Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context

Nazatul Haque Sultan, Vijay Varadharajan, Lan Zhou, Ferdous Ahmed Barbhuiya

TL;DR

The paper tackles secure outsourcing of data to public clouds in a multi-organization setting while preserving RBAC semantics. It introduces SO-RBE for single-organization data and MO-RBE to extend access across organizations using joint role public keys, along with an outsourced decryption mechanism to shift heavy cryptographic work to the cloud. Key contributions include efficient user revocation, cross-organization data sharing without a new consortium authority, and a CPA security proof based on the MDBDH assumption, complemented by a practical performance analysis. The proposed framework leverages a private cloud to safeguard secrets and a public cloud to store encrypted data and perform outsourced decryption, making it suitable for consortiums and collaborative projects with realistic security and efficiency guarantees.

Abstract

Role-Based Access Control (RBAC) is a popular model which maps roles to access permissions for resources and then roles to the users to provide access control. Role-Based Encryption (RBE) is a cryptographic form of RBAC model that integrates traditional RBAC with the cryptographic encryption method, where RBAC access policies are embedded in encrypted data itself so that any user holding a qualified role can access the data by decrypting it. However, the existing RBE schemes have been focusing on the single-organization cloud storage system, where the stored data can be accessed by users of the same organization. This paper presents a novel RBE scheme with efficient user revocation for the multi-organization cloud storage system, where the data from multiple independent organizations are stored and can be accessed by the authorized users from any other organization. Additionally, an outsourced decryption mechanism is introduced which enables the users to delegate expensive cryptographic operations to the cloud, thereby reducing the overhead on the end-users. Security and performance analyses of the proposed scheme demonstrate that it is provably secure against Chosen Plaintext Attack and can be useful for practical applications due to its low computation overhead.

A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context

TL;DR

The paper tackles secure outsourcing of data to public clouds in a multi-organization setting while preserving RBAC semantics. It introduces SO-RBE for single-organization data and MO-RBE to extend access across organizations using joint role public keys, along with an outsourced decryption mechanism to shift heavy cryptographic work to the cloud. Key contributions include efficient user revocation, cross-organization data sharing without a new consortium authority, and a CPA security proof based on the MDBDH assumption, complemented by a practical performance analysis. The proposed framework leverages a private cloud to safeguard secrets and a public cloud to store encrypted data and perform outsourced decryption, making it suitable for consortiums and collaborative projects with realistic security and efficiency guarantees.

Abstract

Role-Based Access Control (RBAC) is a popular model which maps roles to access permissions for resources and then roles to the users to provide access control. Role-Based Encryption (RBE) is a cryptographic form of RBAC model that integrates traditional RBAC with the cryptographic encryption method, where RBAC access policies are embedded in encrypted data itself so that any user holding a qualified role can access the data by decrypting it. However, the existing RBE schemes have been focusing on the single-organization cloud storage system, where the stored data can be accessed by users of the same organization. This paper presents a novel RBE scheme with efficient user revocation for the multi-organization cloud storage system, where the data from multiple independent organizations are stored and can be accessed by the authorized users from any other organization. Additionally, an outsourced decryption mechanism is introduced which enables the users to delegate expensive cryptographic operations to the cloud, thereby reducing the overhead on the end-users. Security and performance analyses of the proposed scheme demonstrate that it is provably secure against Chosen Plaintext Attack and can be useful for practical applications due to its low computation overhead.

Paper Structure

This paper contains 35 sections, 1 theorem, 3 equations, 5 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Hierarchical Key Management (HKM) Schemes
  4. Hierarchical ID based Encryption Scheme (HIBE)
  5. Attribute based Encryption (ABE) Schemes
  6. Role based Encryption (RBE)
  7. Preliminaries
  8. Role Hierarchy
  9. Bilinear Map
  10. Complexity Assumptions
  11. Proposed Model
  12. System Model
  13. Framework
  14. Security Assumptions
  15. Security Model
  16. ...and 20 more sections

Key Result

Theorem 4

If a probabilistic polynomial-time (PPT) adversary $\mathcal{A}$ can win the CPA security game (defined in Section RBE_security_model) with non-negligible advantage $\epsilon$, then a PPT simulator $\mathcal{B}$ can be constructed to break the MDBDH assumption with non-negligible advantage $\frac{\e

Figures (5)

  • Figure 1: Sample Role Hierarchy
  • Figure 2: Proposed System Model
  • Figure 3: Sample Role Key Hierarchy
  • Figure 4: Encryption Time Comparison of SO-RBE, MO-RBE with Zhou et al.'s scheme Zhou2013 and Zhu et al.'s scheme Zhu2013
  • Figure 5: Decryption Time in Zhou et al.'s scheme Zhou2013

Theorems & Definitions (6)

  • Definition 4.1
  • Remark 1
  • Remark 2
  • Remark 3
  • Theorem 4
  • proof