CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/569397

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:The time-bound hierarchical key assignment scheme provides a cryptographic solution for the access control problem in distributed systems (e.g., Pay-TV and cloud computing applications). Most time-bound hierarchical key assignment schemes can be divided into two types: adopting tamper-resistant devices and utilizing public values. Despite the fact that adopting tamper-resistant devices can easily resist to collusion attacks, utilizing public values is much cheaper and more suitable for cloud environment. In this paper, we proposed a new time-bound hierarchical key assignment scheme, which can effectively defeat the collusion attack. Besides, the proposed scheme utilizes public values instead of tamper-resistant devices, which will restrict user's convenience. Compared with the previous works, our scheme requires fewer public values and has better performance.

Chuan-Sheng Wei,Sheng-Gwo Chen,Tone-Yau Huang,Yao Lin Ong

DOI: https://doi.org/10.48550/arXiv.1111.7209

2011-11-30

Abstract:Hierarchical access control is an important and traditional problem in information security. In 2001, Wu <a class="link-external link-http" href="http://et.al" rel="external noopener nofollow">this http URL</a>. proposed an elegant solution for hierarchical access control by the secure-filter. Jeng and Wang presented an improvement of Wu et. al.'s method by the ECC cryptosystem. However, secure-filter method is insecure in dynaminc access control. Lie, Hsu and Tripathy, Paul pointed out some secure leaks on the secure-filter and presented some improvements to eliminate these secure flaws. In this paper, we revise the secure-filter in Jeng-Wang method and propose another secure solutions in hierarchical access control problem. CA is a super security class (user) in our proposed method and the secure-filter of $u_i$ in our solutions is a polynomial of degree $n_i+1$ in $\mathbb{Z}_p^*$, $f_i(x)=(x-h_i)(x-a_1)...(x-a_{n_i})+L_{l_i}(K_i)$. Although the degree of our secure-filter is larger than others solutions, our solution is secure and efficient in dynamics access control.

Cryptography and Security

Shaohua Tang,Xiaoyu Li,Xinyi Huang,Yang Xiang,Lingling Xu

DOI: https://doi.org/10.1109/tc.2015.2479609

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

Dong JIAO,Mingchu LI,Cheng GUO,Yan YU,Jinping OU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1307-0136

2014-01-01

Abstract:A hierarchical threshold scheme is used to solve the secret sharing with a hierarchical access structure where participants are partitioned into different levels. In a hierarchical access structure, the participants group is divided into dif-ferent levels based on the privilege, and a certain number of participants from each level are required to recover the secret. In the past hierarchical threshold schemes, participants are partitioned based on a single attribute. But in practice, each par-ticipant always has several attributes, and the group of participants always should be partitioned based on different attri-butes to satisfy the security requirements. Even though hierarchical threshold schemes have been studied extensively in the past years, few of the existing solutions can solve the above problem. A reusable multi-attributes hierarchical threshold scheme based on Tassa’s scheme which uses Birkhoff interpolation, and Mignotte’s scheme which uses Chinese Remainder Theorem, is proposed to solve this problem in this paper.

Lintao Dang,Qiang Li,Jun Wu,Jianhua Li

DOI: https://doi.org/10.1145/3199478.3199485

2018-01-01

Abstract:Access Control Encryption (ACE) is a novel cryptographic primitive that controls not only what the users in a system can read, but also what they are allowed to write. Based on the concept of partially ordered set, this paper proposes a hierarchical access control encryption scheme (HACE), which, while maintaining the three properties of ACE: Correctness, No-Read Rule and No-Write Rule, enjoys the newly defined No-Leaking Hierarchy Rule under CPA attack in the random oracle model. This rule ensures that the sanitizer cannot learn any information about the access control hierarchy. The performance evaluation shows that the HACE scheme reduces the space overhead for the parameter storage compared with the ACE scheme for multiple identities.

