research-article

Dynamic and Efficient Key Management for Access Hierarchies

Authors:

Mikhail J. Atallah,

Marina Blanton,

Nelly Fazio,

Keith B. FrikkenAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 12, Issue 3

Article No.: 18, Pages 1 - 43

https://doi.org/10.1145/1455526.1455531

Published: 01 January 2009 Publication History

Get Access

Abstract

Hierarchies arise in the context of access control whenever the user population can be modeled as a set of partially ordered classes (represented as a directed graph). A user with access privileges for a class obtains access to objects stored at that class and all descendant classes in the hierarchy. The problem of key management for such hierarchies then consists of assigning a key to each class in the hierarchy so that keys for descendant classes can be obtained via efficient key derivation.

We propose a solution to this problem with the following properties: (1) the space complexity of the public information is the same as that of storing the hierarchy; (2) the private information at a class consists of a single key associated with that class; (3) updates (i.e., revocations and additions) are handled locally in the hierarchy; (4) the scheme is provably secure against collusion; and (5) each node can derive the key of any of its descendant with a number of symmetric-key operations bounded by the length of the path between the nodes. Whereas many previous schemes had some of these properties, ours is the first that satisfies all of them. The security of our scheme is based on pseudorandom functions, without reliance on the Random Oracle Model.

Another substantial contribution of this work is that we are able to lower the key derivation time at the expense of modestly increasing the public storage associated with the hierarchy. Insertion of additional, so-called shortcut, edges, allows to lower the key derivation to a small constant number of steps for graphs that are total orders and trees by increasing the total number of edges by a small asymptotic factor such as O(log^* n) for an n-node hierarchy. For more general access hierarchies of dimension d, we use a technique that consists of adding dummy nodes and dimension reduction. The key derivation work for such graphs is then linear in d and the increase in the number of edges is by the factor O(log^d − 1 n) compared to the one-dimensional case.

Finally, by making simple modifications to our scheme, we show how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.

References

[1]

<scp>Akl, S. and Taylor, P.</scp> 1983. Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1, 3 (Sept.), 239--248.

Abstract

References

Cited By

Index Terms

Recommendations

Dynamic and efficient key management for access hierarchies

Secure key management scheme for dynamic hierarchical access control based on ECC

Key hierarchies for hierarchical access control in secure group communications

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations