An Information-Theoretic Approach to the Access Control Problem
In this paper we propose an information-theoretic approach to the access control problem in a scenario where a group of users is divided into a number of disjoint classes. The set of rules that specify the information flow between different user classes in the system defines an access control policy. An access control policy can be implemented by using a key assignment scheme, where a trusted central authority (CA) assigns an encryption key and some private information to each class. We consider key assignment schemes which are unconditionally secure against attacks carried out by any coalition of classes. We show lower bounds on the size of the private information that each class has to store and on the amount of randomness needed by the CA to set up any key assignment scheme. Finally, we propose an optimal construction for unconditionally secure key assignment schemes.
KeywordsAccess Control Directed Graph Private Information Central Authority Joint Probability Distribution
Unable to display preview. Download preview PDF.
- 4.De Santis, A., Ferrara, A.L., Masucci, B.: Cryptographic Key Assignment Schemes for Any Access Control Policy (submitted for publication)Google Scholar
- 5.De Santis, A., Ferrara, A.L., Masucci, B.: Unconditionally Secure Hierarchical Key Assignment Schemes. In: Proc. of the International Workshop on Coding and Cryptography - WCC 2003, Versailles, France, March 24–28 (2003)Google Scholar
- 11.Knuth, D.E., Yao, A.C.: The Complexity of Nonuniform Random Number Generation. In: Algorithms and Complexity, pp. 357–428. Academic Press, London (1976)Google Scholar
- 18.Shen, V.R.L., Chen, T.S., Lai, F.: Novel Cryptographic Key Assignment Scheme for Dynamic Access Control in a Hierarchy. IEICE Trans. on Fundamentals E80- A(10), 2035–2037 (1997)Google Scholar
- 19.Yeh, J.H., Chow, R., Newman, R.: A Key Assignment for Enforcing Access Control Policy Exceptions. In: Proc. of the International Symposium on Internet Technology, pp. 54–59 (1998)Google Scholar
- 20.Tzeng, W.-G.: A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy. IEEE Trans. on Knowledge and Data Eng. 14 (2002)Google Scholar