Yuan Zhang,Chunxiang Xu,Jining Zhao,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.1016/j.jisa.2015.05.001

IF: 4.96

2015-01-01

Journal of Information Security and Applications

Abstract:Cloud storage provides an efficient way for users to work together as a group by sharing data with each other. However, since shared data can be accessed and modified by multiple users and group membership may be changed frequently, this new paradigm poses many challenges for keeping integrity of shared data. Recently, Yuan et al. proposed an efficient integrity checking scheme (IEEE INFOCOM 2014, doi: 10.1109/INFOCOM.2014.6848154) for cloud data sharing with multi-user modification, which had many appealing features. They claimed that the scheme is secure and efficient, and they also provided the formal security proof and the performance evaluation. Regretfully, existing two security flaws in Yuan et al.'s scheme are pointed out in this letter. Specifically, by fooling the third-party auditor (TPA) into trusting that the data is well maintained by the cloud server, an adversary can process the following two deceiving methods. Firstly, the adversary can modify the shared data and tamper with the interaction messages between the cloud server and the TPA, thus invalidating shared data integrity checking. Secondly, an adversary, who records a fraction of the cloud-stored data, can overwrite the vast majority of the shared data by using the recorded data and passing shared data integrity verification. Furthermore, we suggest a solution to the two security flaws while retaining all the desirable features of the original scheme.

Jiang Lan,Gu Chunhua

DOI: https://doi.org/10.1109/csa.2013.16

2013-01-01

Abstract:To protect data users stored on cloud platform, a new access control method that combines Oakley algorithm and a hierarchical scheme by privilege was proposed. CP-ABE algorithm, Oakley protocol and hierarchical management by privilege were integrated creatively to a new effective and secure access control model (OHB-model). The proposed scheme supported user dynamic topology changes. It could be used for hierarchical access control on cloud platform. Through the theoretical analysis and experimental verification, the security vulnerabilities could be solved effectively.

Ling Xiong,Fagen Li,Mingxing He,Zhicai Liu,Tu Peng

DOI: https://doi.org/10.1109/tcc.2020.3029878

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:In the last few years, mobile cloud computing (MCC) gains a huge development because of the popularity of mobile applications and cloud computing. User authentication and access control are two indispensable security components in the MCC environment. To the best of our knowledge, they are generally designed in different procedures. Access control can be executed after the authentication completes successfully. In order to improve efficiency, this article constructs an integrated scheme of authentication and hierarchical access control using self-certified public key cryptography (SCPKC) and the Chinese remainder theorem (CRT) for MCC environment. The proposed scheme can achieve mutual authentication while determining the access rights of mobile users without storing any access control list in the MCC service provider side. Besides, we also give a dynamic adding or deletion of MCC service provider to efficiently address potential changes in the hierarchy. The security of our proposed scheme is proved by the random oracle model. Compared with recently related multi-server authentication schemes for the MCC environment, the proposed scheme not only adds a new function of hierarchical access control but also has better computation and communication efficiencies. Therefore, the proposed scheme is more suitable for real-life MCC applications.

Ying Sun,Yong Yu,Yi Mu

DOI: https://doi.org/10.1587/transinf.e95.d.1690

2012-01-01

IEICE Transactions on Information and Systems

Abstract:Hu, Huang and Fan proposed a fully secure hierarchical identity-based encryption (IEICE Trans. Fundamentals, Vol.E92-A, No.6, pp.1494-1499,2009) that achieves constant size of ciphertext and tight security reduction. Unfortunately, Park and Lee (IEICE Trans. Fundamentals, Vol.E93-A, No.6, pp.1269-1272,2010) found that the security proof of Hu et al.'s scheme is incorrect; that is, the security of Hu et al.'s scheme cannot be reduced to their claimed q-ABDHE assumption. However, it is unclear whether Hu et al.'s scheme is still secure. In this letter, we provide an attack to show that the scheme is not secure against the chosen-plaintext attack.

Chien-Ming Chen,Tsu-Yang Wu,Bing-Zhe He,Hung-Min Sun

DOI: https://doi.org/10.1109/cmcsn.2012.69

2012-01-01

Abstract:Time-bound hierarchical key management mechanisms are widely discussed in several environments and applications. Obviously, the collusion attacks are the serious problems in the time-bound hierarchical key management schemes. In the collusion attacks, two or more users assigned to some classes in distinct time periods collude to compute a key to which they are not entitled. Two kinds of countermeasures, such as adopting tamper-resistant devices and utilizing public parameters have been proposed to withstand the collusion attacks. In this paper, we proposed a new time-bound hierarchical key management scheme which can effectively defeat the collusion attacks without adopting a tamper-resistant device. Compared with the previous schemes, our design requires less public parameters.

