Role-based Encryption Research Articles

Multi-Level Encryption System using AES and RSA Algorithms

Abstract: As the volume of sensitive data entrusted to the cloud explodes, from healthcare records to financial transactions, the need for robust security solutions intensifies. Traditional encryption techniques, while effective, remain vulnerable to key compromise, leaving data exposed to malicious factors. This study proposes a multi-level encryption strategy that leverages the power of AES for efficient data encryption, RSA for secure key protection with public-key cryptography, and role-based encryption for granular access control. This layered approach significantly increases the computational complexity for unauthorized access, making brute-force or dictionary attacks exponentially more difficult. Our research demonstrates successful integration of these algorithms, achieving a 50% reduction in key compromise risk and enhanced data integrity through MAC verification. Moving forward, we envision seamless integration with multiple cloud platforms and exploring advanced access control mechanisms based on user context and behavior. This multi-level encryption strategy holds immense potential to reshape the landscape of cloud data security, fostering a more secure and trustworthy digital future.

NDN-RBE: An Accountable Privacy Aware Access Control Framework For NDN

Abstract Named Data Networking (NDN) is an emerging network architecture. An important characteristic of NDN is its in-network cache, which enables Data packets to be available from multiple locations on the Internet. Hence the enforcement of access control mechanisms becomes even more critical in the NDN. This paper proposes a novel access control scheme referred to as Role-Based Encryption for NDN (NDN-RBE), which uses a broadcast encryption mechanism to achieve secure data access control. Our scheme uses the role inheritance property of the traditional Role-Based Access Control (RBAC) model to achieve efficient data access control over hierarchical content. This makes our scheme particularly suitable for large-scale real-world content-centric services like Netflix. Our scheme also supports additional design features such as anonymous signature-based authentication, batch signature verification and two types of privilege revocations. In addition, our formal security analysis demonstrates that our scheme is provably secure against Chosen Plaintext Attacks. Our performance and functionality comparison show that our scheme outperforms other notable existing works in terms of security, functionality, computation, communication and storage overhead. Furthermore, our experimental results show an improvement in content delivery time of the order of 15 percent compared with the other closely related works.

A Role-Based Encryption (RBE) Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context

Role-Based Encryption (RBE) is an emerging new technique that integrates role based access control (RBAC) model with encryption. RBE embeds RBAC access policies in encrypted data itself so that only users belonging to appropriate roles are able to decrypt and access the data. However, the existing RBE schemes have been focusing on the single-organization cloud storage system, where the stored data can be accessed by users of the same organization. This paper presents a novel RBE scheme with efficient user revocation for the multi-organization cloud storage system, where the data from multiple independent organizations are stored and can be accessed by the authorized users from any other organization. Additionally, an outsourced decryption mechanism is introduced which enables the users to delegate expensive cryptographic operations to the cloud, thereby reducing the overhead on the end-users. Security and performance analyses of the proposed scheme demonstrate that it is provably secure against Chosen Plaintext Attack and can be useful for practical applications due to its low computation overhead.

Privacy Preservation-Based Access Control Intelligence for Cloud Data Storage in Smart Healthcare Infrastructure

Cloud service providers emphasize the concept of virtual machines, wherein resources and services are accessed over a distributed network system. The loss of user privacy is indeed contempt in concern to any individual or organization, particularly concerning the Healthcare infrastructure. This research paper introduces a Euclidean L3P-based Multi-Objective Successive Approximation (EMSA) algorithm, an efficient measure of privacy in the Healthcare Cloud. The role-based encryption keys are the critical foundation for the storage of sensitive data in cloud environments is presented here. The proposed EMSA algorithm is the hybridization of the existing Euclidean L3P Distance algorithm, Multi-objective Optimization algorithm, and Successive Approximation Iterative Proximate algorithm. In addition, the performance of the proposed EMSA compared with Bat, PUBAT, TPNGS, WOA, and CIC-WOA algorithms based on performance metrics, such as fitness, privacy, and utility. The simulation shows that, comparison to the existing state-of-the-art algorithms, the proposed EMSA model achieves higher privacy values of 0.34, 0.42, 0.42, 0.35, and 0.30.

Securing Organization’s Data: A Role-Based Authorized Keyword Search Scheme With Efficient Decryption

For better data availability and accessibility while ensuring data secrecy, organizations often tend to outsource their encrypted data to the cloud storage servers, thus bringing the challenge of keyword search over encrypted data. In this paper, we propose a novel authorized keyword search scheme using Role-Based Encryption (RBE) technique in a cloud environment. The contributions of this paper are multi-fold. First, it presents a keyword search scheme which enables only authorized users, having properly assigned roles, to delegate keyword-based data search capabilities over encrypted data to the cloud providers without disclosing any sensitive information. Second, it supports a multi-organization cloud environment, where the users can be associated with more than one organization. Third, the proposed scheme provides efficient decryption, conjunctive keyword search and revocation mechanisms. Fourth, the proposed scheme outsources expensive cryptographic operations in decryption to the cloud in a secure manner. Fifth, we have provided a formal security analysis to prove that the proposed scheme is semantically secure against Chosen Plaintext and Chosen Keyword Attacks. Finally, our performance analysis shows that the proposed scheme is suitable for practical applications.

A Fine-Grained and Lightweight Data Access Control Model for Mobile Cloud Computing

With rapidly increasing adoption of cloud computing and the advancement of today mobile computing, it is inevitable that mobile devices are used to receive and send the data through the mobile cloud platform. This increases the convenience and flexibility of data access over the cloud computing since data users are able to access the shared data anytime, anywhere via mobile devices. However, using mobile devices in accessing shared data in a cloud where the sensitive data is encrypted is not practical because mobile devices have limited computing resources in dealing with heavy cryptographic operations. In this article, we propose a lightweight collaborative ciphertext policy attribute role-based encryption (LW-C-CP-ARBE) scheme to support a fine-grained and lightweight access control for mobile cloud environment. We apply CP-ABE approach as a core cryptographic access control and introduce a new proxy re-encryption (PRE) protocol to reduce data re-encryption and decryption cost for the mobile users. To this end, the overhead in running the cryptographic operation at the end-user device is small. In addition, we develop secure access policy sharing and re-encryption protocol to enable users having write privilege to update the data and request the proxy to perform data re-encryption. Finally, we present the evaluation and experiments to demonstrate the efficiency and practicality of our system.

Generic construction of role-based encryption in the standard model

Role-based encryption is a new cryptographic primitive that enables the role-based access control (RBAC) model for encrypted data in cloud storage environments. Compared with some other cryptographic access control technologies, such as attribute-based encryption (ABE), it can greatly relieve data owners from the heavy burden to define and manage access control policies. In this paper, we present a new generic construction of role-based encryption from inner-product encryption (IPE) and revocation encryption, with following two significant features: 1) it is the first adaptively secure role-based encryption scheme in the standard model; 2) it is more efficient than all of the previous role-based encryption constructions.

Generic construction of role-based encryption in the standard model

Role-based encryption is a new cryptographic primitive that enables the role-based access control (RBAC) model for encrypted data in cloud storage environments. Compared with some other cryptographic access control technologies, such as attribute-based encryption (ABE), it can greatly relieve data owners from the heavy burden to define and manage access control policies. In this paper, we present a new generic construction of role-based encryption from inner-product encryption (IPE) and revocation encryption, with following two significant features: 1) it is the first adaptively secure role-based encryption scheme in the standard model; 2) it is more efficient than all of the previous role-based encryption constructions.

A Secure Role-Based Cloud Storage System For Encrypted Patient-Centric Health Records

With the rapid developments occurring in cloud services, there has been a growing trend to use cloud for large-scale data storage. Due to the increasing popularity of cloud storage, many healthcare organizations have started moving electronic health records (EHRs) to cloud-based storage systems. However, this has raised the important security issue of how to protect and prevent unauthorized access to EHR data stored in a public cloud. Several cryptographic access control schemes have been proposed to protect the security of data stored in the cloud by integrating cryptographic techniques with access control models. In this paper, we consider a novel role-based encryption technique to build a secure and flexible large-scale EHR system where role-based access control policies are enforced in a cloud environment. Then we discuss a practical EHR system called the personally controlled electronic health record (PCEHR) system recently developed by the Australian Government, and show how the security weaknesses in the PCEHR system can be addressed by our proposed scheme. The proposed system has the potential to be useful in commercial healthcare systems as it captures practical access policies based on roles in a flexible manner and provides secure data storage in the cloud enforcing these access policies.

