An efficient flexible hierarchical access control scheme enabling real-life exceptions

Abstract

Most organizations today inherently followed hierarchical access control implemented using a hierarchical key assignment scheme (HKAS). An HKAS enforce reflexive, anti-symmetric, and transitive relations among the nodes (or access classes) in the hierarchy. In real life, the organizations come across rare but practical situations such as anti-symmetric exception, the temporary delegation of access to a user, etc. The traditional HKASs are costly and are not readily implement these exceptions. It motivates to relook at redesigning existing HKASs that efficiently incorporate and revokes the exceptions into the existing hierarchy as and when needed. The current similar work uses asymmetric key cryptosystem to implement the flexible HKAS with exceptions. This work proposes a novel and efficient symmetric key-based flexible HKAS that efficiently addresses the flexible hierarchy requirements. To the best of our knowledge, this is the first symmetric key-based flexible HKAS enabling exceptions. The dynamics of the scheme are addressed and compared with the other similar existing schemes. The security of the new HKAS is analyzed formally against a stronger and modern security notion known as key-indistinguishability.

Appendix I. APPENDIX

Lemma 1

\(|Pr[G_1]-Pr[G_0]| \le \in _{PRF}\)

Proof

Let’s assume there exists an adversary \(A_{IND}\) that can distinguish between game \(G_0\) and game \(G_1\). We now demonstrate how to construct an algorithm \(A_F\), using \(A_{IND}\) as a black-box, can distinguish between truly random and pseudorandom functions.

Algorithm \(A_F\) runs the PRF game described in Definition 3.3. Thus, it has given access to an oracle function g(), either a truly random function or a pseudorandom function. Algorithm \(A_F\) randomly chooses between one of the game \(G_0\) and game \(G_1\) to simulates the environment of \(A_{IND}\). Here, if \(A_F\) is interacting with a pseudorandom function g(), then the simulation becomes the same as game \(G_0\); otherwise, it is the same as game \(G_1\). First, the access hierarchy for the acyclic graph is set up, where key \(K_W\) is computed via oracle g as follows: \(K^d_w = g(l_w)\), and for every successor u of w, \(Y_{w,u} = K^d_w \oplus g(l_u).\)

It is equivalent to game \(G_0\) when oracle function g() computes as a pseudorandom function, and equivalent to game \(G_1\) when oracle function g() computes as a true random function.

After serving \(A_{IND}\) with the resulting public information, \(A_F\) can readily reply to any Corrupt query that \(A_{IND}\) may issue since \(A_F\) knows all the secret keys except \(K^d_w\). On receiving the challenge query from \(A_{IND}\), \(A_F\) picks a random bit b \(\in \) {0,1}. If b = 0, then \(A_F\) computes the actual key \(k^d_w\) associated with node W; otherwise, if b = 1, \(A_F\) assigns a random key of the same length to \(k^d_w\).

Finally, \(A_{IND}\), as his best guess outputs bit b’ \(\in \) {0,1} whether he was given the actual key \(k^d_w\) or a random key. If b = b’, then \(A_F\) gives an output 1, assuming it is a pseudorandom function; otherwise, \(A_F\) gives an output 0, assuming it is a truly random function. Now we have

$$\begin{aligned} \in _{PRF}&\ge Adv^{PRF}_{A_F}(\rho )\\&= |Pr[A_F\text { outputs }1|\text {g is a PRF}] \\&\quad - Pr[A_F\text { outputs 1}|\text {g is a random function}]|\\&= |Pr[\text {b=b'}|\text {g is a PRF}] \\&\quad - Pr[\text {b=b'}|\text {g is a random function}]|\\&= |Pr[A_{IND}\text { guesses b' correctly}|\text {g is a PRF}] \\&\quad -Pr[A_{IND}\text { guesses b' correctly}|\text {g is a random function}]|\\&= |Pr[T_0] - Pr[T_1]| . \end{aligned}$$

It concludes the statement. \(\square \)