Jian Weng,Yunlei Zhao,Robert H. Deng,Shengli Liu,Yanjiang Yang,Kouichi Sakurai

DOI: https://doi.org/10.1016/j.tcs.2015.07.051

IF: 1.002

2015-01-01

Theoretical Computer Science

Abstract:A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is z-resilient against adaptive chosen-ciphertext attacks, in which the adversary is allowed to adaptively issue decryption queries as well as adaptively corrupt up to z users. In the passed ten years, KHL scheme has been believed as one of the most efficient public key trace and revoke schemes with z-resilience against adaptive chosen-ciphertext attacks under the well-studied DDH assumption. However, in this paper, by giving a concrete attack, we indicate that KHL scheme is actually not secure against adaptive chosen-ciphertexts, even without corruption of any user. We then identify the flaws in the security proof for KHL-scheme, and discuss the consequences of the attack.

Shaohua Tang

2006-01-01

Abstract:An efficient hierarchical key assignment scheme for access control based on one-way hash function is proposed, which allows the user in a security class to derive the keys of its subordinating classes, so that the superior class can access the information encrypted and owned by its subordinating classes. This scheme is also flexible to change the hierarchical relationship among security classes, for example, it is not difficult to add new security classes to the hierarchy, or to delete security classes from the hierarchy dynamically. By analysis and comparison, it is shown that some features, such as efficiency, extensibility, and security, are possessed by this scheme.

Shaohua Tang

2006-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:An efficient hierarchical key assignment scheme for access control based on one-way hash function is proposed, which allows the user in a security class to derive the keys of its subordinating classes, so that the superior class can access the information encrypted and owned by its subordinating classes. This scheme is also flexible to change the hierarchical relationship among security classes, for example, it is not difficult to add new security classes to the hierarchy, or to delete security classes from the hierarchy dynamically. By analysis and comparison, it is shown that some features, such as efficiency, extensibility, and security, are possessed by this scheme.

Caihui Lan,Caifen Wang,Haifeng Li,Liangliang Liu

DOI: https://doi.org/10.1109/tifs.2021.3058758

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In this letter, we discuss the security weakness of Wang et al.'s attribute-based data sharing scheme, in IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (TIFS) (DOI: 10.1109/TIFS.2016.2549004). Through designing two concrete attacks, we identify two serious security flaws in their scheme. 1) First, we show that their scheme is insecure because in their scheme any authenticated user can freely tamper with the weight of his own attribute to gain higher level decryption privilege to arbitrarily decrypt the ciphertext belonging to another user with higher weight of attribute. 2) Second, we further demonstrate that their scheme is trivial insecure because in their scheme even any malicious authenticated user's attribute does not match the access policy of a ciphertext, he/she still has the power to decrypt the ciphertext, i.e., the decryption power is independent of attributes, thus, their scheme is not a rigorous attribute-based scheme. The two weaknesses discovered may hinder their scheme infeasible for practical deployment. Accordingly, we present a remedy solution to the issues while preserving all the security features of the original scheme. We hope that our cryptoanalysis and remedy scheme may contribute to avoiding similar design flaws in future designs.

computer science, theory & methods,engineering, electrical & electronic

Keju Meng,Fuyou Miao,Wenchao Huang,Yan Xiong

DOI: https://doi.org/10.1016/j.dam.2019.05.011

IF: 1.254

2019-01-01

Discrete Applied Mathematics

Abstract:(t,n)-Threshold secret sharing ((t,n)-SS) scheme is a fundamental cryptographic primitive. As a special (t,n)-SS, a Multi-Level threshold Secret Sharing scheme (MLSS) divides shares into different levels. Shares at higher levels can be used at lower ones but shares of lower levels are invalid at higher ones. However, MLSS is limited in applications and vulnerable to Illegal Participant (IP) attack and t-Share Capture (SC) attack. Therefore, the paper first extends the notion of MLSS to multi-group threshold secret sharing (MGSS) to accommodate wider application scenarios. In order to cope with the 2 attacks, the paper then proposes a tightly coupled MGSS scheme based on Chinese Remainder Theorem. In the scheme, a shareholder, with only one private share, is allowed to participate in secret reconstruction of different groups. Moreover, when sufficient shareholders collaborate to recover the secret in a group, they first form a tightly coupled subgroup by constructing a randomized component each so that the secret can be recovered only if each participant has valid share and actually participates in secret reconstruction. Analyses show that the proposed scheme is capable of thwarting IP and SC attacks. Besides, the scheme is more flexible and popular in applications compared with MLSS scheme.