An MDA approach to secure access to data on cloud using implicit security

Cloud computing has been developed to deliver information technologies services on demand for organisations or as individual users. In this paper, we describe an approach which proposes a security model bases on organisation role-based access control ORBAC and encryption system. This model aims to give users a possibility to control security of their data. In this scheme, a secret key is partitioned using a Galois field GF2

A trustworthy access control model for mobile cloud computing based on reputation and mechanism design

Mobile cloud computing (MCC) is an emerging technology that has gained ever-increasing popularity, which makes the generation and large-scale collection of private personal data possible. However, new security issues arise when MCC offers big data analytics and management services. In particular, there is an absence of fine-grained secure access control model to protect privacy information from unauthorized access, especially launched by internal malicious nodes with legal identity and authority. To fill the gap, this paper proposes a reputation and mechanism design based trustworthy access control model (RMTAC) to provide secure and privacy-aware big data access control in MCC. The RMTAC integrates the access control scheme with Vickrey–Clark–Groves (VCG) based adaptive reputation mechanism (VARM), the distributed multi-level security scheme and the hierarchical key management protocol to provide secure and privacy-aware access control and defend against the internal attacks. Simulation results demonstrate the superior performance of the VARM in terms of utility, effective recommendation rate, and accuracy rate compared to the existing reputation mechanisms. Moreover, the RMTAC shows better performance in terms of success rate of malicious access and successful acceptance rate compared to the role-based encryption access control model (RBE) mechanism, in the presence of collusion attacks, bad mouthing attacks and information disclosure attacks.

A Review of Role based Encryption System for Secure Cloud Storage

There has been a growing trend to use the cloud for largescale data storage. It has raised the important security issue of controlling and preventing any unauthorized access of data stored in the cloud. The role-based access control (RBAC) one of the well known access control model provides flexible controls and management by providing two mappings, one by mapping users to the roles and another by roles to the privileges on the data objects. In this we will discuss a rolebased encryption (RBE) scheme that has been used previously with RBAC. A hybrid cloud storage of the RBE scheme architecture permits an organization to store data secure in a public cloud and maintains the private information related to the organizational structure in a private cloud. In this we will also focus on the models that are available in cloud computing.

Generic constructions for role-based encryption

Due to the enormous growth in the amount of digital information that needs to be stored, outsourcing data to third-party storage service providers, such as cloud, have attracted much attention in recent times. This has raised significant security issues such as how to control access to outsourced data stored on third-party sites. There have been many works on access control in the literature, and one of the well-known access control models is the role-based access control (RBAC), which provides flexible control and management by having two level mappings, users to roles and roles to privileges on data objects. Several cryptographic RBAC schemes have been proposed which integrate cryptographic techniques with RBAC models to enforce RBAC policies. In this paper, we develop the first generic constructions for cryptographic RBAC schemes which we refer to as role-based encryption (RBE) schemes. A RBE scheme allows data to be encrypted in such a way that only users with specific roles can decrypt the data. Hence, it can be used to enforce RBAC policies in an outsourcing environment. Our constructions use ID-based broadcast encryption (IBBE) techniques to build RBE schemes, and we show that the RBE scheme built from our generic constructions is secure if the selected IBBE scheme is secure. We also compare these constructions and analyse the advantages and disadvantages of each construction type.

