CloudHKA: a cryptographic approach for hierarchical access control in cloud computing
作者: Yi-Ruei Chen , Cheng-Kang Chu , Wen-Guey Tzeng , Jianying Zhou
DOI: 10.1007/978-3-642-38980-1_3
关键词: Cloud computing 、 Proxy re-encryption 、 Encryption 、 Ciphertext 、 Key management 、 Computer security model 、 Computer security 、 Computer science 、 Key (cryptography) 、 Access control
摘要: Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient successful cloud is to control access while considering the specific features of services. The include great quantity outsourced data, large number users, honest-but-curious servers, frequently changed user set, dynamic policies, accessing light-weight mobile devices. This paper addresses cryptographic assignment problem enforcing hierarchical policy over data. We propose new scheme CloudHKA that observes Bell-LaPadula security model efficiently deals with revocation issue practically. We use encrypt so secure against servers. possesses almost all advantages related schemes, e.g., each only needs store one secret key, supporting set hierarchy, provably-secure collusive attacks. In particular, provides following distinct make it more suitable controlling data. (1) constant computation time accessing. (2) encrypted securely updatable can prevent revoked from decrypting newly previously Notably, updates be by using public information only. (3) legal attack. attack launched an authorized, but malicious, who pre-downloads needed ciphertexts in his authorization period. uses pre-downloaded future decryption even after he revoked. Note often small portion only, e.g. header-cipher hybrid ciphertext. (4) Each flexibly authorized rights Write or Read, both.
springer.com
core.ac.uk
nctu.edu.tw
acm.org 参考文章(32)
Brent Waters, Susan Hohenberger, Matthew Green, Outsourcing the decryption of ABE ciphertexts usenix security symposium. pp. 34- 34 ,(2011)
Amit Sahai, Hakan Seyalioglu, Brent Waters, Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption international cryptology conference. ,vol. 2012, pp. 199- 217 ,(2012) , 10.1007/978-3-642-32009-5_13
Amit Sahai, Brent Waters, Fuzzy identity-based encryption theory and application of cryptographic techniques. ,vol. 3494, pp. 457- 473 ,(2005) , 10.1007/11426639_27
Ronald L. Rivest, All-or-Nothing Encryption and the Package Transform fast software encryption. pp. 210- 218 ,(1997) , 10.1007/BFB0052348
Matt Blaze, Gerrit Bleumer, Martin Strauss, Divertible protocols and atomic proxy cryptography theory and application of cryptographic techniques. ,vol. 1403, pp. 127- 144 ,(1998) , 10.1007/BFB0054122
Song Luo, Qingni Shen, Zhong Chen, Fully Secure Unidirectional Identity-Based Proxy Re-encryption Information Security and Cryptology - ICISC 2011. pp. 109- 126 ,(2012) , 10.1007/978-3-642-31912-9_8
Mackinnon, Taylor, Meijer, Akl, An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy IEEE Transactions on Computers. ,vol. 34, pp. 797- 802 ,(1985) , 10.1109/TC.1985.1676635
Matthew Green, Giuseppe Ateniese, Identity-Based Proxy Re-encryption Applied Cryptography and Network Security. pp. 288- 306 ,(2007) , 10.1007/978-3-540-72738-5_19
Lein Harn, Hung-Yu Lin, Refereed article: A cryptographic key generation scheme for multilevel data security Computers & Security. ,vol. 9, pp. 539- 546 ,(1990) , 10.1016/0167-4048(90)90132-D
D. Elliott Bell, Leonard J. La Padula, Secure Computer System: Unified Exposition and Multics Interpretation Defense Technical Information Center. ,(1976) , 10.21236/ADA023588