Variations on a theme by Akl and Taylor: Security and tradeoffs

In 1983, Akl and Taylor [Cryptographic solution to a problem of access control in a hierarchy, ACM Transactions on Computer Systems 1 (3) (1983) 239-248] first suggested the use of cryptographic techniques to enforce access control in hierarchical structures. Due to its simplicity and versatility, the scheme has been used, for more than twenty years, to implement access control in several different domains, including mobile agent environments and XML documents. However, despite its use over time, the scheme has never been fully analyzed with respect to security and efficiency requirements. In this paper we provide new results on the Akl-Taylor scheme and its variants. More precisely: *We provide a rigorous analysis of the Akl-Taylor scheme. We consider different key assignment strategies and prove that the corresponding schemes are secure against key recovery. *We show how to obtain different tradeoffs between the amount of public information and the number of steps required to perform key derivation in the proposed schemes. *We also look at the MacKinnon et al. and Harn and Lin schemes and prove they are secure against key recovery. *We describe an Akl-Taylor based key assignment scheme with time-dependent constraints and prove the scheme efficient, flexible and secure. *We propose a general construction, which is of independent interest, yielding a key assignment scheme offering security w.r.t. key indistinguishability, given any key assignment scheme which guarantees security against key recovery. *Finally, we show how to use our construction, along with our assignment strategies and tradeoffs, to obtain an Akl-Taylor scheme, secure w.r.t. key indistinguishability, requiring a constant amount of public information.

[1]  Alfredo De Santis,et al.  Cryptographic key assignment schemes for any access control policy , 2004, Inf. Process. Lett..

[2]  Min-Shiang Hwang,et al.  Efficient access control and key management schemes for mobile agents , 2004, Comput. Stand. Interfaces.

[3]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[4]  P. Erdös,et al.  On the normal number of prime factors of $\phi(n)$ , 1985 .

[5]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[6]  Tomoyuki Asano A Revocation Scheme with Minimal Storage at Receivers , 2002, ASIACRYPT.

[7]  L. G. H. Cijan A polynomial algorithm in linear programming , 1979 .

[8]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[9]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[10]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT '07.

[11]  Alfredo De Santis,et al.  Efficient provably-secure hierarchical key assignment schemes , 2007, Theor. Comput. Sci..

[12]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[13]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[14]  Wen-Guey Tzeng,et al.  A secure system for data access based on anonymous authentication and time-dependent hierarchical keys , 2006, ASIACCS '06.

[15]  Jason Crampton,et al.  Applying hierarchical and role-based access control to XML documents , 2004, SWS '04.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  G. Hardy,et al.  An Introduction to the Theory of Numbers , 1938 .

[18]  Alfredo De Santis,et al.  Efficient Provably-Secure Hierarchical Key Assignment Schemes , 2007, MFCS.

[19]  L. Khachiyan Polynomial algorithms in linear programming , 1980 .

[20]  Chi-Sung Laih,et al.  Merging: an efficient solution for a time-bound hierarchical key assignment scheme , 2006, IEEE Transactions on Dependable and Secure Computing.

[21]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[22]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[23]  Kazukuni Kobara,et al.  Broadcast encryption with short keys and transmissions , 2003, DRM '03.

[24]  Jyh-haw Yeh,et al.  Key assignment for enforcing access control policy exceptions in distributed systems , 2003, Inf. Sci..

[25]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[26]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .