Provably Secure Role-Based Encryption with Revocation Mechanism

作     者：朱岩 胡宏新 Gail-Joon Ahn 王怀习 王善标 

作者机构：Institute of Computer Science and TechnologyPeking University Beijing Key Laboratory of Internet Security TechnologyPeking University School of ComputingInformatics and Decision Systems EngineeringArizona State University School of Mathematical SciencesPeking University 

出 版 物：《Journal of Computer Science & Technology》 (计算机科学技术学报（英文版）)

年 卷 期：2011年第26卷第4期

页      面：697-710页

核心收录：

学科分类：07[理学] 070104[理学-应用数学] 0835[工学-软件工程] 0701[理学-数学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Development and Reform Commission under Project"A Cloud-based service for monitoring security threats in mobile Internet"and"A monitoring platform for web safe browsing" supported by the National Science Foundation of USA under Grant Nos.NSF-IIS-0900970and NSFCNS-0831360 

主　　题：cryptography role-based encryption role hierarchy key hierarchy collusion security revocation 

摘      要：Role-Based Encryption （RBE） realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.