Cryptographic key assignment schemes for any access control policy

The access control problem deals with the management of sensitive information among a number of users who are classified according to their suitability in accessing the information in a computer system. The set of rules that specify the information flow between different user classes in the system defines an access control policy. Akl and Taylor first considered the access control problem in a system organized as a partially ordered hierarchy. They proposed a cryptographic key assignment scheme, where each class is assigned an encryption key that can be used, along with some public parameters generated by a central authority, to compute the key assigned to any class lower down in the hierarchy. Subsequently, many researchers have proposed schemes that either have better performances or allow insertion and deletion of classes in the hierarchy.In this paper we show how to construct a cryptographic key assignment scheme for any arbitrary access control policy. Our construction uses as a building block a cryptographic key assignment scheme for partially ordered hierarchies. The security of our scheme holds with respect to adversaries of limited computing power and directly derives from the security of the underlying scheme for partially ordered hierarchies. Moreover, the size of the keys assigned to classes in our scheme is exactly the same as in the underlying scheme.

[1]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[2]  Hwang Min-Shiang,et al.  A cryptographic key assignment scheme in a hierarchy for access control , 1997 .

[3]  Anna Lisa Ferrara,et al.  An Information-Theoretic Approach to the Access Control Problem , 2003, ICTCS.

[4]  Min-Shiang Hwang Cryptanalysis of YCN key assignment scheme in a hierarchy , 2000, Inf. Process. Lett..

[5]  E. T. An Introduction to the Theory of Numbers , 1946, Nature.

[6]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[9]  Alfredo De Santis,et al.  Unconditionally secure key assignment schemes , 2006, Discret. Appl. Math..

[10]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[11]  Wei-Pang Yang,et al.  Controlling access in large partially ordered hierarchies using cryptographic keys , 2003, J. Syst. Softw..

[12]  Chu-Hsing Lin,et al.  Dynamic key management schemes for access control in a hierarchy , 1997, Comput. Commun..

[13]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[14]  C. Lei,et al.  A dynamic cryptographic key assignment scheme in a tree structure , 1993 .

[15]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.