Abstract
Hierarchical Key Assignment Schemes can be used to enforce access control policies by cryptographic means. In this paper, we present a new, enhanced security model for such schemes. We also give simple, efficient, and strongly-secure constructions for Hierarchical Key Assignment Schemes for arbitrary hierarchies using pseudorandom functions and forward-secure pseudorandom generators. We compare instantiations of our constructions with state-of-the-art Hierarchical Key Assignment Schemes, demonstrating that our new schemes possess an attractive trade-off between storage requirements and efficiency of key derivation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems 1(3), 239–248 (1983)
MacKinnon, S.J., Taylor, P.D., Meijer, H., Akl, S.G.: An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Transactions on Computers 34(9), 797–802 (1985)
Harn, L., Lin, H.Y.: A cryptographic key generation scheme for multilevel data security. Computers & Security 9(6), 539–546 (1990)
Chen, T.S., Chung, Y.F.: Hierarchical access control based on Chinese remainder theorem and symmetric algorithm. Computers & Security 21(6), 565–570 (2002)
Shen, V., Chen, T.S.: A novel key management scheme based on discrete logarithms and polynomial interpolations. Computers & Security 21(2), 164–171 (2002)
Wu, T.C., Chang, C.C.: Cryptographic key assignment scheme for hierarchical access control. Int. Journal of Computer Systems Science and Engineering 16(1), 25–28 (2001)
Yeh, J.H., Chow, R., Newman, R.: A key assignment for enforcing access control policy exceptions. In: Int. Symposium on Internet Technology, pp. 54–59 (1998)
Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. In: ACM Conference on Computer and Communications Security, pp. 190–202 (2006)
Ateniese, G., De Santis, A., Ferrara, A.L., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. In: ACM Conference on Computer and Communications Security, pp. 288–297 (2006)
Tzeng, W.G.: A secure system for data access based on anonymous authentication and time-dependent hierarchical keys. In: ACM Symposium on Information, Computer and Communications Security, pp. 223–230 (2006)
Wang, S.Y., Laih, C.S.: An efficient solution for a time-bound hierarchical key assignment scheme. IEEE Transactions on Dependable and Secure Computing 3(1), 91–100 (2006)
De Santis, A., Ferrara, A.L., Masucci, B.: Efficient Provably-Secure Hierarchical Key Assignment Schemes. In: Kučera, L., Kučera, A. (eds.) MFCS 2007. LNCS, vol. 4708, pp. 371–382. Springer, Heidelberg (2007)
Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12(3) (2009)
D’Arco, P., De Santis, A., Ferrara, A.L., Masucci, B.: Variations on a theme by Akl and Taylor: Security and tradeoffs. Theoretical Computer Science 411(1), 213–227 (2010)
Crampton, J., Daud, R., Martin, K.M.: Constructing Key Assignment Schemes from Chain Partitions. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy XXIV. LNCS, vol. 6166, pp. 130–145. Springer, Heidelberg (2010)
Freire, E.S.V., Paterson, K.G.: Provably Secure Key Assignment Schemes from Factoring. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 292–309. Springer, Heidelberg (2011)
Ateniese, G., De Santis, A., Ferrara, A.L., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. J. Cryptology 25(2), 243–270 (2012)
Crampton, J., Martin, K.M., Wild, P.R.: On key assignment for hierarchical access control. In: Computer Security Foundations Workshop, pp. 98–111 (2006)
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2), 231–262 (2004)
Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM Journal on Computing 15(2), 364–383 (1986)
Blum, M., Goldwasser, S.: An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 289–299. Springer, Heidelberg (1985)
Bellare, M., Yee, B.S.: Forward-Security in Private-Key Cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)
Freire, E.S.V., Paterson, K.G., Poettering, B.: Simple, efficient and strongly KI-secure hierarchical key assignment schemes (2012), http://eprint.iacr.org/2012/645
Dilworth, R.P.: A decomposition theorem for partially ordered sets. Annals of Mathematics 51(1), 161–166 (1950)
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Freire, E.S.V., Paterson, K.G., Poettering, B. (2013). Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes. In: Dawson, E. (eds) Topics in Cryptology – CT-RSA 2013. CT-RSA 2013. Lecture Notes in Computer Science, vol 7779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36095-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-36095-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36094-7
Online ISBN: 978-3-642-36095-4
eBook Packages: Computer ScienceComputer Science (R0)