Xing Xing Jia,Yi Xuan Song,Dao Shun Wang,Da Xin Nie,Jin Zhao Wu

DOI: https://doi.org/10.3934/mbe.2019062

2019-01-01

Mathematical Biosciences and Engineering

Abstract:Secret sharing (SS) can be used as an important group key management technique for distributed cloud storage and cloud computing. In a traditional threshold SS scheme, a secret is shared among a number of participants and each participant receives one share. In many real-world applications, some participants are involved in multiple SS schemes with group collaboration supports thus have more privileges than the others. To address this issue, we could assign multiple shares to such participants. However, this is not a bandwidth efficient solution. Therefore, a more sophisticated mechanism is required. In this paper, we propose an efficient collaborative secret sharing (CSS) scheme specially tailored for multi-privilege participants in group collaboration. The CSS scheme between two or among more SS schemes is constructed by rearranging multi-privilege participants in each participant set and then formulated into several independent SS schemes with multi-privilege shares that precludes information leakage. Our scheme is based on the Chinese Remainder Theorem with lower recovery complexity and it allows each multi-privilege participant to keep only one share. It can be formally proved that our scheme achieves asymptotically perfect security. The experimental results demonstrate that it is efficient to achieve group collaboration, and it has computational advantages, compared with the existing works in the literature.

Li Su,Muxiang Yang,Jun Li,Guohua Cui

DOI: https://doi.org/10.1109/wicom.2006.202

2006-01-01

Abstract:The (t, n) threshold cryptography is an important method for sharing a group secret message in dynamic groups such as ad hoc groups. Using subliminal channel, one can send a secret message to an authorized receiver and the message cannot be discovered by any unauthorized receivers; it satisfies different requirements of different kind of users. We discussed the security of HCW scheme and proposed a secure anonymous threshold subliminal channel. The proposed scheme has not any setup phase and allows mixture use of discrete-logarithm-type keys and RSA-type keys. Furthermore, the proposed scheme only has a simple initialization phase, thus, it is flexible and suitable for ad hoc environments. The new scheme can resist forgery and conspiracy attacks; the subliminal message sender is indistinguishable to others except the authorized users. Performance analysis and experiments show that the new scheme is more efficient in general

Jia-An Hong,Kaiping Xue,Li, W.

DOI: https://doi.org/10.1109/TIFS.2015.2407327

2015-01-01

Abstract:In the above paper, Yang et al. have proposed a multi-authority ciphertext-policy attribute-based encryption-based data access control for cloud storage, in which the authors claimed that the mechanism in dealing with attribute revocation could achieve both forward security and backward security. Unfortunately, our further analysis and investigation show that their work adopts a bidirectional re-encryption method in ciphertext updating, so a security vulnerability appears. Our proposed attack method demonstrates that a revoked user can still decrypt new ciphertexts that are claimed to require the new-version secret keys to decrypt.

Jie Wang,Yongquan Cai,Jingyang He

DOI: https://doi.org/10.1109/cis.2010.80

2010-01-01

Abstract:Aiming at the weakness of existing schemes, a new threshold signature scheme to withstand the conspiracy attack is proposed in this paper. In this scheme, any subset of t or more than t members of the group can execute a valid threshold signature on behalf of the whole but can't construct legal group signature through giving two specific equations contained each other, so this scheme can not only withstand conspiracy attacks effectively, but also provide traceability under the premise of group signature anonymity. In addition, a new conspiracy attack method is designed, which was adopted to test the existing schemes and the new scheme of this paper, the result shows new scheme has higher security than existing ones.