Role-based access management for ad-hoc collaborative sharing. In Proc. of 11th Symposium on Access Control Models and Technologies (SACMAT), pages 200--209, 2006.

Digital Library

Google Scholar

[8]

X. Liang, Z. Cao, H. Lin, and J. Shao. Attribute based proxy re-encryption with delegating capabilities. In ASIACCS, pages 276--286, 2009.

Digital Library

Google Scholar

[9]

R. S. Q. Mahesh Kallahalla, Erik Riedel and K. Fu. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies (FAST), pages 29--42, 2003.

Digital Library

Google Scholar

[10]

R. Sandhu, E. Coyne, H. Fenstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

Google Scholar

[11]

R. Sandhu, D. Ferraiolo, and D. Kuhn. The nist model for role-based access control: Towards a unified standard. In Proceedings of 5th ACM Workshop on Role Based Access Control (RBAC'00), pages 47--63, 2000.

Digital Library

Google Scholar

Cited By

View all

Sultan NVaradharajan VZhou LBarbhuiya F(2023)A Role-Based Encryption (RBE) Scheme for Securing Outsourced Cloud Data in a Multi-Organization ContextIEEE Transactions on Services Computing10.1109/TSC.2022.319425216:3(1647-1661)Online publication date: 1-May-2023
https://doi.org/10.1109/TSC.2022.3194252
Tiwari SNeogi S(2023)Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using KerberosSN Computer Science10.1007/s42979-023-01807-z4:5Online publication date: 7-Jun-2023
https://doi.org/10.1007/s42979-023-01807-z
Liu BMichalas AWarinschi B(2022)Cryptographic Role-Based Access Control, ReconsideredProvable and Practical Security10.1007/978-3-031-20917-8_19(282-289)Online publication date: 7-Nov-2022
https://doi.org/10.1007/978-3-031-20917-8_19
Show More Cited By

Index Terms

Cryptographic role-based security mechanisms based on role-key hierarchy
1. Security and privacy

Recommendations

Fine-grained role-based delegation in presence of the hybrid role hierarchy
SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

Delegation of authority is an important process that needs to be captured by any access control model. In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
A rule-based framework for role-based delegation and revocation

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most ...

Comments

Information & Contributors

Information

Published In

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

April 2010

363 pages

ISBN:9781605589367

DOI:10.1145/1755688

General Chair:
Dengguo Feng
Chinese Academy of Sciences, China
,
Program Chairs:
David Basin
ETH Zurich, Switzerland
,
Peng Liu
Pennsylvania State University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ASIA CCS '10

Sponsor:

SIGSAC

ASIA CCS '10: 5th ACM Symposium on Information, Computer and Communications Security

April 13 - 16, 2010

Beijing, China

Acceptance Rates

ASIACCS '10 Paper Acceptance Rate 25 of 166 submissions, 15%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
389
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sultan NVaradharajan VZhou LBarbhuiya F(2023)A Role-Based Encryption (RBE) Scheme for Securing Outsourced Cloud Data in a Multi-Organization ContextIEEE Transactions on Services Computing10.1109/TSC.2022.319425216:3(1647-1661)Online publication date: 1-May-2023
https://doi.org/10.1109/TSC.2022.3194252
Tiwari SNeogi S(2023)Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using KerberosSN Computer Science10.1007/s42979-023-01807-z4:5Online publication date: 7-Jun-2023
https://doi.org/10.1007/s42979-023-01807-z
Liu BMichalas AWarinschi B(2022)Cryptographic Role-Based Access Control, ReconsideredProvable and Practical Security10.1007/978-3-031-20917-8_19(282-289)Online publication date: 7-Nov-2022
https://doi.org/10.1007/978-3-031-20917-8_19
(2018)Generic construction of role-based encryption in the standard modelInternational Journal of Security and Networks10.1504/IJSN.2017.08440012:3(198-205)Online publication date: 17-Dec-2018
https://dl.acm.org/doi/10.1504/IJSN.2017.084400
Zhou LVaradharajan VHitchens M(2018)Generic constructions for role-based encryptionInternational Journal of Information Security10.1007/s10207-014-0267-414:5(417-430)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.1007/s10207-014-0267-4
Lang BWang JLiu Y(2017)Achieving Flexible and Self-Contained Data Protection in Cloud ComputingIEEE Access10.1109/ACCESS.2017.26655865(1510-1523)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2665586
Mun HOh S(2016)Injecting Subject Policy into Access Control for Strengthening the Protection of Personal InformationWireless Personal Communications: An International Journal10.1007/s11277-015-3094-789:3(715-728)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1007/s11277-015-3094-7
Ferrara AFachsbauer GLiu BWarinschi B(2015)Policy Privacy in Cryptographic Access ControlProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.11(46-60)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/CSF.2015.11
Lin CLuo FWang HZhu Y(2015)A Provable Data Possession Scheme with Data Hierarchy in CloudRevised Selected Papers of the 11th International Conference on Information Security and Cryptology - Volume 958910.1007/978-3-319-38898-4_18(301-321)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-38898-4_18
Praveen SGangadharan G(2014)SecDSIM: A Framework for Secure Data Storage and Identity Management in the CloudCloud Computing10.1007/978-3-319-10530-7_5(105-125)Online publication date: 21-Oct-2014
https://doi.org/10.1007/978-3-319-10530-7_5
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Fine-grained role-based delegation in presence of the hybrid role hierarchy

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security

A rule-based framework for role-based delegation and revocation