On Efficient Access Control Mechanisms in Hierarchy using
Unidirectional and Transitive Proxy Re-encryption Schemes
Gaurav Pareek and Purushothama B. R.
National Institute of Technology Goa, Ponda, India
Keywords: Cryptographic Access Control, Proxy Re-encryption, Access Control in Hierarchy, Unidirectional-transitive,
Key Management.
Abstract: Proxy re-encryption is a cryptographic primitive used to transform a ciphertext under one public key such
that it becomes a ciphertext under another public key using a re-encryption key. Depending on the properties
featured by a proxy re-encryption scheme, it can be applied to a variety of applications. In this paper, we target
one such application of proxy re-encryption – access control in hierarchy, to highlight an important research
gap in its design. We study how a proxy re-encryption scheme that is both unidirectional and transitive can
be useful for enforcing hierarchical access control with constant computation and storage overhead on its
users irrespective of the depth of the hierarchy. Also, we present improvements on the existing re-encryption
schemes to make it applicable to hierarchical key assignment and achieve performance closer to that in case
of a unidirectional transitive proxy re-encryption scheme.
1 INTRODUCTION
Cloud computing is gaining importance as more and
more enterprises are switching to cloud for provid-
ing storage and computing services to its users. To
maintain confidentiality of the data, it is encrypted. A
cloud customer willing to enforce cryptographic ac-
cess control (Vimercati et al., 2010) uses proxy re-
encryption (Blaze et al., 1998) to delegate decryption
rights of a data item to any other party. This dele-
gation of decryption rights (or simply delegation) re-
quires re-encryption to be done using a special key
called re-encryption key (or delegation key). Anyone
can use a re-encryption key rk
A→B
to transform mes-
sage encrypted for A such that can be decrypted by B.
The re-encryption procedure does not reveal anything
about the underlying plaintext or secret keys A and B.
First proposed by Blaze et al. (Blaze et al., 1998), re-
visited by Dodis et al.(Dodis and Fazio, 2003), the
desirable properties of proxy re-encryption were first
presented by Ateniese et al. (Ateniese et al., 2006).
The properties include unidirectionality, transitivity,
collusion safety, proxy invisibility, key optimality,
temporary delegation and non-transferability. Various
applications of proxy re-encryption require different
combinations of these properties to be satisfied.
Consider an application scenario where cryptographic
access control in a hierarchy of security classes is pro-
vided using key management (Atallah et al., 2009).
The set of users is divided into a disjoint collection
of classes depending on the security clearance of the
users. The hierarchy of classes forms a POSET (par-
tially ordered set) under the partial order . Here,
C
j
C
i
means that users in a class C
i
have access to
data items encrypted for all the classes C
j
in addition
to the data items directly encrypted for users in C
i
.
Figure 1: Hierarchical Key Assignment using Proxy Re-
encryption.
Proxy re-encryption can be applied for manag-
ing access in this scenario by assigning re-encryption
keys rk
i→ j
to each edge in the access hierarchy as
shown in Figure 1. Suppose users in C
1
wish to ac-
cess ciphertext CT
2
of class C
2
. Users in C
1
can get
CT
2
re-encrypted using rk
2→1
. But if users in C
1
want
to access ciphertext CT
6
, due to unavailability of re-
encryption key rk
6→1
, CT
6
must be first transformed
into CT
2
using rk
6→2
and then into CT
1
using rk
2→1
.
Pareek, G. and R., P.
On Efficient Access Control Mechanisms in Hierarchy using Unidirectional and Transitive Proxy Re-encryption Schemes.
DOI: 10.5220/0006466405190524
In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017) - Volume 4: SECRYPT, pages 519-524
ISBN: 978-989-758-259-2
Copyright © 2017 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
519