Browsing by Subject "cryptography-based hierarchical access control"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Design and Implementation of Privacy-Preserving, Flexible and Scalable Role-Based Hierarchical Access Control
    (IEEE, 2019-12) Phillips, Tyler; Yu, Xiaoyuan; Haakenson, Brandon; Zou, Xukai; Computer and Information Science, School of Science
    In many domains, organizations must model personnel and corresponding data access privileges as fine-grained hierarchical access control models. One class of such models, Role-based Access Control (RBAC) models, has been widely accepted and deployed. However, RBAC models are often used without involving cryptographic keys nor considering confidentiality/privacy at the data level. How to design, implement and dynamically modify such a hierarchy, ensure user and data privacy and distribute and manage necessary cryptographic keys are issues of the utmost importance. One elegant solution for cryptography-based hierarchical access control combines the collusion-resistant and privacy-preserving Access Control Polynomial (ACP) and Atallah's Dynamic and Efficient Extended Key Management scheme. Such a model involves cryptographic keys used to encrypt data, can address confidentiality/privacy at the data level and can efficiently support dynamic changes to the RBAC access hierarchy. In this paper, we discuss several implementation challenges and propose solutions when deploying such a system including: data encryption and decryption, key storage and key distribution. Furthermore, we provide analysis of the efficiency and scalability of the resulting system.
  • Thumbnail Image
    Item
    User-Friendly Design of Cryptographically-Enforced Hierarchical Role-based Access Control Models
    (IEEE, 2020-08) Yu, Xiaoyuan; Haakenson, Brandon; Phillips, Tyler; Zou, Xukai; Computer and Information Science, School of Science
    Data access control is a critical issue for any organization generating, recording or leveraging sensitive information. The popular Role-based Access Control (RBAC) model is well- suited for large organizations with various groups of personnel, each needing their own set of data access privileges. Unfortunately, the traditional RBAC model does not involve the use of cryptographic keys needed to enforce access control policies and protect data privacy. Cryptography-based Hierarchical Access Control (CHAC) models, on the other hand, have been proposed to facilitate RBAC models and directly enforce data privacy and access controls through the use of key management schemes. Though CHAC models and efficient key management schemes can support large and dynamic organizations, they are difficult to design and maintain without intimate knowledge of symmetric encryption, key management and hierarchical access control models. Therefore, in this paper we propose an efficient algorithm which automatically generates a fine-grained CHAC model based on the input of a highly user-friendly representation of access control policies. The generated CHAC model, the dual-level key management (DLKM) scheme, leverages the collusion-resistant Access Control Polynomial (ACP) and Atallah's Efficient Key Management scheme in order to provide privacy at both the data and user levels. As a result, the proposed model generation algorithm serves to democratize the use of CHAC. We analyze each component of our proposed system and evaluate the resulting performance of the user-friendly CHAC model generation algorithm, as well as the DLKM model itself, along several dimensions.