New constructions for provably-secure time-bound hierarchical key assignment schemes

A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, according to temporal constraints.In this paper we design and analyze time-bound hierarchical key assignment schemes which are provably-secure and efficient. We consider two different goals: security with respect to key indistinguishability and against key recovery. Moreover, we distinguish security against static and adaptive adversarial behaviors. We explore the relations between all possible combinations of security goals and adversarial behaviors and, in particular, we prove that security against adaptive adversaries is (polynomially) equivalent to security against static adversaries. Finally, we propose two different constructions for time-bound key assignment schemes. The first one is based on symmetric encryption schemes, whereas the second one makes use of bilinear maps. Both constructions support updates to the access hierarchy with local changes to the public information and without requiring any private information to be re-distributed.

[1]  Alfredo De Santis,et al.  Unconditionally secure key assignment schemes , 2006, Discret. Appl. Math..

[2]  Alfredo De Santis,et al.  Efficient Provably-Secure Hierarchical Key Assignment Schemes , 2007, MFCS.

[3]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[4]  J. A. La Poutré New techniques for the union-find problem , 1990, SODA '90.

[5]  Nicola Santoro,et al.  Trade-Offs in Non-Reversing Diameter , 1994, Nord. J. Comput..

[6]  Wojciech A. Trybulec Partially Ordered Sets , 1990 .

[7]  Chin-Chen Chang,et al.  A new key assignment scheme for enforcing complicated access control policies in hierarchy , 2003, Future Gener. Comput. Syst..

[8]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[10]  C. Lei,et al.  A dynamic cryptographic key assignment scheme in a tree structure , 1993 .

[11]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[12]  Robert E. Tarjan,et al.  Efficiency of a Good But Not Linear Set Union Algorithm , 1972, JACM.

[13]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[14]  Mikhail J. Atallah,et al.  Key management for non-tree access hierarchies , 2006, SACMAT '06.

[15]  Chin-Chen Chang,et al.  Cryptographic key assignment scheme for hierarchical access control , 2001, Comput. Syst. Sci. Eng..

[16]  Jyh-haw Yeh,et al.  An RSA-based time-bound hierarchical key assignment scheme for electronic article subscription , 2005, CIKM '05.

[17]  Qiang Tang,et al.  Comments on a cryptographic key assignment scheme , 2005, Comput. Stand. Interfaces.

[18]  Atsuko Miyaji,et al.  Characterization of Elliptic Curve Traces under FR-Reduction , 2000, ICISC.

[19]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[20]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[21]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[22]  Elena Barcucci,et al.  The average height of directed column-convex polyominoes having square, hexagonal and triangular cells , 1997 .

[23]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[24]  Mikkel Thorup,et al.  Shortcutting Planar Digraphs , 1995, Combinatorics, Probability and Computing.

[25]  Alfredo De Santis,et al.  Cryptographic key assignment schemes for any access control policy , 2004, Inf. Process. Lett..

[26]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[27]  Jonathan Katz,et al.  Characterization of Security Notions for Probabilistic Private-Key Encryption , 2005, Journal of Cryptology.

[28]  Alfred V. Aho,et al.  The Transitive Reduction of a Directed Graph , 1972, SIAM J. Comput..

[29]  Koutarou Suzuki,et al.  Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts , 2009, Public Key Cryptography.

[30]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[31]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[32]  Hung-Yu Chen,et al.  Efficient time-bound hierarchical key assignment scheme , 2004 .

[33]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[34]  Yu-Fang Chung,et al.  Hierarchical access control based on Chinese Remainder Theorem and symmetric algorithm , 2002, Comput. Secur..

[35]  Chu-Hsing Lin,et al.  Dynamic key management schemes for access control in a hierarchy , 1997, Comput. Commun..

[36]  Xun Yi,et al.  Security of Chien's efficient time-bound hierarchical key assignment scheme , 2005, IEEE Transactions on Knowledge and Data Engineering.

[37]  Victor R. L. Shen,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002, Comput. Secur..

[38]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[39]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[40]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[41]  Chi-Sung Laih,et al.  Merging: an efficient solution for a time-bound hierarchical key assignment scheme , 2006, IEEE Transactions on Dependable and Secure Computing.

[42]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[43]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[44]  Elisa Bertino,et al.  A temporal key management scheme for secure broadcasting of XML documents , 2002, CCS '02.

[45]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[46]  Hwang Min-Shiang,et al.  A cryptographic key assignment scheme in a hierarchy for access control , 1997 .

[47]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2008, Theor. Comput. Sci..

[48]  Peter Winkler,et al.  Counting linear extensions is #P-complete , 1991, STOC '91.

[49]  Chin-Chen Chang,et al.  A new cryptographic key assignment scheme with time-constraint access control in a hierarchy , 2004, Comput. Stand. Interfaces.

[50]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[51]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[52]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[53]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[54]  Jason Crampton,et al.  On key assignment for hierarchical access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[55]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[56]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[57]  Mikhail J. Atallah,et al.  Incorporating Temporal Capabilities in Existing Key Management Schemes , 2007, ESORICS.

[58]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[59]  M. Yannakakis The Complexity of the Partial Order Dimension Problem , 1982 .

[60]  Andrew Chi-Chih Yao,et al.  Space-time tradeoff for answering range queries (Extended Abstract) , 1982, STOC '82.

[61]  Alfredo De Santis,et al.  Enforcing the security of a time-bound hierarchical key assignment scheme , 2006, Inf. Sci..

[62]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.