New Solutions to the Problem of Access Control in a Hierarchy

The access control problem in a hierarchical organization consists of the management of information among a number of users who are divided into different security classes according to their suitability in accessing the information. Within the scope of cryptography the problem can be reduced to generating a cryptographic key for each security class in such a way that the key of a security class can be used to derive the keys of all lower security classes. This paper presents a new approach to solving the problem, based on pseudo-random function families, universal hash function families and in particular, sibling intractable function families. The approach is illustrated by two types of solutions. The first type of solution allows keys of lower security classes to be obtained indirectly from that of higher security classes through the calculation of the keys of all intermediate security classes, while the second type of solution allows keys of lower security classes to be obtained directly from that of higher security classes without involving other security classes. A formal definition of security for key generation schemes is introduced and the security of the proposed schemes is proven. Issues in key management are also addressed and several possible polices are suggested. The proposed solutions have theoretical significance in that their security relies only on the existence of any one-way function, and they also have practical applications in that they can be easily incorporated into existing information systems.

[1]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[2]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[3]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[6]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[7]  Selim G. Akl,et al.  Cryptographic Solution to a Multilevel Security Problem , 1982, CRYPTO.

[8]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[9]  Stafford E. Tavares,et al.  Flexible Access Control with Master Keys , 1989, CRYPTO.

[10]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[11]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[12]  T. Hardjono Sibling Intractable Function Families and Their Applications 1 , 1992 .

[13]  Kenji Koyama,et al.  Membership Authentication for Hierarchical Multigroups Using the Extended Fiat-Shamir Scheme , 1991, EUROCRYPT.

[14]  Thomas Hardjono,et al.  Sibling Intractable Function Families and Their Applications (Extended Abstract) , 1991, ASIACRYPT.

[15]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[16]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..