A cryptographic solution for general access control - University of ...

A Cryptographic Solution for General Access Control 469Table 1. Performance Comparison between RRN and DBSSystems Encryption Decryption Granting access Revoking accesstoasubject from a subjectRRN O(k 2 l el 2 n) O(l d l 2 n) O(k 2 l el 2 n) O(k 2 l el 2 n)DBS O(kl el 2 n) O(l d l 2 n) O(l el 2 n) O(kl 2 n)complexity is kO(l e l 2 n )+O(kl2 n ) ≈ O(kl el 2 n ). The DBS decryption complexity isthe same as that of RRN: O(l d l 2 n). We next analyze the complexity of authorizationalterations. In RRN system, granting access to a subject (or revoking accessfrom a subject) requires re-encrypting the affected data item. The complexityof this re-encryption is approximately O(k 2 l e l 2 n). In our data based solution,granting a subject access to a static data item, we only need to generate a newindividual ciphertext for the subject and then derive the new share ciphertextfrom the old one. The complexity of this process is: O(l e l 2 n)+2O(l 2 n) ≈ O(l e l 2 n).Revoking a subject from accessing a static data item only needs one modularoperation. The complexity of this process is: O(kl 2 n). Here we only illustrate authorizationalterations for static data items; for dynamic data items, efficiencyof authorization alterations is the same as that of encryption. The performancecomparison between RRN and DBS is summarized in table 1, which showsthat besides decryption, DBS system is more efficient than RRN system. Furthermore,our system has the flexibility of choosing an alternative public keycryptosystem which may results in more efficient system than DBS system.As we know, RRN system requires the RSA public exponent e to be shared.This opens a potential security hole to attackers. The claim of [1] that “havingmultiple copies of the same data encrypted with different keys does not arise”is not true because with the knowledge of the RSA moduli and the sharers of adata item, an attacker can create those multiple copies by modular operations.In comparison with RRN system, if our data based solution uses the RSA cryptosystem,sharing the same RSA public exponent e is not required, i.e. differentRSA public exponents can be used. Moreover, our data based solution has theflexibility of choosing an alternative public key cryptosystem which may resultsin more secure system.5 A Key Based SolutionAs discussed in section 1, our cryptographic solution of general access controlhas two categories: data based solution and key based solution. In data basedsolution, to share a message m with k sharers, the size of the share ciphertextis k times bigger than that of m. As a consequence, data based solution is notpreferable if m or k is big. Moreover, data based solution is based on public keycryptosystem. This is because, to share a data item, its owner must know allsharers’ encryption keys. In order to protect the confidentiality of decryptionkeys, we can only use a public key cryptosystem. Public key cryptosystems are