Post-Quantum Cryptographic Access Control Based on Hierarchical RBAC Model

Abstract

The paper considers the isogeny-based cryptographically enforced data access control scheme CSIDH-HRBAC for untrusted cloud. CSIDH-HRBAC is based on a role-based access control model with support for a role hierarchy system. The proposed scheme implies the presence of a trusted party that manages cryptographic keys associated with users, roles, files. The basic procedures for gaining access to data, revoking access rights, adding new entities and updating parameters are given. Typical scenarios of attacks on the proposed scheme are considered, including role substitution, collusion by participants to compute the parent role key, attempt to access data after role revocation from user. To evaluate the performance of cryptographic operations, the simulation of the basic procedures was performed. The advantages and limitations of the CSIDH-HRBAC scheme are discussed. In particular, the need for protection against threats from the administrator, the prospect of using lattice-based post-quantum cryptographic primitives is noted.