Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Accountable Ciphertext-Policy Attribute-Based Encryption Scheme Supporting Public Verifiability and Nonrepudiation Read chapter Read first chapter

2016 | OriginalPaper | Chapter

Universally Composable Cryptographic Role-Based Access Control

Authors : Bin Liu, Bogdan Warinschi

Published in: Provable Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulation-based security definition within the framework of Universal Composability (UC). Our definitions are natural and intuitively appealing, so we expect that our approach would carry over to other access models.
Next, we establish two results that clarify the strength of our definition when compared with existing ones that use the game-based definitional approach. On the positive side, we demonstrate that both read and write-access guarantees in the sense of game-based security are implied by UC security of an access control system. Perhaps expected, this result serves as confirmation that the definition we propose is sound.
Our main technical result is a proof that simulation-based security requires impractical assumptions on the encryption scheme that is employed. As in other simulation-based settings, the source of inefficiency is the well known “commitment problem” which naturally occurs in the context of cryptographic access control to file systems.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Ciphertext-Policy Attribute Based Encryption Supporting Access Policy Update
next chapter ID-based Data Integrity Auditing Scheme from RSA with Resisting Key Exposure
Appendix
Available only for authorised users
Footnotes
1
One possibility which we did not explore in this paper is to rely on additional setup assumptions, e.g. a common reference string, and employ a non-committing encryption scheme.
 
Literature
1.
Abadi, M., Warinschi, B.: Security analysis of cryptographically controlled access to XML documents. J. ACM 55(2), 1–29 (2008)
2.
Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)CrossRef
3.
Alderman, J., Cid, C., Crampton, J., Janson, C.: Access control in publicly verifiable outsourced computation. IACR Cryptology ePrint Arch. 2014, 762 (2014)MATH
4.
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14–17, Las Vegas, Nevada, USA, pp. 136–145, October 2001
5.
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRef
6.
Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Huang, X.: Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forensics Secur. 11(10), 2349–2364 (2016)CrossRefMATH
7.
Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Li, J., Huang, X.: Hierarchical and shared access control. IEEE Trans. Inf. Forensics Secur. 11(4), 850–865 (2016)
8.
Chang, Y.-F.: A flexible hierarchical access control mechanism enforcing extension policies. Secur. Commun. Networks 8(2), 189–201 (2015)CrossRef
9.
Crampton, J.: Practical constructions for the efficient cryptographic enforcement of interval-based access control policies. CoRR, abs/1005.4993 (2010)
10.
Crampton, J.: Cryptographic enforcement of role-based access control. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 191–205. Springer, Heidelberg (2011)CrossRef
11.
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: VLDB, pp. 123–134. ACM (2007)
12.
Ferrara, A.L., Fuchsbauer, G., Liu, B., Warinschi, B.: Policy privacy in cryptographic access control. In: IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17, pp. 46–60, July 2015
13.
Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. In: IEEE 26th Computer Security Foundations Symposium, New Orleans, LA, USA, June 26–28, pp. 115–129 (2013)
14.
Garg, S., Gentry, C., Halevi, S., Zhandry, M.: TCC 2016-A, Proceedings, Part II, chapter Functional Encryption Without Obfuscation, pp. 480–511. Springer, Heidelberg (2016)
15.
Gifford, D.K.: Cryptographic sealing for information secrecy and authentication. Communun. ACM 25(4), 274–286 (1982)CrossRef
16.
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. New York, New York, USA (1987)
17.
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
18.
Gudes, E.: The design of a cryptography based secure file system. IEEE Trans. Softw. Eng. 6(5), 411–420 (1980)CrossRef
19.
Halevi, S., Karger, P.A., Naor, D.: Enforcing confinement in distributed storage and a cryptographic model for access control. IACR Cryptology ePrint Archive 2005, 169 (2005)
20.
Hofheinz, D., Shoup, V.: Gnuc: A new universal composability framework. IACR Cryptology ePrint Archive 2011, 303 (2011)MATH
21.
Garrison III, W.C., Shull, A., Lee, A.J., Myers, S.: Dynamic, private cryptographic access control for untrusted clouds: Costs and constructions (extended version). CoRR, abs/1602.09069 (2016)
22.
Küsters, R., Tuengerthal, M.: The IITM model: a simple and expressive model for universal composability. IACR Cryptology ePrint Archive 2013, 25 (2013)
23.
Libert, B., Vergnaud, D.: Adaptive-ID secure revocable identity-based encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 1–15. Springer, Heidelberg (2009)CrossRef
24.
Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)CrossRef
25.
Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002). doi:10.​1007/​3-540-45708-9_​8 CrossRef
26.
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)CrossRef
Metadata
Title
Universally Composable Cryptographic Role-Based Access Control
Authors
Bin Liu
Bogdan Warinschi
Copyright Year
2016
Book
Provable Security

Print ISBN: 978-3-319-47421-2

Electronic ISBN: 978-3-319-47422-9

Copyright Year: 2016

DOI
https://doi.org/10.1007/978-3-319-47422-9_4

Premium Partner

    Image Credits