Secure administration of cryptographic role-based access control for large-scale cloud storage systems

Cloud systems provide significant benefits by allowing users to store massive amount of data on demand in a cost-effective manner. Role-based access control (RBAC) is a well-known access control model which can be used to protect the security of cloud data storage. Although cryptographic RBAC schemes have been developed recently to secure data outsourcing, these schemes assume the existence of a trusted administrator managing all the users and roles, which is not realistic in large-scale systems. In this paper, we introduce a cryptographic administrative model AdC-RBAC for managing and enforcing access policies for cryptographic RBAC schemes. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks are performed only by authorised administrative roles. Then we propose a role-based encryption (RBE) scheme and show how the AdC-RBAC model decentralises the administrative tasks in the RBE scheme thereby making it practical for security policy management in large-scale cloud systems.

Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage

With the rapid developments occurring in cloud computing and services, there has been a growing trend to use the cloud for large-scale data storage. This has raised the important security issue of how to control and prevent unauthorized access to data stored in the cloud. One well known access control model is the role-based access control (RBAC), which provides flexible controls and management by having two mappings, users to roles and roles to privileges on data objects. In this paper, we propose a role-based encryption (RBE) scheme that integrates the cryptographic techniques with RBAC. Our RBE scheme allows RBAC policies to be enforced for the encrypted data stored in public clouds. Based on the proposed scheme, we present a secure RBE-based hybrid cloud storage architecture that allows an organization to store data securely in a public cloud, while maintaining the sensitive information related to the organization's structure in a private cloud. We describe a practical implementation of the proposed RBE-based architecture and discuss the performance results. We demonstrate that users only need to keep a single key for decryption, and system operations are efficient regardless of the complexity of the role hierarchy and user membership in the system.

A flexible cryptographic approach for secure data storage in the cloud using role-based access control

There has been a recent trend in storing data in the cloud because of the significant benefits, such as on demand resources and low maintenance costs. However due to the distributed nature of the cloud, access control mechanisms need to be employed to protected the privacy of data stored in cloud. Role-based access control (RBAC) provides a flexible way for users to manage and share their data in the cloud. In this paper, we propose a role-based encryption (RBE) scheme which enforces RBAC policies using cryptographic techniques. In our scheme, an owner of data can encrypt the data to a role in a RBAC system, and only the users who have the permissions of the role in the RBAC system can decrypt the data. Our scheme achieves efficient user management where the manager of a role can easily grant/revoke the membership of the role to/from a user without the needs of other parties’ participants. We compare our scheme with other previously published schemes and show that our scheme has better performance in both computation and management.

Enforcing Role-Based Access Control for Secure Data Storage in the Cloud

In recent times, there has been increasing interest in storing data securely in the cloud environment. To provide owners of data stored in the cloud with flexible control over access to their data by other users, we propose a role-based encryption (RBE) scheme for secure cloud storage. Our scheme allows the owner of data to store it in an encrypted form in the cloud and to grant access to that data for users with specific roles. The scheme specifies a set of roles to which the users are assigned, with each role having a set of permissions. The data owner can encrypt the data and store it in the cloud in such a way that only users with specific roles can decrypt the data. Anyone else, including the cloud providers themselves, will not be able to decrypt the data. We describe such an RBE scheme using a broadcast encryption algorithm. The paper describes the security analysis of the proposed scheme and gives proofs showing that the proposed scheme is secure against attacks. We also analyse the efficiency and performance of our scheme and show that it has superior characteristics compared with other previously published schemes.

Provably Secure Role-Based Encryption with Revocation Mechanism

Role-Based Encryption (RBE) realizes access control mechanisms over encrypted data according to the widely adopted hierarchical RBAC model. In this paper, we present a practical RBE scheme with revocation mechanism based on partial-order key hierarchy with respect to the public key infrastructure, in which each user is assigned with a unique private-key to support user identification, and each role corresponds to a public group-key that is used to encrypt data. Based on this key hierarchy structure, our RBE scheme allows a sender to directly specify a role for encrypting data, which can be decrypted by all senior roles, as well as to revoke any subgroup of users and roles. We give a full proof of security of our scheme against hierarchical collusion attacks. In contrast to the existing solutions for encrypted file systems, our scheme not only supports dynamic joining and revoking users, but also has shorter ciphertexts and constant-size decryption keys.