Journal ArticleDOI
Dynamic and Efficient Key Management for Access Hierarchies
TLDR
The security of the scheme is based on pseudorandom functions, without reliance on the Random Oracle Model, and it is shown how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.Abstract:
Hierarchies arise in the context of access control whenever the user population can be modeled as a set of partially ordered classes (represented as a directed graph). A user with access privileges for a class obtains access to objects stored at that class and all descendant classes in the hierarchy. The problem of key management for such hierarchies then consists of assigning a key to each class in the hierarchy so that keys for descendant classes can be obtained via efficient key derivation.We propose a solution to this problem with the following properties: (1) the space complexity of the public information is the same as that of storing the hierarchy; (2) the private information at a class consists of a single key associated with that class; (3) updates (i.e., revocations and additions) are handled locally in the hierarchy; (4) the scheme is provably secure against collusion; and (5) each node can derive the key of any of its descendant with a number of symmetric-key operations bounded by the length of the path between the nodes. Whereas many previous schemes had some of these properties, ours is the first that satisfies all of them. The security of our scheme is based on pseudorandom functions, without reliance on the Random Oracle Model.Another substantial contribution of this work is that we are able to lower the key derivation time at the expense of modestly increasing the public storage associated with the hierarchy. Insertion of additional, so-called shortcut, edges, allows to lower the key derivation to a small constant number of steps for graphs that are total orders and trees by increasing the total number of edges by a small asymptotic factor such as O(log*n) for an n-node hierarchy. For more general access hierarchies of dimension d, we use a technique that consists of adding dummy nodes and dimension reduction. The key derivation work for such graphs is then linear in d and the increase in the number of edges is by the factor O(logd − 1n) compared to the one-dimensional case.Finally, by making simple modifications to our scheme, we show how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.read more
Citations
More filters
Proceedings ArticleDOI
Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing
TL;DR: This paper addresses the problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re- Encryption.
Named Data Networking (NDN) Project
Lixia Zhang,Deborah Estrin,Jeff Burke,Van Jacobson,James D. Thornton,Diana K. Smetters,Beichuan Zhang,Gene Tsudik +7 more
TL;DR: A global center for commercial innovation, PARC, a Xerox company, works closely with enterprises, entrepreneurs, government program partners and other clients to discover, develop, and deliver new business opportunities.
Proceedings ArticleDOI
Patient controlled encryption: ensuring privacy of electronic medical records
TL;DR: It is shown that an efficient system that allows patients both to share partial access rights with others, and to perform searches over their records is built, based on existing cryptographic primitives and protocols, each achieving a different set of properties.
Proceedings Article
Over-encryption: management of access control evolution on outsourced data
Sabrina De Capitani di Vimercati,Sara Foresti,Sushil Jajodia,Stefano Paraboschi,Pierangela Samarati +4 more
TL;DR: A novel solution to the enforcement of access control and the management of its evolution is presented, based on the application of selective encryption as a means to enforce authorizations.
Proceedings Article
Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings
TL;DR: Since there are multiple owners (patients) in a PHR system and every owner would encrypt her PHR files using a different set of cryptographic keys, it is important to reduce the key distribution complexity in such multi-owner settings.
References
More filters
Journal ArticleDOI
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Book
Role-based access control
TL;DR: This newly revised edition of the Artech House bestseller, Role-Based Access Control, offers the very latest details on this sophisticated security model aimed at reducing the cost and complexity of security administration for large networked applications.
MonographDOI
Foundations of Cryptography
TL;DR: In this paper, the authors present a list of figures in the context of digital signatures and message authentication for general cryptographic protocols, including encryption, digital signatures, message authentication, and digital signatures.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Book
Foundations of Cryptography: Volume 2, Basic Applications
TL;DR: This second volume of Foundations of Cryptography contains a rigorous and systematic treatment of three basic applications: Encryption, Signatures, and General Cryptographic Protocols.