A centralized key management scheme for hierarchical access control

Key management schemes are used to provide access control to data streams for legitimate users. The users often have certain partially ordered relations, while data streams also form some partially ordered relations. Previous key management schemes have failed to take into consideration either the user relations or data stream relations. We propose a centralized key management scheme for hierarchical access control that considers both partially ordered users and partially ordered data streams. Our scheme improves the efficiency of key management by encrypting multiple equivalent data streams with a single data encryption key, instead of encrypting each data stream with a unique data encryption key in the multi-group key management scheme (Sun, Y. and Ray Liu, K.J., IEEE INFOCOM, 2004). We develop a simulation model to evaluate the performance of our proposed scheme. Simulation results show that our scheme reduces at least 20% of storage overhead at every user and rekey overhead compared to the multi-group key management scheme.

[1]  Byrav Ramamurthy,et al.  Secure group communications and hierarchical access control , 2000 .

[2]  Byrav Ramamurthy,et al.  Hierarchy-based access control in distributed environments , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[3]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[4]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[5]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[6]  K. J. Ray Liu,et al.  Scalable hierarchical access control in secure group communications , 2004, IEEE INFOCOM 2004.

[7]  K. J. Ray Liu,et al.  Topology-aware key management schemes for wireless multicast , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[8]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..