Efficient provably-secure hierarchical key assignment schemes

A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. In this paper we design and analyze hierarchical key assignment schemes which are provably secure and support dynamic updates to the hierarchy with local changes to the public information and without requiring any private information to be re-distributed. -We first consider the problem of constructing a hierarchical key assignment scheme by using as a building block a symmetric encryption scheme. We propose a new construction which is provably secure with respect to key indistinguishability, requires a single computational assumption, and improves on previous proposals. -Then, we show how to construct a hierarchical key assignment scheme by using as a building block a public-key broadcast encryption scheme. In particular, one of our constructions provides constant private information and public information linear in the number of classes in the hierarchy.

[1]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[2]  C. Lei,et al.  A dynamic cryptographic key assignment scheme in a tree structure , 1993 .

[3]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[4]  Mikkel Thorup,et al.  Shortcutting Planar Digraphs , 1995, Combinatorics, Probability and Computing.

[5]  M. Yannakakis The Complexity of the Partial Order Dimension Problem , 1982 .

[6]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[7]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[8]  Bernard Chazelle Computing on a Free Tree via Complexity-Preserving Mappings , 1984, FOCS.

[9]  Yevgeniy Dodis,et al.  Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack , 2003, Public Key Cryptography.

[10]  Robert E. Tarjan,et al.  Efficiency of a Good But Not Linear Set Union Algorithm , 1972, JACM.

[11]  Jyh-haw Yeh,et al.  An RSA-based time-bound hierarchical key assignment scheme for electronic article subscription , 2005, CIKM '05.

[12]  Hung-Yu Chen,et al.  Efficient time-bound hierarchical key assignment scheme , 2004 .

[13]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[14]  Dong Hoon Lee,et al.  Generic Transformation for Scalable Broadcast Encryption Schemes , 2005, CRYPTO.

[15]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[16]  Yu-Fang Chung,et al.  Hierarchical access control based on Chinese Remainder Theorem and symmetric algorithm , 2002, Comput. Secur..

[17]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[18]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[19]  Mikhail J. Atallah,et al.  Key management for non-tree access hierarchies , 2006, SACMAT '06.

[20]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[21]  William Hesse,et al.  Directed graphs requiring large numbers of shortcuts , 2003, SODA '03.

[22]  Jason Crampton,et al.  On key assignment for hierarchical access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[23]  Bernard Chazelle,et al.  Computing on a free tree via complexity-preserving mappings , 1984, Algorithmica.

[24]  Alfredo De Santis,et al.  Unconditionally secure key assignment schemes , 2006, Discret. Appl. Math..

[25]  Alfredo De Santis,et al.  Efficient Provably-Secure Hierarchical Key Assignment Schemes , 2007, MFCS.

[26]  Wojciech A. Trybulec Partially Ordered Sets , 1990 .

[27]  Mikkel Thorup,et al.  On Shortcutting Digraphs , 1992, WG.

[28]  Hwang Min-Shiang,et al.  A cryptographic key assignment scheme in a hierarchy for access control , 1997 .

[29]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[30]  J. A. La Poutré New techniques for the union-find problem , 1990, SODA '90.

[31]  Nicola Santoro,et al.  Trade-Offs in Non-Reversing Diameter , 1994, Nord. J. Comput..

[32]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[33]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[34]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[35]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[36]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT '07.

[37]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2008, Theor. Comput. Sci..

[38]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[39]  Jonathan Katz,et al.  Characterization of Security Notions for Probabilistic Private-Key Encryption , 2005, Journal of Cryptology.

[40]  Alfred V. Aho,et al.  The Transitive Reduction of a Directed Graph , 1972, SIAM J. Comput..

[41]  Alfredo De Santis,et al.  Variations on a theme by Akl and Taylor: Security and tradeoffs , 2010, Theor. Comput. Sci..

[42]  Mikkel Thorup,et al.  Parallel Shortcutting of Rooted Trees , 1997, J. Algorithms.

[43]  Xun Yi,et al.  Security of Chien's efficient time-bound hierarchical key assignment scheme , 2005, IEEE Transactions on Knowledge and Data Engineering.

[44]  Victor R. L. Shen,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002, Comput. Secur..

[45]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[46]  J. A. La Poutré New techniques for the union-find problem , 1990, SODA 1990.

[47]  Chi-Sung Laih,et al.  Merging: an efficient solution for a time-bound hierarchical key assignment scheme , 2006, IEEE Transactions on Dependable and Secure Computing.

[48]  Kevin Fu,et al.  Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage , 2006, NDSS.

[49]  Alfredo De Santis,et al.  Cryptographic key assignment schemes for any access control policy , 2004, Inf. Process. Lett..

[50]  ChenTzer-Shyong,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002 .

[51]  Andrew Chi-Chih Yao,et al.  Space-time tradeoff for answering range queries (Extended Abstract) , 1982, STOC '82.

[52]  Alfredo De Santis,et al.  Enforcing the security of a time-bound hierarchical key assignment scheme , 2006, Inf. Sci..

[53]  Chin-Chen Chang,et al.  Cryptographic key assignment scheme for hierarchical access control , 2001, Comput. Syst. Sci. Eng..

[54]  Chu-Hsing Lin,et al.  Dynamic key management schemes for access control in a hierarchy , 1997, Comput. Commun..

[55]  Hung-Yu Chien,et al.  Efficient time-bound hierarchical key assignment scheme , 2004, IEEE Transactions on Knowledge and Data Engineering.