Abstract
Most organizations today inherently followed hierarchical access control implemented using a hierarchical key assignment scheme (HKAS). An HKAS enforce reflexive, anti-symmetric, and transitive relations among the nodes (or access classes) in the hierarchy. In real life, the organizations come across rare but practical situations such as anti-symmetric exception, the temporary delegation of access to a user, etc. The traditional HKASs are costly and are not readily implement these exceptions. It motivates to relook at redesigning existing HKASs that efficiently incorporate and revokes the exceptions into the existing hierarchy as and when needed. The current similar work uses asymmetric key cryptosystem to implement the flexible HKAS with exceptions. This work proposes a novel and efficient symmetric key-based flexible HKAS that efficiently addresses the flexible hierarchy requirements. To the best of our knowledge, this is the first symmetric key-based flexible HKAS enabling exceptions. The dynamics of the scheme are addressed and compared with the other similar existing schemes. The security of the new HKAS is analyzed formally against a stronger and modern security notion known as key-indistinguishability.
Similar content being viewed by others
References
Selim G A and Peter D T 1983 Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1: 239–248
Mikhail J A, Marina B, Nelly F and Keith B F 2009 Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12:18:1–18:43
Jason C and Hemanth K 2006 Delegation in role-based access control. In: Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings, pp 174–191
Jyh-haw Y, Randy C and Richard N 2003 Key assignment for enforcing access control policy exceptions in distributed systems. Inf. Sci. 152: 63–88
Ya-Fen C 2015 A flexible hierarchical access control mechanism enforcing extension policies.Secur. Commun. Netw. 8: 189–201
Iuon-Chang L, Min-Shiang H and Chin-Chen C 2003 A new key assignment scheme for enforcing complicated access control policies in hierarchy. Future Gener. Comput. Syst. 19: 457–462
Gaurav P and Purushothama B R 2019 Extended hierarchical key assignment scheme (e-hkas): how to efficiently enforce explicit policy exceptions in dynamic hierarchies. Sādhanā 44: 235
Mikhail J A, Keith B F and Marina B 2005 Dynamic and efficient key management for access hierarchies. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, Alexandria, VA, USA, pp 190–202
Arcangelo C, de Santis A and Barbara M 2016 Key indistinguishability versus strong key indistinguishability for hierarchical key assignment schemes.IEEE Trans. Dependable Secur. Comput. 13: 451–460
Jyh-haw Y 2009 Enforcing non-hierarchical access policies by hierarchical key assignment schemes. Inf. Process. Lett. 110: 46–49
Ping-Kun H, Mu-Ting L and Iuon-Chang L 2018 Flexible hierarchical key assignment scheme with time-based assured deletion for cloud storage. In: International Computer Symposium, pp 599–607, Springer
Tsung-Chih H, Tzer-Long C, Tzer-Shyong C and Yu-Fang C 2019 Elliptic curve cryptosystems-based date-constrained hierarchical key management scheme in internet of things. Sensors Mater. 31: 355–364
Neal K 1987 Elliptic curve cryptosystems. Mathe. Comput. 48: 203–209
Victor S M 1985 Use of elliptic curves in cryptography. In: Conference on the theory and application of cryptographic techniques, pp 417–426, Springer.
Ezedin B and Ravi S S 2000 Framework for role-based delegation models. In: 16th Annual Computer Security Applications Conference (ACSAC 2000), 11–15 December 2000, New Orleans, Louisiana, USA, page 168
Jason C and Hemanth K 2008 Delegation in role-based access control.Int. J. Inf. Secur. 7: 123–136
Indrajit R, Dieudonne M, Indrakshi R and Keesook J H 2013 A model for trust-based access control and delegation in mobile clouds. In: Data and Applications Security and Privacy XXVII-27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17,2013. Proceedings, pp 242–257
Anna Lisa F, Federica P and Chiara R 2021 Verifiable hierarchical key assignment schemes. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp 357–376, Springer.
Naveen Kumar and Anish Mathuria 2019 Comprehensive evaluation of key management hierarchies for outsourced data. Cybersecurity, 2: 8
Eduarda S V F, Kenneth G P and Bertram Poettering 2013 Simple, efficient and strongly ki-secure hierarchical key assignment schemes. In: Cryptographers’ Track at the RSA Conference, pp 101–114, Springer.
Paolo D A, De Santis A, Anna Lisa Ferrara and Barbara Masucci 2010 Variations on a theme by akl and taylor: Security and tradeoffs. Theor. Comput. Sci., 411: 213–227
Giuseppe A, de Santis A, Anna L F and Barbara M 2012 Provably-secure time-bound hierarchical key assignment schemes. J. Cryptol. 25: 243–270
Vikas R V, Naveen K and Shafiqul A 2021 Classifying time-bound hierarchical key assignment schemes. In: Advances in Computer, Communication and Computational Sciences, pp 111–119, Springer
Naveen K, Shailesh T, Zhigao Z, Krishn K M and Arun K S 2018 An efficient and provably secure time-limited key management scheme for outsourced data. Concurr. Comput. Practice Exp., p 30
Author information
Authors and Affiliations
Corresponding author
Appendix I. APPENDIX
Appendix I. APPENDIX
Lemma 1
\(|Pr[G_1]-Pr[G_0]| \le \in _{PRF}\)
Proof
Let’s assume there exists an adversary \(A_{IND}\) that can distinguish between game \(G_0\) and game \(G_1\). We now demonstrate how to construct an algorithm \(A_F\), using \(A_{IND}\) as a black-box, can distinguish between truly random and pseudorandom functions.
Algorithm \(A_F\) runs the PRF game described in Definition 3.3. Thus, it has given access to an oracle function g(), either a truly random function or a pseudorandom function. Algorithm \(A_F\) randomly chooses between one of the game \(G_0\) and game \(G_1\) to simulates the environment of \(A_{IND}\). Here, if \(A_F\) is interacting with a pseudorandom function g(), then the simulation becomes the same as game \(G_0\); otherwise, it is the same as game \(G_1\). First, the access hierarchy for the acyclic graph is set up, where key \(K_W\) is computed via oracle g as follows: \(K^d_w = g(l_w)\), and for every successor u of w, \(Y_{w,u} = K^d_w \oplus g(l_u).\)
It is equivalent to game \(G_0\) when oracle function g() computes as a pseudorandom function, and equivalent to game \(G_1\) when oracle function g() computes as a true random function.
After serving \(A_{IND}\) with the resulting public information, \(A_F\) can readily reply to any Corrupt query that \(A_{IND}\) may issue since \(A_F\) knows all the secret keys except \(K^d_w\). On receiving the challenge query from \(A_{IND}\), \(A_F\) picks a random bit b \(\in \) {0,1}. If b = 0, then \(A_F\) computes the actual key \(k^d_w\) associated with node W; otherwise, if b = 1, \(A_F\) assigns a random key of the same length to \(k^d_w\).
Finally, \(A_{IND}\), as his best guess outputs bit b’ \(\in \) {0,1} whether he was given the actual key \(k^d_w\) or a random key. If b = b’, then \(A_F\) gives an output 1, assuming it is a pseudorandom function; otherwise, \(A_F\) gives an output 0, assuming it is a truly random function. Now we have
It concludes the statement. \(\square \)
Rights and permissions
About this article
Cite this article
Lal, S., Kumar, N. An efficient flexible hierarchical access control scheme enabling real-life exceptions. Sādhanā 47, 20 (2022). https://doi.org/10.1007/s12046-021-01776-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12046-021-01776-0