Cryptology ePrint Archive: Report 2016/902
Universally Composable Cryptographic Role-Based Access Control
Bin Liu and Bogdan Warinschi
Abstract: In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulation-based security definition within the framework of Universal Composability (UC). Our definition is natural and intuitively appealing, so we expect that our approach would carry over to other access models.
Next, we establish two results that clarify the strength of our definition when compared with existing ones that use the game-based definitional approach. On the positive side, we demonstrate that both read and write-access guarantees in the sense of game-based security are implied by UC security of an access control system.
Perhaps expected, this result serves as confirmation that the definition we propose is sound.
Our main technical result is a proof that simulation-based security requires impractical assumptions on the encryption scheme that is employed. As in other simulation-based settings, the source of inefficiency is the well known ``commitment problem'' which naturally occurs in the context of cryptographic access control to file systems.
Category / Keywords: cryptographic protocols / Access Control, Universal Composability
Original Publication (with major differences): ProvSec 2016
Date: received 15 Sep 2016, last revised 16 Sep 2016
Contact author: bin liu at bristol ac uk
Available format(s): PDF | BibTeX Citation
Version: 20160916:073311 (All versions of this report)
Short URL: ia.cr/2016/902
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]