Advertisement

Traitor Tracing Based on Partially-Ordered Hierarchical Encryption

  • Yan ZhuEmail author
  • Dandan Li
  • Liguang Yang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)

Abstract

Recently, more and more enterprises and individuals have moved their data into the cloud. To meet this practical requirement, this paper addresses how to establishes a bridge between role-based access control (RBAC) and cloud storage in order to fully preserve investment in existing RBAC systems. We present a new scheme for secure migrating the resources from RBAC systems to cloud storage. This scheme takes full advantage of RBAC, which provides a well-designed and easy-to-manage approach for accessing cloud resources without user intervention. This scheme, called Partially-ordered Hierarchical Encryption (PHE), which implements the partial-order key hierarchy, similar to role hierarchy in RBAC, in public-key infrastructure. In addition, this construction provides traitor tracing to support efficient digital forensics. The performance analysis shows that our construction has following features: dynamic joining and revoking users, constant-size ciphertexts and decryption keys, and lower overloads for large-scale systems.

Keywords

Security Encryption Cloud storage Partial order  Key hierarchy Traitor tracing 

Notes

Acknowledgments

The authors are indebted to anonymous reviewers for their valuable suggestions. This work is supported by the National 973 Program (Grant No. 2013CB329605) and National Natural Science Foundation of China (Grant Nos. 61170264 and 61472032).

References

  1. 1.
    F.R. Institute: Personal data in the cloud: a global survey of consumer attitudes (2010). http://www.fujitsu.com/downloads/SOL/fai/reports/fujitsu/personal-data-in-the-cloud.pdf
  2. 2.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM Conference on CCS, pp. 89–98 (2006)Google Scholar
  5. 5.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: ACM Conference on Computer and Communications Security, pp. 195–203 (2007)Google Scholar
  6. 6.
    Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden ciphertext policies. IEICE Trans. 92–A(1), 22–32 (2009)CrossRefGoogle Scholar
  7. 7.
    Zhu, Y., Ahn, G.-J., Hu, H., Ma, D., Wang, S.: Role-based cryptosystem: a new cryptographic rbac system based on role-key hierarchy. IEEE Trans. Inf. Forensics Secur. 8(12), 2138–2153 (2013)CrossRefGoogle Scholar
  8. 8.
    Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12(3), 1–43 (2009)CrossRefGoogle Scholar
  9. 9.
    Blanton, M., Frikken, K.B.: Efficient multi-dimensional key management in broadcast services. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 424–440. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Zhu, Y., Ahn, G.-J., Hu, H., Yau, S.S., An, H.G., Hu, C.-J.: Dynamic audit services for outsourced storages in clouds. IEEE Trans. Serv. Comput. 6(2), 227–238 (2013)CrossRefGoogle Scholar
  12. 12.
    Wallner, D.M., Harder, E.G., Agee, R.C.: Key management for multicast: Issues and architecture. In: Internet draft draft-waller-key-arch-01.txt (1998)Google Scholar
  13. 13.
    Asano, T.: Reducing receiver’s storage in CS, SD and LSD broadcast encryption schemes. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 88(1), 203–210 (2005)CrossRefGoogle Scholar
  14. 14.
    Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Tzeng, W.-G., Tzeng, Z.-J.: A public-key traitor tracing scheme with revocation using dynamic shares. In: Public Key Cryptography, pp. 207–224 (2001)Google Scholar
  17. 17.
    Goldreich, O.: Foundations of Cryptography. Basic Application, vol. II. Cambridge University Press, New York (2004)CrossRefzbMATHGoogle Scholar
  18. 18.
    Berkovits, S.: How to broadcast a secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Boneh, D., Franklin, M.K.: An efficient public key traitor scheme (extended abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 338–353. Springer, Heidelberg (1999)Google Scholar
  21. 21.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
  25. 25.
    Kim, H.K., Park, B., Ha, J.C., Lee, B., Park, D.G.: New key management systems for multilevel security. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 245–253. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Chung, Y.F., Lee, H.H., Lai, F., Chen, T.S.: Access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 178, 230–243 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Tzeng, W.G.: A time-bound cryptographic key assignment scheme for access control in a hierarchy. IEEE Trans. Knowl. Data Eng. 14(1), 182–188 (2002)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Chien, H.Y.: Efficient time-bound hierarchical key assignment scheme. IEEE Trans. Knowl. Data Eng. 16(10), 1301–1304 (2004)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)CrossRefGoogle Scholar
  30. 30.
    De Santis, A., Ferrara, A.L., Masucci, B.: Efficient provably-secure hierarchical key assignment schemes. In: Kučera, L., Kučera, A. (eds.) MFCS 2007. LNCS, vol. 4708, pp. 371–382. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Computer and Communication EngineeringUniversity of Science and TechnologyBeijingChina

Personalised recommendations