Hierarchical Key Assignment with Dynamic Read-Write Privilege Enforcement and Extended KI-Security

  • Yi-Ruei ChenEmail author
  • Wen-Guey Tzeng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)


This paper addresses the problem of key assignment for controlling access of encrypted data in access hierarchies. We propose a hierarchical key assignment (HKA) scheme RW-HKA that supports dynamic reading and writing privilege enforcement simultaneously. It not only provides typical confidentiality guarantee in data encryption, but also allows users to verify the integrity of encrypted data. It can be applied to cloud-based systems for providing flexible access control on encrypted data in the clouds. For security, we define the extended key indistinguishable (EKI) security for RW-HKA schemes. An EKI-secure RW-HKA scheme is resistant to collusion such that no subset of users can conspire to distinguish a data decryption key, that is not legally accessible, from random strings. In this paper, we provide a generic construction of EKI-secure RW-HKA schemes based on sID-CPA secure identity-based broadcast encryption (IBBE) and strong one-time signature schemes. Furthermore, we provide a new IBBE scheme that is suitable in constructing an efficient RW-HKA scheme with a constant number of user private keys, constant size of encrypted data, and constant computation cost of a user in deriving a key for decryption. It is the first HKA scheme that achieves the aforementioned performance while supporting dynamic reading and writing privilege enforcement simultaneously.


