×

A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. (English) Zbl 1370.94535

Summary: J.-W. Lo et al. [Inf. Sci. 181, No. 4, 917–925 (2011; Zbl 1208.94048)] proposed an efficient key assignment scheme for access control in a large leaf class hierarchy where the alternations in leaf classes are more frequent than in non-leaf classes in the hierarchy. Their scheme is based on the public-key cryptosystem and hash function where operations like modular exponentiations are very much costly compared to symmetric-key encryptions and decryptions, and hash computations. Their scheme performs better than the previously proposed schemes. However, in this paper, we show that Lo et al.’s scheme fails to preserve the forward security property where a security class \(C_x\) can also derive the secret keys of its successor classes \(C_j\)’s even after deleting the security class \(C_x\) from the hierarchy. We aim to propose a new key management scheme for dynamic access control in a large leaf class hierarchy, which makes use of symmetric-key cryptosystem and one-way hash function. We show that our scheme requires significantly less storage and computational overheads as compared to Lo et al.’s scheme and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against all possible attacks including the forward security. In addition, our scheme supports efficiently dynamic access control problems compared to Lo et al.’s scheme and other related schemes. Thus, higher security along with low storage and computational costs make our scheme more suitable for practical applications compared to other schemes.

MSC:

94A60 Cryptography
68P25 Data encryption (aspects in computer science)

Citations:

Zbl 1208.94048

Software:

Quark; PRESENT
PDFBibTeX XMLCite
Full Text: DOI

References:

[2] Akl, S. G.; Taylor, P. D., Cryptographic solution to a problem of access control in a hierarchy, ACM Transactions on Computer Systems (TOCS), 1, 3, 239-248 (1983)
[5] Chung, Y. F.; Lee, H. H.; Lai, F.; Chen, T. S., Access control in user hierarchy based on elliptic curve cryptosystem, Information Sciences, 178, 1, 230-243 (2008) · Zbl 1134.94358
[6] Das, A. K., A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks, International Journal of Information Security, 11, 3, 189-211 (2012)
[7] Das, A. K., A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications, Networking Science, 2, 1-2, 12-27 (2013)
[8] Das, A. K.; Paul, N. R.; Tripathy, L., Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem, Information Sciences, 209, 80-92 (2012) · Zbl 1276.94011
[9] Giri, D.; Srivastava, P. D., A cryptographic key assignment scheme for access control in poset ordered hierarchies with enhanced security, International Journal of Network Security, 7, 2, 223-234 (2008)
[10] Harn, L.; Lin, H. Y., A cryptographic key generation scheme for multilevel data security, Computers & Security, 9, 6, 539-546 (1990)
[11] Hwang, M.-S.; Lo, J.-W.; Liu, C.-H., Improvement on the flexible tree-based key management framework, Computers & Security, 24, 6, 500-504 (2005)
[12] Hwang, M.-S.; Yang, W.-P., Controlling access in large partially ordered hierarchies using cryptographic keys, Journal of Systems and Software, 67, 2, 99-107 (2003)
[13] Jeng, F. G.; Wang, C. M., An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem, Journal of Systems and Software, 79, 8, 1161-1167 (2006)
[14] Lin, I.-C.; Hwang, M.-S.; Chang, C.-C., A new key assignment scheme for enforcing complicated access control policies in hierarchy, Future Generation Computer Systems, 19, 4, 457-462 (2003)
[15] Lin, I.-C.; Ou, H.-H.; Hwang, M.-S., Efficient access control and key management schemes for mobile agents, Computer Standards & Interfaces, 26, 5, 423-433 (2004)
[16] Lin, Y.-L.; Hsu, C.-L., Secure key management scheme for dynamic hierarchical access control based on ECC, Journal of Systems and Software, 84, 4, 679-685 (2011)
[17] Lo, J.-W.; Hwang, M.-S.; Liu, C.-H., An efficient key assignment scheme for access control in a large leaf class hierarchy, Information Sciences, 181, 917-925 (2011) · Zbl 1208.94048
[18] Nikooghadam, M.; Zakerolhosseini, A., Secure Communication of Medical Information sing Mobile Agents, Journal of Medical Systems, 36, 6, 3839-3850 (2012)
[19] Nikooghadam, M.; Zakerolhosseini, A.; Moghaddam, M. E., Efficient utilization of elliptic curve cryptosystem for hierarchical access control, Journal of Systems and Software, 83, 10, 1917-1929 (2010)
[20] Sandhu, R. S., Cryptographic implementation of a tree hierarchy for access control, Information Processing Letters, 27, 2, 95-98 (1988)
[21] Sklavos, N.; Koufopavlou, O., Access control in networks hierarchy: implementation of key management protocol, International Journal of Network Security, 1, 2, 103-109 (2005) · Zbl 1067.68068
[22] Stallings, W., Cryptography and Network Security: Principles and Practices (2003), Prentice Hall
[24] Tzeng, S.-F.; Lee, C.-C.; Lin, T.-C., A novel key management scheme for dynamic access control in a hierarchy, International Journal of Network Security, 12, 3, 178-180 (2011)
[25] Wang, S.-Y.; Laih, C.-S., Cryptanalysis of Hwang-Yang scheme for controlling access in large partially ordered hierarchies, Journal of Systems and Software, 75, 189-192 (2005)
[26] Wu, S.; Chen, K., An efficient key-management scheme for hierarchical access control in e-medicine system, Journal of Medical Systems, 36, 4, 2325-2337 (2012)
[27] Yang, C.; Li, C., Access control in a hierarchy using one-way hash functions, Computers & Security, 23, 8, 659-664 (2004)
[28] Zhang, Q.; Wang, Y.; Jue, J. P., A key management scheme for hierarchical access control in group communication, International Journal of Network Security, 7, 3, 323-334 (2008)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.