An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy
IEEE Transactions on Computers
A cryptographic key generation scheme for multilevel data security
Computers and Security
Secure group communications using key graphs
IEEE/ACM Transactions on Networking (TON)
Cryptographic solution to a problem of access control in a hierarchy
ACM Transactions on Computer Systems (TOCS)
A cryptographic solution to implement access control in a hierarchy and more
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy
IEEE Transactions on Knowledge and Data Engineering
All-or-Nothing Encryption and the Package Transform
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Dynamic and efficient key management for access hierarchies
Proceedings of the 12th ACM conference on Computer and communications security
Improved proxy re-encryption schemes with applications to secure distributed storage
ACM Transactions on Information and System Security (TISSEC)
On Key Assignment for Hierarchical Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Chosen-ciphertext secure proxy re-encryption
Proceedings of the 14th ACM conference on Computer and communications security
Identity-Based Proxy Re-encryption
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Dynamic and Efficient Key Management for Access Hierarchies
ACM Transactions on Information and System Security (TISSEC)
Identity-based encryption with efficient revocation
Proceedings of the 15th ACM conference on Computer and communications security
Achieving secure, scalable, and fine-grained data access control in cloud computing
INFOCOM'10 Proceedings of the 29th conference on Information communications
Multi-use and unidirectional identity-based proxy re-encryption schemes
Information Sciences: an International Journal
Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems
IEEE Transactions on Parallel and Distributed Systems
Efficient provably-secure hierarchical key assignment schemes
Theoretical Computer Science
Outsourcing the decryption of ABE ciphertexts
SEC'11 Proceedings of the 20th USENIX conference on Security
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Fully secure unidirectional identity-based proxy re-encryption
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient for successful cloud services is to control data access while considering the specific features of cloud services. The specific features include great quantity of outsourced data, large number of users, honest-but-curious cloud servers, frequently changed user set, dynamic access control policies, and data accessing for light-weight mobile devices. This paper addresses a cryptographic key assignment problem for enforcing a hierarchical access control policy over cloud data. We propose a new hierarchical key assignment scheme CloudHKA that observes the Bell-LaPadula security model and efficiently deals with the user revocation issue practically. We use CloudHKA to encrypt outsourced data so that the data are secure against honest-but-curious cloud servers. CloudHKA possesses almost all advantages of the related schemes, e.g., each user only needs to store one secret key, supporting dynamic user set and access hierarchy, and provably-secure against collusive attacks. In particular, CloudHKA provides the following distinct features that make it more suitable for controlling access of cloud data. (1) A user only needs a constant computation time for each data accessing. (2) The encrypted data are securely updatable so that the user revocation can prevent a revoked user from decrypting newly and previously encrypted data. Notably, the updates can be outsourced by using public information only. (3) CloudHKA is secure against the legal access attack. The attack is launched by an authorized, but malicious, user who pre-downloads the needed information for decrypting data ciphertexts in his authorization period. The user uses the pre-downloaded information for future decryption even after he is revoked. Note that the pre-downloaded information are often a small portion of encrypted data only, e.g. the header-cipher in a hybrid encrypted data ciphertext. (4) Each user can be flexibly authorized the access rights of Write or Read, or both.