ABSTRACT
A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the key of a higher class can be used to derive the keys of all classes lower down in the hierarchy, according to temporal constraints.In this paper we design and analyze time-bound hierarchical key assignment schemes which are provably-secure and efficient. We first consider the unconditionally secure setting and we show a tight lower bound on the size of the private information distributed to each class. Then, we consider the computationally secure setting and obtain several results: We first prove that a recently proposed scheme is insecure against collusion attacks. Hence, motivated by the need for provably-secure schemes, we propose two different constructions for time-bound hierarchical key assignment schemes. The first one is based on symmetric encryption schemes, whereas, the second one makes use of bilinear maps. These appear to be the first constructions of time-bound hierarchical key assignment schemes which are simultaneously practical and provably-secure.
- S. G. Akl and P. D. Taylor, Cryptographic Solution to a Problem of Access Control in a Hierarchy, ACM Trans. on Computer Systems, 1(3), 239--248, 1983. Google ScholarDigital Library
- M. J. Atallah, M. Blanton, N. Fazio, and K. B. Frikken, Dynamic and Efficient Key Management for Access Hierarchies, CERIAS Tech. Rep. TR 2006-09, Purdue University. Prelim. version in Proc. of the 2005 ACM Conf. on Comput. and Commun. Security, 190--201, 2005. Google ScholarDigital Library
- M. J. Atallah, M. Blanton, and K. B. Frikken, Key Management for Non-Tree Access Hierarchies, in Proc. of the 2006 ACM Symp. on Access Control Models and Technologies, 11--18, 2006. Google ScholarDigital Library
- G. Ateniese, A. De Santis, A. L. Ferrara, and B. Masucci, Provably-Secure Time-Bound Hierarchical Key Assignment Schemes, IACR ePrint Archive, Report 2006/225.Google Scholar
- M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, A Concrete Security Treatment of Symmetric Encryption, in Proc. of the 38th IEEE Symp. on Found. of Computer Sci., 394--403, 1997. Google ScholarDigital Library
- E. Bertino, B. Carminati, and E. Ferrari, A Temporal Key Management Scheme for Secure Broadcasting of XML Documents, in Proc. of the 2002 ACM Conf. on Comput. and Commun. Security, 31--40, 2002. Google ScholarDigital Library
- D. Boneh and X. Boyen, Efficient Selective-ID Secure Identity-based Encryption without Random Oracles, in Proc. of Eurocrypt 2004, LNCS, 3027, 223--238, 2004. Google ScholarDigital Library
- D. Boneh and M. Franklin, Identity-based Encryption from the Weil Pairing, SIAM Journal Comput., 32(3), 586--615, 2003. Google ScholarDigital Library
- D. Boneh, B. Lynn, and H. Shacham, Short Signatures from the Weil Pairing, Journal of Cryptology, 17(4), 297--319, 2004. Google ScholarDigital Library
- R. Canetti, S. Halevi, and J. Katz, A Forward-Secure Public-Key Encryption Scheme, in Proc. of Eurocrypt 2003, LNCS, 2656, 255--271, 2003. Google ScholarDigital Library
- T. Chen and Y. Chung, Hierarchical Access Control based on Chinese remainder Theorem and Symmetric Algorithm, Comput. & Security, 21(6), 565--570, 2002.Google ScholarDigital Library
- H. Y. Chien, Efficient Time-Bound Hierarchical Key Assignment Scheme, IEEE Trans. on Know. and Data Eng., 16(10), 1301--1034, 2004. Google ScholarDigital Library
- Elements of Information Theory, John Wiley & Sons, 1991. Google ScholarDigital Library
- A. De Santis, A. L. Ferrara, and B. Masucci, Cryptographic Key Assignment Schemes for any Access Control Policy, Inf. Proc. Lett., 92(4), 199--205, 2004. Google ScholarDigital Library
- A. De Santis, A. L. Ferrara, and B. Masucci, Enforcing the Security of a Time-Bound Hierarchical Key Assignment Scheme, Inf. Sci., 176(12), 1684--1694, 2006. Google ScholarDigital Library
- A. De Santis, A. L. Ferrara, and B. Masucci, Unconditionally Secure Key Assignment Schemes, Discrete Applied Math., 154(2), 234--252, 2006. Google ScholarDigital Library
- A. De Santis, A. L. Ferrara, and B. Masucci, Efficient Provably-Secure Key Assignment Schemes, manuscript.Google Scholar
- S. D. Galbraith, K. Harrison, and D. Soldera, Implementing the Tate Pairing, in Proc. of the Algorithmic Number Theory Symp., LNCS, 1838, 385--394, 2000. Google ScholarDigital Library
