Skip to main content
SpringerLink
Log in

Generic constructions for role-based encryption

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Due to the enormous growth in the amount of digital information that needs to be stored, outsourcing data to third-party storage service providers, such as cloud, have attracted much attention in recent times. This has raised significant security issues such as how to control access to outsourced data stored on third-party sites. There have been many works on access control in the literature, and one of the well-known access control models is the role-based access control (RBAC), which provides flexible control and management by having two level mappings, users to roles and roles to privileges on data objects. Several cryptographic RBAC schemes have been proposed which integrate cryptographic techniques with RBAC models to enforce RBAC policies. In this paper, we develop the first generic constructions for cryptographic RBAC schemes which we refer to as role-based encryption (RBE) schemes. A RBE scheme allows data to be encrypted in such a way that only users with specific roles can decrypt the data. Hence, it can be used to enforce RBAC policies in an outsourcing environment. Our constructions use ID-based broadcast encryption (IBBE) techniques to build RBE schemes, and we show that the RBE scheme built from our generic constructions is secure if the selected IBBE scheme is secure. We also compare these constructions and analyse the advantages and disadvantages of each construction type.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)

    Article  Google Scholar 

  2. Alperin-Sheriff, J., Peikert, C.: Circular and kdm security for identity-based encryption. In: Public Key Cryptography—PKC 2012, LNCS, vol. 7293, pp. 334–352 (2012)

  3. Applebaum, B.: Key-dependent message security: generic amplification and completeness. In: Advances in Cryptology—EUROCRYPT 2011, LNCS, vol. 6632, pp. 527–546. Springer, Berlin (2011)

  4. Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 190–202. ACM, New York (2005)

  5. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (S&P 2007), pp. 321–334. IEEE Computer Society (2007)

  6. Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Selected Areas in Cryptography, 9th Annual International Workshop, SAC 2002, LNCS, vol. 2595, pp. 62–75. Springer, Berlin (2002)

  7. Boneh, D., Boyen, X., Goh, E.J.: Hierarchical identity based encryption with constant size ciphertext. In: Advances in Cryptology—EUROCRYPT 2005, LNCS, vol. 3494, pp. 440–456. Springer, Berlin (2005)

  8. Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Advances in Cryptology—CRYPTO 2005, LNCS, vol. 3621, pp. 258–275. Springer, Berlin (2005)

  9. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Advances in Cryptology—EUROCRYPT 2001, LNCS, vol. 2045, pp. 93–118. Springer, Berlin (2001)

  10. Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Advances in Cryptology—ASIACRYPT 2007, LNCS, vol. 4833, pp. 200–215. Springer, Berlin (2007)

  11. Delerablée, C., Paillier, P., Pointcheval, D.: Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing-Based Cryptography—Pairing 2007, LNCS, vol. 4575, pp. 39–59. Springer, Berlin (2007)

  12. di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, CSAW 2007, pp. 63–69. ACM, New York (2007)

  13. di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB 2007, pp. 123–134. ACM, New York (2007)

  14. Fiat, A., Naor, M.: Broadcast encryption. In: Advances in Cryptology—CRYPTO 1993, LNCS, vol. 773, pp. 480–491. Springer, Berlin (1993)

  15. Garay, J.A., Staddon, J., Wool, A.: Long-lived broadcast encryption. In: Advances in Cryptology—CRYPTO 2000, LNCS, vol. 1880, pp. 333–352. Springer, Berlin (2000)

  16. Gentry, C., Silverberg, A.: Hierarchical id-based cryptography. In: Advances in Cryptology—ASIACRYPT 2002, LNCS, vol. 2501, pp. 548–566. Springer, Berlin (2002)

  17. Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: EUROCRYPT, LNCS, vol. 5479, pp. 171–188. Springer, Berlin (2009)

  18. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006)

  19. Halevy, D., Shamir, A.: The lsd broadcast encryption scheme. In: Advances in Cryptology—CRYPTO 2002, LNCS, vol. 2442, pp. 47–60. Springer, Berlin (2002)

  20. Hassen, H.R., Bouabdallah, A., Bettahar, H., Challal, Y.: Key management for content access control in a hierarchy. Comput. Netw. 51(11), 3197–3219 (2007)

    Article  MATH  Google Scholar 

  21. Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proceedings of 29th International Conference on Very Large Data Bases, VLDB 2003, pp. 898–909 (2003)

  22. Ng, C.Y., Mu, Y., Susilo, W.: An identity-based broadcast encryption scheme for mobile ad hoc networks. J. Telecommun. Inf. Technol. Special Issue Multimed. Commun. 1, 24–29 (2005)

    Google Scholar 

  23. Sakai, R., Furukawa, J.: Identity-based broadcast encryption. Cryptology ePrint Archive, Report 2007/217 (2007)

  24. Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role-based access control for secure data storage in the cloud. Comput. J. 54(13), 1675–1687 (2011)

    Article  Google Scholar 

  25. Zhu, Y., Ahn, G.J., Hu, H., Wang, H.: Cryptographic role-based security mechanisms based on role-key hierarchy. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 314–319. ACM, New York (2010)

Download references

Author information

Authors and Affiliations

  1. Macquarie University, Sydney, NSW, Australia

    Lan Zhou, Vijay Varadharajan & Michael Hitchens

Authors
  1. Lan Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Hitchens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vijay Varadharajan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhou, L., Varadharajan, V. & Hitchens, M. Generic constructions for role-based encryption. Int. J. Inf. Secur. 14, 417–430 (2015). https://doi.org/10.1007/s10207-014-0267-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-014-0267-4

Keywords

Search

Navigation