Merging: an efficient solution for a time-bound hierarchical key assignment scheme

Conventional hierarchical key assignment schemes have not been concerned with a practical situation: Users might be assigned to a class for only a period of time. When a user leaves a class, the keys of that class and all the descendent classes must be renewed. For applications where the privileges of users change frequently or where there are many users, the communication load for key redistributions is very large. Recently, Tzeng (2002) proposed a time-bound hierarchical key assignment scheme to address this issue. However, Tzeng's scheme was very complex and suffered from a collusion attack. In this paper, we propose an efficient time-bound scheme based on a technique called merging. The idea behind merging is to consider primitive keys instead of hierarchies. It is conceptually like the compression used in source coding. Through this technique, it is feasible to combine multiple keys into an aggregate key. Thus, communication and storage requirements are greatly reduced. This technique can also be used for an alternative implementation of Akl-Taylor's scheme. Moreover, it can be used to construct a systematic approach for adjusting hierarchies in Akl-Taylor's scheme as well. Through the insights gained from these exercises, we may see that some problems that are usually addressed by the conventional key assignment schemes can be solved directly via merging, with better performance. Furthermore, if other suitable merging functions are found in the future, new secure hierarchical key assignment schemes and time-bound schemes is obtained accordingly.

[1]  D. H. Lehmer An Extended Theory of Lucas' Functions , 1930 .

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Hung-Yu Chen,et al.  Efficient time-bound hierarchical key assignment scheme , 2004 .

[4]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[5]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[6]  Chu-Hsing Lin,et al.  Hierarchical key assignment without public-key cryptography , 2001, Comput. Secur..

[7]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[8]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[9]  Min-Shiang Hwang Extension of CHW cryptographic key assignment scheme in a hierarchy , 1999 .

[10]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[11]  Chi-Sung Laih,et al.  A branch oriented key management solution to dynamic access control in a hierarchy , 1991, [Proceedings] 1991 Symposium on Applied Computing.

[12]  Hung-Yu Chien,et al.  Efficient time-bound hierarchical key assignment scheme , 2004, IEEE Transactions on Knowledge and Data Engineering.

[13]  Richard E. Blahut,et al.  Principles and practice of information theory , 1987 .

[14]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[15]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[16]  R. Stanley What Is Enumerative Combinatorics , 1986 .