BOUND HIERARCHICAL KEY MANAGEMENT SCHEME

Bound Hierarchical Key Management Scheme

Abstract

The problem of hierarchical access control in secure group communications has elicited much interest in the literatures. However, most of the researches to date on hierarchical access control pay more attention to the particular encryption techniques, but considered little about the features of key hierarchies. In hierarchical access control systems, keys are usually organized hierarchically. We analyze the user-based, resource-based and unified key hierarchies in this paper. The first two hierarchies are established from the access matrix. By unifying these two hierarchies, we get the unified key hierarchy. Furthermore, we introduce the explicit accessible set and the explicit dominating set to describe the key distributions for these hierarchies, and prove that the unified key hierarchy can be formed from the explicit dominating sets in the user-based key hierarchy or the explicit accessible sets in the resource-based key hierarchy. To evaluate the efficiency of the described key hierarchies, we combine these hierarchies with the existing key assignment models and analyze their storage and rekey overheads. These overheads can be derived from the access matrix, and the derivation procedure is described. The conclusions of this paper can help to establish a suitable key hierarchy so as to make the key assignment scheme more efficient in practical application.

Table of contents

Abstract2

Table of contents3

1 Introduction4

1.1 Access Control and Key Management4

1.2 Hierarchical Access Control Systems5

1.3 Project Motivation5

1.4 Project Plan7

1.5 Project Organization8

2 Key Generation in Hierarchical Systems10

3 Akl-Taylor Scheme12

3.1 Setup13

3.2 Key Generation and Distribution14

3.3 Key Derivation15

3.4 Example16

4 Wang-Laih Scheme17

4.1 Setup and Initialization17

4.2 Merge Function18

4.3 Encryption key generation19

4.4 User Registration20

4.5 Key Derivation21

4.6 Example22

4.7 Security Analysis24

4.8 Performance Analysis25

5 Yeh-Shyam Scheme26

5.1 Initialization and Setup27

5.2 The New Merge Function28

5.3 Encryption Key Generation30

5.4 User Registration30

5.5 Key derivation31

5.6 Example32

5.7 Security Analysis33

5.8 Performance Analysis33

5.8.1 Storage Requirements34

5.8.2 Computational Complexity34

6 Setup, Analysis and Results36

6.1 Implementation Overview37

6.2 Tools and Methodology38

6.3 Storage Requirement Analysis39

6.4 Performance Analysis40

7 Conclusions42

7.1 Recommendations for Future Research43

References45

1 Introduction

1.1 Access Control and Key Management

A key management scheme assigns keys to the access classes and distributes a subset of the keys to a user, which permit her to obtain access to objects at her class(es) and all of the descendant classes. Such key management schemes are usually evaluated by the number of total keys the system must maintain, the number of keys each user receives, the size of public information, the time required to derive keys for access classes, and work needed to perform when the hierarchy or the set of users change. Hierarchies of access classes are used in many domains, and in many cases they are more general than trees. The most traditional example of such hierarchies is Role-Based Access Control (RBAC) models A hierarchical key assignment scheme is a method to assign an encryption key and some private information to each class in the hierarchy. The encryption key will be used by each class to protect its data by means of a symmetric cryptosystem. The private information will be used by each class to compute the keys assigned to all classes lower down in ...