Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Accountable Ciphertext-Policy Attribute-Based Encryption Scheme Supporting Public Verifiability and Nonrepudiation Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

Universally Composable Cryptographic Role-Based Access Control

verfasst von : Bin Liu, Bogdan Warinschi

Erschienen in: Provable Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulation-based security definition within the framework of Universal Composability (UC). Our definitions are natural and intuitively appealing, so we expect that our approach would carry over to other access models.
Next, we establish two results that clarify the strength of our definition when compared with existing ones that use the game-based definitional approach. On the positive side, we demonstrate that both read and write-access guarantees in the sense of game-based security are implied by UC security of an access control system. Perhaps expected, this result serves as confirmation that the definition we propose is sound.
Our main technical result is a proof that simulation-based security requires impractical assumptions on the encryption scheme that is employed. As in other simulation-based settings, the source of inefficiency is the well known “commitment problem” which naturally occurs in the context of cryptographic access control to file systems.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Ciphertext-Policy Attribute Based Encryption Supporting Access Policy Update
Nächstes Kapitel ID-based Data Integrity Auditing Scheme from RSA with Resisting Key Exposure
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
One possibility which we did not explore in this paper is to rely on additional setup assumptions, e.g. a common reference string, and employ a non-committing encryption scheme.
 
Literatur
1.
Abadi, M., Warinschi, B.: Security analysis of cryptographically controlled access to XML documents. J. ACM 55(2), 1–29 (2008)
2.
Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)CrossRef
3.
Alderman, J., Cid, C., Crampton, J., Janson, C.: Access control in publicly verifiable outsourced computation. IACR Cryptology ePrint Arch. 2014, 762 (2014)MATH
4.
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14–17, Las Vegas, Nevada, USA, pp. 136–145, October 2001
5.
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRef
6.
Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Huang, X.: Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forensics Secur. 11(10), 2349–2364 (2016)CrossRefMATH
7.
Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Li, J., Huang, X.: Hierarchical and shared access control. IEEE Trans. Inf. Forensics Secur. 11(4), 850–865 (2016)
8.
Chang, Y.-F.: A flexible hierarchical access control mechanism enforcing extension policies. Secur. Commun. Networks 8(2), 189–201 (2015)CrossRef
9.
Crampton, J.: Practical constructions for the efficient cryptographic enforcement of interval-based access control policies. CoRR, abs/1005.4993 (2010)
10.
Crampton, J.: Cryptographic enforcement of role-based access control. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 191–205. Springer, Heidelberg (2011)CrossRef
11.
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: VLDB, pp. 123–134. ACM (2007)
12.
Ferrara, A.L., Fuchsbauer, G., Liu, B., Warinschi, B.: Policy privacy in cryptographic access control. In: IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17, pp. 46–60, July 2015
13.
Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. In: IEEE 26th Computer Security Foundations Symposium, New Orleans, LA, USA, June 26–28, pp. 115–129 (2013)
14.
Garg, S., Gentry, C., Halevi, S., Zhandry, M.: TCC 2016-A, Proceedings, Part II, chapter Functional Encryption Without Obfuscation, pp. 480–511. Springer, Heidelberg (2016)
15.
Gifford, D.K.: Cryptographic sealing for information secrecy and authentication. Communun. ACM 25(4), 274–286 (1982)CrossRef
16.
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. New York, New York, USA (1987)
17.
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
18.
Gudes, E.: The design of a cryptography based secure file system. IEEE Trans. Softw. Eng. 6(5), 411–420 (1980)CrossRef
19.
Halevi, S., Karger, P.A., Naor, D.: Enforcing confinement in distributed storage and a cryptographic model for access control. IACR Cryptology ePrint Archive 2005, 169 (2005)
20.
Hofheinz, D., Shoup, V.: Gnuc: A new universal composability framework. IACR Cryptology ePrint Archive 2011, 303 (2011)MATH
21.
Garrison III, W.C., Shull, A., Lee, A.J., Myers, S.: Dynamic, private cryptographic access control for untrusted clouds: Costs and constructions (extended version). CoRR, abs/1602.09069 (2016)
22.
Küsters, R., Tuengerthal, M.: The IITM model: a simple and expressive model for universal composability. IACR Cryptology ePrint Archive 2013, 25 (2013)
23.
Libert, B., Vergnaud, D.: Adaptive-ID secure revocable identity-based encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 1–15. Springer, Heidelberg (2009)CrossRef
24.
Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)CrossRef
25.
Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002). doi:10.​1007/​3-540-45708-9_​8 CrossRef
26.
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)CrossRef
Metadaten
Titel
Universally Composable Cryptographic Role-Based Access Control
verfasst von
Bin Liu
Bogdan Warinschi
Copyright-Jahr
2016
Buch
Provable Security

Print ISBN: 978-3-319-47421-2

Electronic ISBN: 978-3-319-47422-9

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-319-47422-9_4