Hierarchical key assignment Access control Data outsourcing 


  1. 1.
    Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. (TOCS) 1(3), 239–248 (1983)CrossRefGoogle Scholar
  2. 2.
    Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12(3), 18:1–18:43 (2009)CrossRefGoogle Scholar
  3. 3.
    Mikhail, J.A., Keith, B.F., Marina, B.: Dynamic and efficient key management for access hierarchies. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, Alexandria, VA, USA, 7–11 November 2005, pp. 190–202 (2005)Google Scholar
  4. 4.
    Baek, J., Safavi-Naini, R., Susilo, W.: Efficient multi-receiver identity-based encryption and its application to broadcast encryption. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 380–397. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30580-4_26 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Waters, B., Zhandry, M.: Low overhead broadcast encryption from multilinear maps. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 206–223. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_12 CrossRefGoogle Scholar
  6. 6.
    Cafaro, M., Civino, R., Masucci, B.: On the equivalence of two security notions for hierarchical key assignment schemes in the unconditional setting. IEEE Trans. Dependable Secure Comput. 12(4), 485–490 (2015)CrossRefGoogle Scholar
  7. 7.
    Castiglione, A., De Santis, A., Masucci, B.: Key indistinguishability versus strong key indistinguishability for hierarchical key assignment schemes. IEEE Trans. Dependable Secure Comput. 13(4), 451–460 (2016)CrossRefGoogle Scholar
  8. 8.
    Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Huang, X.: Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forensics Secur. 11(10), 2349–2364 (2016)CrossRefzbMATHGoogle Scholar
  9. 9.
    Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Li, J., Huang, X.: Hierarchical and shared access control. IEEE Trans. Inf. Forensics Secur. 11(4), 850–865 (2016)Google Scholar
  10. 10.
    Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Huang, X., Castiglione, A.: Supporting dynamic updates in storage clouds with the Akl-Taylor scheme. Inf. Sci. 387, 56–74 (2017)CrossRefGoogle Scholar
  11. 11.
    Chen, T.-S., Chung, Y.-F.: Hierarchical access control based on chinese remainder theorem and symmetric algorithm. Comput. Secur. 21(6), 565–570 (2002)CrossRefGoogle Scholar
  12. 12.
    Chen, Y.-R., Chu, C.-K., Tzeng, W.-G., Zhou, J.: CloudHKA: a cryptographic approach for hierarchical access control in cloud computing. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 37–52. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38980-1_3 CrossRefGoogle Scholar
  13. 13.
    Chen, Y.-R., Tygar, J.D., Tzeng, W.-G.: Secure group key management using uni-directional proxy re-encryption schemes. In: 30th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2011, 10–15 April 2011, Shanghai, China, pp. 1952–1960 (2011)Google Scholar
  14. 14.
    Chen, Y.-R., Tzeng, W.-G.: Efficient and provably-secure group key management scheme using key derivation. In: 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2012, Liverpool, United Kingdom, 25–27 June 2012, pp. 295–302 (2012)Google Scholar
  15. 15.
    Chen, Y.-R., Tzeng, W.-G.: Group key management with efficient rekey mechanism: a semi-stateful approach for out-of-synchronized members. Comput. Commun. 98, 31–42 (2017)CrossRefGoogle Scholar
  16. 16.
    Chou, K.-Y., Chen, Y.-R., Tzeng, W.-G.: An efficient and secure group key management scheme supporting frequent key updates on pay-tv systems. In: 13th Asia-Pacific Network Operations and Management Symposium, APNOMS 2011, Taipei, Taiwan, 21–23 September 2011, pp. 1–8 (2011)Google Scholar
  17. 17.
    Chung, Y.-F., Lee, H.-H., Lai, F., Chen, T.-S.: Access control in user hierarchy based on elliptic curve cryptosystem. Inf. Sci. 178(1), 230–243 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Crampton, J., Martin, K.M., Wild, P.R.: On key assignment for hierarchical access control. In: 19th IEEE Computer Security Foundations Workshop, (CSFW-19 2006), Venice, Italy, 5–7 July 2006, pp. 98–111 (2006)Google Scholar
  19. 19.
    D’Arco, P., Santis, A., Ferrara, A.L., Masucci, B.: Security and tradeoffs of the Akl-Taylor scheme and its variants. In: Královič, R., Niwiński, D. (eds.) MFCS 2009. LNCS, vol. 5734, pp. 247–257. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03816-7_22 CrossRefGoogle Scholar
  20. 20.
    D’Arco, P., De Santis, A., Ferrara, A.L., Masucci, B.: Variations on a theme by Akl and Taylor: security and tradeoffs. Theor. Comput. Sci. 411(1), 213–227 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Das, M.L., Saxena, A., Gulati, V.P., Phatak, D.B.: Hierarchical key management scheme using polynomial interpolation. Oper. Syst. Rev. 39(1), 40–47 (2005)CrossRefGoogle Scholar
  22. 22.
    Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 200–215. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76900-2_12 CrossRefGoogle Scholar
  23. 23.
    Freire, E.S.V., Paterson, K.G.: Provably secure key assignment schemes from factoring. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 292–309. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22497-3_19 CrossRefGoogle Scholar
  24. 24.
    Freire, E.S.V., Paterson, K.G., Poettering, B.: Simple, efficient and strongly KI-secure hierarchical key assignment schemes. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 101–114. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36095-4_7 CrossRefGoogle Scholar
  25. 25.
    Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 171–188. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_10 CrossRefGoogle Scholar
  26. 26.
    Harn, L., Lin, H.-Y.: A cryptographic key generation scheme for multilevel data security. Comput. Secur. 9(6), 539–546 (1990)CrossRefGoogle Scholar
  27. 27.
    He, K., Weng, J., Liu, J., Liu, J.K., Liu, W., Deng, R.H.: Anonymous identity-based broadcast encryption with chosen-ciphertext security. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, China, 30 May–3 June 2016, pp. 247–255, 2016Google Scholar
  28. 28.
    Huang, D., Medhi, D.: A secure group key management scheme for hierarchical mobile ad hoc networks. Ad Hoc Netw. 6(4), 560–577 (2008)CrossRefGoogle Scholar
  29. 29.
    Kim, J., Susilo, W., Au, M.H., Seberry, J.: Adaptively secure identity-based broadcast encryption with a constant-sized ciphertext. IEEE Trans. Inf. Forensics Secur. 10(3), 679–693 (2015)CrossRefGoogle Scholar
  30. 30.
    Lin, Y.-L., Hsu, C.-L.: Secure key management scheme for dynamic hierarchical access control based on ECC. J. Syst. Softw. 84(4), 679–685 (2011)MathSciNetCrossRefGoogle Scholar
  31. 31.
    MacKinnon, S.J., Akl, S.G.: New key generation algorithms for multilevel security. In: Proceedings of the 1983 IEEE Symposium on Security and Privacy, Oakland, California, USA, 25–27 April 983, pp. 72–78 (1983)Google Scholar
  32. 32.
    MacKinnon, S.J., Taylor, P.D., Meijer, H., Akl, S.G.: An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Trans. Comput. 34(9), 797–802 (1985)CrossRefGoogle Scholar
  33. 33.
    Odelu, V., Das, A.K., Goswami, A.: An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2), 9920 (2013)CrossRefGoogle Scholar
  34. 34.
    Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)CrossRefGoogle Scholar
  35. 35.
    De Santis, A., Ferrara, A.L., Masucci, B.: Efficient provably-secure hierarchical key assignment schemes. In: Kučera, L., Kučera, A. (eds.) MFCS 2007. LNCS, vol. 4708, pp. 371–382. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74456-6_34 CrossRefGoogle Scholar
  36. 36.
    De Santis, A., Ferrara, A.L., Masucci, B.: Efficient provably-secure hierarchical key assignment schemes. Theoret. Comput. Sci. 412(41), 5684–5699 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Shen, V.R.L., Chen, T.-S.: A novel key management scheme based on discrete logarithms and polynomial interpolations. Comput. Secur. 21(2), 164–171 (2002)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Tang, S., Li, X., Huang, X., Xiang, Y., Lingling, X.: Achieving simple, secure and efficient hierarchical access control in cloud computing. IEEE Trans. Comput. 65(7), 2325–2331 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Wong, C.K., Gouda, M.G., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8(1), 16–30 (2000)CrossRefGoogle Scholar
  40. 40.
    Yang, C., Li, C.: Access control in a hierarchy using one-way hash functions. Comput. Secur. 23(8), 659–664 (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceNational Chiao Tung UniversityHsinchuTaiwan

Personalised recommendations