Key management for content access control in a hierarchy

The need for content access control in hierarchies (CACH) appears naturally in all contexts where a set of users have different access rights to a set of resources. The hierarchy is defined using the access rights. The different resources are encrypted using different keys. Key management is a critical issue for scalable content access control. In this paper, we study the problem of key management for CACH. We present main existing access control models, and show why these models are not suitable to the CACH applications, and why they are not implemented in the existing key management schemes. Furthermore, we classify these key management schemes into two approaches, and construct an access control model for each approach. The proposed access control models are then used to describe the schemes in a uniform and coherent way. A final contribution of our work consists of a classification of the CACH applications, a comparison of the key management schemes, and a study of the suitability of the existing schemes to the CACH applications with respect to some analytical measurements.

[1]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[2]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[3]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[4]  J. Stoer,et al.  Introduction to Numerical Analysis , 2002 .

[5]  Ravi S. Sandhu,et al.  The RRA97 model for role-based administration of role hierarchies , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[6]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[7]  Arnold Neumaier,et al.  Introduction to Numerical Analysis , 2001 .

[8]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.

[9]  Serban I. Gavrila,et al.  Formal specification for role based access control user/role and role/role relationship management , 1998, RBAC '98.

[10]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[11]  Yacine Challal,et al.  An Efficient Key Management Algorithm for Hierarchical Group Communication , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[12]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[13]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[14]  Danny Dolev,et al.  Optimized Rekey for Group Communication Systems , 2000, NDSS.

[15]  Celia Li,et al.  Access control in a hierarchy using one-way hash functions , 2004, Comput. Secur..

[16]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[17]  Malibu Canyon RdMalibu Keystone: a Group Key Management Service , 2000 .

[18]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[19]  Chien-Lung Hsu,et al.  Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy , 2003, Comput. Secur..

[20]  Colin Boyd,et al.  On Key Agreement and Conference Key Agreement , 1997, ACISP.

[21]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[22]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[23]  Yacine Challal,et al.  Hi-KD: An Efficient Key Management Algorithm for Hierarchical Group , 2005 .

[24]  R. S. Sandhu,et al.  On some cryptographic solutions for access control in a tree hierarchy , 1987, FJCC.

[25]  Indrajit Ray,et al.  A cryptographic solution to implement access control in a hierarchy and more , 2002, SACMAT '02.

[26]  Uta Wille,et al.  Communication complexity of group key distribution , 1998, CCS '98.

[27]  Victor R. L. Shen,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002, Comput. Secur..

[28]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[29]  Yuan-Shun Dai,et al.  Secure Group Communication Based Scheme for Differential Access Control in Dynamic Environments , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[30]  Byrav Ramamurthy,et al.  Chinese Remainder Theorem Based Hierarchical Access Control for Secure Group Communication , 2001, ICICS.

[31]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[32]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[33]  Danny Dolev,et al.  Optimized Group Rekey for Group Communications Systems , 1999 .

[34]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[35]  Ravi S. Sandhu,et al.  The ARBAC97 model for role-based administration of roles: preliminary description and outline , 1997, RBAC '97.

[36]  Jason Alexis Valentine Crampton Authorization and antichains , 2002 .

[37]  K. J. Ray Liu,et al.  Scalable hierarchical access control in secure group communications , 2004, IEEE INFOCOM 2004.

[38]  Thomas Hardjono,et al.  Sibling Intractable Function Families and Their Applications (Extended Abstract) , 1991, ASIACRYPT.

[39]  Jennifer Seberry,et al.  New Solutions to the Problem of Access Control in a Hierarchy , 1993 .

[40]  Selim G. Akl,et al.  Cryptographic Solution to a Multilevel Security Problem , 1982, CRYPTO.

[41]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[42]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[43]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[44]  Brian Weis,et al.  The Multicast Group Security Architecture , 2004, RFC.

[45]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[46]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[47]  Robert H. Deng,et al.  Dynamic Access Control for Multi-privileged Group Communications , 2004, ICICS.

[48]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[49]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[50]  David Hutchison,et al.  Hydra: a decentralised group key management , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[51]  Ashok Samal,et al.  Scalable secure one-to-many group communication using dual encryption , 2000, Comput. Commun..

[52]  Begnaud Francis Hildebrand,et al.  Introduction to numerical analysis: 2nd edition , 1987 .

[53]  Bob Briscoe MARKS: Multicast Key Management using Arbitrarily Revealed Key Sequences , 1999 .

[54]  R. P. Dilworth,et al.  A DECOMPOSITION THEOREM FOR PARTIALLY ORDERED SETS , 1950 .

[55]  Norman Hardy,et al.  Security In Keykos™ , 1986, 1986 IEEE Symposium on Security and Privacy.

[56]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[57]  Ashutosh Saxena,et al.  Hierarchical key management scheme using polynomial interpolation , 2005, OPSR.

[58]  Selim G. Akl,et al.  New Key Generation Algorithms for Multilevel Security , 1983, 1983 IEEE Symposium on Security and Privacy.