On the Relations Between Security Notions in Hierarchical Key Assignment Schemes for Dynamic Structures

A hierarchical key assignment scheme distribute some private information and encryption keys to a set of classes in a partially ordered hierarchy, so that the private information of higher classes can be employed to derive the keys of classes lower down in the hierarchy. A hierarchical key assignment scheme for dynamic structures allows to make dynamic updates to the hierarchy, such as addition, deletion and modification of classes and relations among them, as well as the revocation of users. In this work we analyze security notions for hierarchical key assignment schemes supporting dynamic structures. In particular, we first propose the notion of key recovery for those schemes. Furthermore, we extend to such schemes the strong key indistinguishability and strong key recovery security definitions proposed by Freire et al. for hierarchical key assignment schemes. Finally, we investigate the relations occurring between all the state-of-the-art security notions for hierarchical key assignment schemes supporting dynamic structures, showing implications and separations which hold between such notions. In detail, we prove that also in the case of dynamic structures, security with respect to strong key indistinguishability is equivalent to the one with respect to key indistinguishability.

[1]  Kenneth G. Paterson,et al.  Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes , 2013, CT-RSA.

[2]  Kenneth G. Paterson,et al.  Provably Secure Key Assignment Schemes from Factoring , 2011, ACISP.

[3]  Wen-Guey Tzeng,et al.  A secure system for data access based on anonymous authentication and time-dependent hierarchical keys , 2006, ASIACCS '06.

[4]  Alfred V. Aho,et al.  The Transitive Reduction of a Directed Graph , 1972, SIAM J. Comput..

[5]  Alfredo De Santis,et al.  Variations on a theme by Akl and Taylor: Security and tradeoffs , 2010, Theor. Comput. Sci..

[6]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[7]  Hwang Min-Shiang,et al.  A cryptographic key assignment scheme in a hierarchy for access control , 1997 .

[8]  Alfredo De Santis,et al.  Unconditionally secure key assignment schemes , 2006, Discret. Appl. Math..

[9]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[10]  Qiang Tang,et al.  Comments on a cryptographic key assignment scheme , 2005, Comput. Stand. Interfaces.

[11]  Chu-Hsing Lin,et al.  Dynamic key management schemes for access control in a hierarchy , 1997, Comput. Commun..

[12]  Alfredo De Santis,et al.  Efficient provably-secure hierarchical key assignment schemes , 2007, Theor. Comput. Sci..

[13]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2008, Theor. Comput. Sci..

[14]  Chin-Chen Chang,et al.  A new cryptographic key assignment scheme with time-constraint access control in a hierarchy , 2004, Comput. Stand. Interfaces.

[15]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[16]  Xun Yi,et al.  Security of Chien's efficient time-bound hierarchical key assignment scheme , 2005, IEEE Transactions on Knowledge and Data Engineering.

[17]  Victor R. L. Shen,et al.  A Novel Key Management Scheme Based on Discrete Logarithms and Polynomial Interpolations , 2002, Comput. Secur..

[18]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[19]  Xinyi Huang,et al.  Cryptographic Hierarchical Access Control for Dynamic Structures , 2016, IEEE Transactions on Information Forensics and Security.

[20]  Alfredo De Santis,et al.  Enforcing the security of a time-bound hierarchical key assignment scheme , 2006, Inf. Sci..

[21]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[22]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT '07.

[23]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[24]  Jin Li,et al.  Hierarchical and Shared Access Control , 2016, IEEE Transactions on Information Forensics and Security.

[25]  Chin-Chen Chang,et al.  Cryptographic key assignment scheme for hierarchical access control , 2001, Comput. Syst. Sci. Eng..

[26]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[27]  Chi-Sung Laih,et al.  Merging: an efficient solution for a time-bound hierarchical key assignment scheme , 2006, IEEE Transactions on Dependable and Secure Computing.

[28]  Alfredo De Santis,et al.  Cryptographic key assignment schemes for any access control policy , 2004, Inf. Process. Lett..

[29]  C. Lei,et al.  A dynamic cryptographic key assignment scheme in a tree structure , 1993 .

[30]  Chin-Chen Chang,et al.  A new key assignment scheme for enforcing complicated access control policies in hierarchy , 2003, Future Gener. Comput. Syst..

[31]  Mikhail J. Atallah,et al.  Key management for non-tree access hierarchies , 2006, SACMAT '06.

[32]  Jyh-haw Yeh,et al.  An RSA-based time-bound hierarchical key assignment scheme for electronic article subscription , 2005, CIKM '05.

[33]  Hung-Yu Chen,et al.  Efficient time-bound hierarchical key assignment scheme , 2004 .

[34]  Barbara Masucci,et al.  On the Equivalence of Two Security Notions for Hierarchical Key Assignment Schemes in the Unconditional Setting , 2015, IEEE Transactions on Dependable and Secure Computing.

[35]  Yu-Fang Chung,et al.  Hierarchical access control based on Chinese Remainder Theorem and symmetric algorithm , 2002, Comput. Secur..

[36]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[37]  Mikhail J. Atallah,et al.  Incorporating Temporal Capabilities in Existing Key Management Schemes , 2007, ESORICS.

[38]  Alfredo De Santis,et al.  Key Indistinguishability versus Strong Key Indistinguishability for Hierarchical Key Assignment Schemes , 2016, IEEE Transactions on Dependable and Secure Computing.

[39]  Alfredo De Santis,et al.  Hierarchical and Shared Key Assignment , 2014, 2014 17th International Conference on Network-Based Information Systems.

[40]  Alfredo De Santis,et al.  Security and Tradeoffs of the Akl-Taylor Scheme and Its Variants , 2009, MFCS.