Generic constructions for role-based encryption

摘要

Due to the enormous growth in the amount of digital information that needs to be stored, outsourcing data to third-party storage service providers, such as cloud, have attracted much attention in recent times. This has raised significant security issues such as how to control access to outsourced data stored on third-party sites. There have been many works on access control in the literature, and one of the well-known access control models is the role-based access control (RBAC), which provides flexible control and management by having two level mappings, users to roles and roles to privileges on data objects. Several cryptographic RBAC schemes have been proposed which integrate cryptographic techniques with RBAC models to enforce RBAC policies. In this paper, we develop the first generic constructions for cryptographic RBAC schemes which we refer to as role-based encryption (RBE) schemes. A RBE scheme allows data to be encrypted in such a way that only users with specific roles can decrypt the data. Hence, it can be used to enforce RBAC policies in an outsourcing environment. Our constructions use ID-based broadcast encryption (IBBE) techniques to build RBE schemes, and we show that the RBE scheme built from our generic constructions is secure if the selected IBBE scheme is secure. We also compare these constructions and analyse the advantages and disadvantages of each construction type.