- O. Goldreich, S. Goldwasser, and S. Micali, How to Construct Random Functions, Journal of the ACM, 33(4), 792--807, 1986. Google ScholarDigital Library
- S. Goldwasser and S. Micali, Probabilistic Encryption, Journal of Comput. and Syst. Sci., 28, 270--299, 1984.Google ScholarCross Ref
- S. Goldwasser, S. Micali, and R. Rivest, A Digital Signature Scheme Secure against Adaptive Chosen Message Attacks, SIAM Journal Comput., 17(2), 281--308, 1988. Google ScholarDigital Library
- L. Harn and H. Y. Lin, A Cryptographic Key Generation Scheme for Multilevel Data Security, Comput. and Security, 9(6), 539--546, 1990. Google ScholarDigital Library
- H. F. Huang and C. C. Chang, A New Cryptographic Key Assignment Scheme with Time-Constraint Access Control in a Hierarchy, Comput. Stand. & Int., 26, 159--166, 2004. Google ScholarDigital Library
- M. S. Hwang, A Cryptographic Key Assignment Scheme in a Hierarchy for Access Control, Math. and Comput. Modeling, 26(1), 27--31, 1997. Google ScholarDigital Library
- A. Joux, A One-round Protocol for Tripartite Diffie-Hellman, in Proc. of the Algorithmic Number Theory Symp., LNCS, 1838, 385--394, 2000. Google ScholarDigital Library
- J. Katz and M. Yung, Characterization of Security Notions for Probabilistic Private-Key Encryption, Journal of Cryptology, 19, 67--95, 2006. Google ScholarDigital Library
- H. T. Liaw, S. J. Wang, and C. L. Lei, A Dynamic Cryptographic Key Assignment Scheme in a Tree Structure, Comput. and Math. with Appl., 25(6), 109--114, 1993.Google ScholarCross Ref
- C. H. Lin, Dynamic Key Management Schemes for Access Control in a Hierarchy, Comput. Commun., 20, 1381--1385, 1997. Google ScholarDigital Library
- A. Miyaji, M. Nakabayashi, and S. Takano, New Explicit Conditions for Elliptic Curve Traces for FR-Reduction, IEICE Trans. Fund., E-84(5), 1234--1243, 2001.Google Scholar
- M. Naor and O. Reingold, Number-Theoretic Constructions of Efficient Pseudo-Random Functions, Journal of the ACM, 51(2), 231--262, 2004. Google ScholarDigital Library
- R. S. Sandhu, Cryptographic Implementation of a Tree Hierarchy for Access Control, Inf. Proc. Lett., 27, 95--98, 1988. Google ScholarDigital Library
- A. Shamir, On the Generation of Cryptographically Strong Pseudorandom Sequences, ACM Trans. on Comput. Sys., 1, 38--44, 1983. Google ScholarDigital Library
- V. Shen and T. Chen, A Novel Key Management Scheme based on Discrete Logarithms and Polynomial Interpolations, Comput. & Security, 21(2), 164--171, 2002.Google ScholarDigital Library
- Q. Tang and C. J. Mitchell, Comments on a Cryptographic Key Assignment Scheme, Comput. Standards & Interfaces, 27, 323--326, 2005. Google ScholarDigital Library
- W.-G. Tzeng, A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy, IEEE Trans. on Knowl. and Data Eng., 14(1), 182--188, 2002. Google ScholarDigital Library
- J. Yeh, An RSA-Based Time-Bound Hierarchical Key Assignment Scheme for Electronic Article Subscription, in Proc. of the 2005 ACM CIKM Conf. on Information and Knowledge Management, 285--286, 2005. Google ScholarDigital Library
- X. Yi, Security of Chien's Efficient Time-Bound Hierarchical Key Assignment Scheme, IEEE Trans. on Knowl. and Data Eng., 17(9), 1298--1299, 2005. Google ScholarDigital Library
- X. Yi and Y. Ye, Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy, IEEE Trans. on Knowl. and Data Eng., 15(4), 1054--1055, 2003. Google ScholarDigital Library
- S.-Y. Wang and C.-Laih, Merging: An Efficient Solution for a Time-Bound Hierarchical Key Assignment Scheme, IEEE Trans. on Dependable and Secure Comput., 3(1), 91--100, 2006. Google ScholarDigital Library
- T. Wu and C. Chang, Cryptographic Key Assignment Scheme for Hierarchical Access Control, Int. Journal of Comput. Syst. Sci. and Eng., 1(1), 25--28, 2001.Google Scholar
Index Terms
- Provably-secure time-bound hierarchical key assignment schemes
Recommendations
Provably-Secure Time-Bound Hierarchical Key Assignment Schemes
A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, ...
Efficient provably-secure hierarchical key assignment schemes
A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of ...
New constructions for provably-secure time-bound hierarchical key assignment schemes
A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class in the hierarchy can compute the keys of all classes lower down in ...
Comments