An efficient key management scheme for content access control for linear hierarchies

The content access control problem appears in any context with a set of users and resources. The difference in access rights of the users defines classes, where members of a given class have exactly the same access rights. A hierarchy can be defined on the classes. Linear hierarchies constitute a particularly interesting type of hierarchies. They appear in a wide range of applications such as secure multi-layered data streaming and communications within security corps. Many proposals have dealt with key management issues for tree hierarchies but they result in unjustified overhead when applied to linear hierarchies. In this paper, we discuss the general problem of Content Access Control in a Hierarchy (CACH). Thereafter, we present the main requirements in key management to ensure confidentiality in linear hierarchies. In particular, we define a model to make a uniform and coherent description of the existing key management schemes. Thereafter, we propose an efficient key management scheme for linear hierarchies that not only provides mechanisms to manage membership changes but also hierarchy shape changes, and we describe it using our model. We conduct intensive simulations which show that our solution scales very well in terms of storage, bandwidth, and computation. Finally, we determine the complexity of some well-known key management schemes and compare them to the complexity of our scheme. This comparison shows that our scheme offers efficient compromises in complexity and overall overheads.

[1]  R. S. Sandhu,et al.  On some cryptographic solutions for access control in a tree hierarchy , 1987, FJCC.

[2]  Indrajit Ray,et al.  A cryptographic solution to implement access control in a hierarchy and more , 2002, SACMAT '02.

[3]  Jianmin Zhang,et al.  An Efficient Key Management Scheme for Access Control in a User Hierarchy , 2009, 2009 International Conference on Information Technology and Computer Science.

[4]  Robert H. Deng,et al.  Dynamic Access Control for Multi-privileged Group Communications , 2004, ICICS.

[5]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[6]  Zhen Wang,et al.  Group key management based on information flow policy for multi-privileged groups , 2010, 2010 IEEE International Conference on Information Theory and Information Security.

[7]  Chee-Onn Chow,et al.  A Novel Secure Key Management Module for Hierarchical Clustering Wireless Sensor Networks , 2011, 2011 Third International Conference on Computational Intelligence, Modelling & Simulation.

[8]  ChenTzer-Shyong,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002 .

[9]  K. J. Ray Liu,et al.  Scalable hierarchical access control in secure group communications , 2004, IEEE INFOCOM 2004.

[10]  Zhong-hua He,et al.  Dynamic key management in a user hierarchy , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[11]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[12]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[13]  Thomas Hardjono,et al.  Sibling Intractable Function Families and Their Applications (Extended Abstract) , 1991, ASIACRYPT.

[14]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[15]  Jennifer Seberry,et al.  New Solutions to the Problem of Access Control in a Hierarchy , 1993 .

[16]  Uta Wille,et al.  Communication complexity of group key distribution , 1998, CCS '98.

[17]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[18]  Victor R. L. Shen,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002, Comput. Secur..

[19]  Danny Dolev,et al.  Optimized Rekey for Group Communication Systems , 2000, NDSS.

[20]  Celia Li,et al.  Access control in a hierarchy using one-way hash functions , 2004, Comput. Secur..

[21]  Guangliang Liu,et al.  A hierarchical key management scheme in role-based access control , 2010, 2010 International Conference On Computer Design and Applications.

[22]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[23]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[24]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[25]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[26]  Yacine Challal,et al.  Key management for content access control in a hierarchy , 2007, Comput. Networks.

[27]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.

[28]  Colin Boyd,et al.  On Key Agreement and Conference Key Agreement , 1997, ACISP.

[29]  Cheng-Chi Lee,et al.  A Novel Key Management Scheme for Dynamic Access Control in a Hierarchy , 2011, Int. J. Netw. Secur..

[30]  David Hutchison,et al.  Hydra: a decentralised group key management , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[31]  Ashok Samal,et al.  Scalable secure one-to-many group communication using dual encryption , 2000, Comput. Commun..

[32]  K. C. Almeroth,et al.  Multicast group behavior in the Internet's multicast backbone (MBone) , 1997 .

[33]  Byrav Ramamurthy,et al.  Chinese Remainder Theorem Based Hierarchical Access Control for Secure Group Communication , 2001, ICICS.

[34]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[35]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[36]  Ashutosh Saxena,et al.  Hierarchical key management scheme using polynomial interpolation , 2005, OPSR.

[37]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[38]  Malibu Canyon RdMalibu Keystone: a Group Key Management Service , 2000 .

[39]  Yuan-Shun Dai,et al.  Secure Group Communication Based Scheme for Differential Access Control in Dynamic Environments , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).

[40]  R. Aparna,et al.  Key management scheme for multi-layer secure group communication , 2009, 2009 First International Communication Systems and Networks and Workshops.