Paper 2016/902

Universally Composable Cryptographic Role-Based Access Control

Bin Liu and Bogdan Warinschi

Abstract

In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulation-based security definition within the framework of Universal Composability (UC). Our definition is natural and intuitively appealing, so we expect that our approach would carry over to other access models. Next, we establish two results that clarify the strength of our definition when compared with existing ones that use the game-based definitional approach. On the positive side, we demonstrate that both read and write-access guarantees in the sense of game-based security are implied by UC security of an access control system. Perhaps expected, this result serves as confirmation that the definition we propose is sound. Our main technical result is a proof that simulation-based security requires impractical assumptions on the encryption scheme that is employed. As in other simulation-based settings, the source of inefficiency is the well known ``commitment problem'' which naturally occurs in the context of cryptographic access control to file systems.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ProvSec 2016
DOI
10.1007/978-3-319-47422-9_4
Keywords
Access ControlUniversal Composability
Contact author(s)
bin liu @ bristol ac uk
History
2016-09-16: revised
2016-09-15: received
See all versions
Short URL
https://ia.cr/2016/902
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/902,
      author = {Bin Liu and Bogdan Warinschi},
      title = {Universally Composable Cryptographic Role-Based Access Control},
      howpublished = {Cryptology ePrint Archive, Paper 2016/902},
      year = {2016},
      doi = {10.1007/978-3-319-47422-9_4},
      note = {\url{https://eprint.iacr.org/2016/902}},
      url = {https://eprint.iacr.org/2016/902}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.