Hierarchical and Shared Access Control

Access control ensures that only the authorized users of a system are allowed to access certain resources or tasks. Usually, according to their roles and responsibilities, users are organized in hierarchies formed by a certain number of disjoint classes. Such hierarchies are implemented by assigning a key to each class, so that the keys for descendant classes can be efficiently derived from classes higher in the hierarchy. However, pure hierarchical access may represent a limitation in many real-world cases. In fact, sometimes it is necessary to ensure access to a resource or task by considering both its directly responsible user and a group of users possessing certain credentials. In this paper, we first propose a novel model that generalizes the conventional hierarchical access control paradigm, by extending it to certain additional sets of qualified users. Afterward, we propose two constructions for hierarchical key assignment schemes in this new model, which are provably secure with respect to key indistinguishability. In particular, the former construction relies on both symmetric encryption and perfect secret sharing, whereas, the latter is based on public-key threshold broadcast encryption.

[1]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[2]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[3]  Alfredo De Santis,et al.  Security and Tradeoffs of the Akl-Taylor Scheme and Its Variants , 2009, MFCS.

[4]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[5]  Alfredo De Santis,et al.  On the size of shares for secret sharing schemes , 1991, Journal of Cryptology.

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2008, Theor. Comput. Sci..

[8]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[9]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[10]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[11]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[12]  Luigi Catuogno,et al.  A secure file sharing service for distributed computing environments , 2013, The Journal of Supercomputing.

[13]  Barbara Masucci,et al.  On the Equivalence of Two Security Notions for Hierarchical Key Assignment Schemes in the Unconditional Setting , 2015, IEEE Transactions on Dependable and Secure Computing.

[14]  M. Smid,et al.  Key escrowing today , 1994, IEEE Communications Magazine.

[15]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[16]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[17]  Alfredo De Santis,et al.  Unconditionally secure key assignment schemes , 2006, Discret. Appl. Math..

[18]  Alfredo De Santis,et al.  A note on time-bound hierarchical key assignment schemes , 2013, Inf. Process. Lett..

[19]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[20]  Paz Morillo,et al.  CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts , 2007, ProvSec.

[21]  Kenneth G. Paterson,et al.  Provably Secure Key Assignment Schemes from Factoring , 2011, ACISP.

[22]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..

[23]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[24]  Kenneth G. Paterson,et al.  Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes , 2013, CT-RSA.

[25]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[26]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT '07.

[27]  Yu Zhang,et al.  FEACS: A Flexible and Efficient Access Control Scheme for Cloud Computing , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[28]  Bob Toxen The NSA and Snowden: securing the all-seeing eye , 2014, CACM.

[29]  Mikhail J. Atallah,et al.  Incorporating Temporal Capabilities in Existing Key Management Schemes , 2007, ESORICS.

[30]  Alfredo De Santis,et al.  Key Indistinguishability versus Strong Key Indistinguishability for Hierarchical Key Assignment Schemes , 2016, IEEE Transactions on Dependable and Secure Computing.

[31]  Jonathan Katz,et al.  Characterization of Security Notions for Probabilistic Private-Key Encryption , 2005, Journal of Cryptology.

[32]  Alfredo De Santis,et al.  Variations on a theme by Akl and Taylor: Security and tradeoffs , 2010, Theor. Comput. Sci..

[33]  Alfredo De Santis,et al.  Probability of Shares in Secret Sharing Schemes , 1999, Inf. Process. Lett..

[34]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[35]  Elisa Bertino,et al.  An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting , 2008, IEEE Transactions on Dependable and Secure Computing.

[36]  Alfredo De Santis,et al.  Efficient provably-secure hierarchical key assignment schemes , 2007, Theor. Comput. Sci..

[37]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).