Abstract
A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, according to temporal constraints.
In this paper we design and analyze time-bound hierarchical key assignment schemes which are provably-secure and efficient. We consider two different goals: security with respect to key indistinguishability and against key recovery. Moreover, we distinguish security against static and adaptive adversarial behaviors. We explore the relations between all possible combinations of security goals and adversarial behaviors and, in particular, we prove that security against adaptive adversaries is (polynomially) equivalent to security against static adversaries. Finally, we propose two different constructions for time-bound key assignment schemes. The first one is based on symmetric encryption schemes, whereas the second one makes use of bilinear maps. Both constructions support updates to the access hierarchy with local changes to the public information and without requiring any private information to be re-distributed.
Article PDF
Similar content being viewed by others
References
A.V. Aho, M.R. Garey, J.D. Ullman, The transitive reduction of a directed graph. SIAM J. Comput. 1, 131–137 (1972)
S.G. Akl, P.D. Taylor, Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)
M.J. Atallah, M. Blanton, N. Fazio, K.B. Frikken, Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12(3) (2009). Preliminary version in Proc. of the ACM Conference on Computer and Communications Security 2006
M.J. Atallah, M. Blanton, K.B. Frikken, Key management for non-tree access hierarchies, in Proc. of the ACM Symposium on Access Control Models and Technologies (2006), pp. 11–18
M.J. Atallah, M. Blanton, K.B. Frikken, Incorporating temporal capabilities in existing key management schemes, in ESORICS (2007), pp. 515–530
G. Ateniese, A. De Santis, A.L. Ferrara, B. Masucci, Provably-secure time-bound hierarchical key assignment schemes. Rep. 2006/225 at the IACR Cryptology ePrint Archive.
G. Ateniese, A. De Santis, A.L. Ferrara, B. Masucci, Provably-secure time-bound hierarchical key assignment schemes, in Proc. of the ACM Conference on Computer and Communications Security (2006), pp. 288–297
M. Bellare, P. Rogaway, Introduction to modern cryptography. Available as http://www.cs.ucdavis.edu/~rogaway/classes/227/fall03/book/index.html
M. Bellare, R. Canetti, H. Krawczyk, Keying hash functions for message authentication, in Proc. of Advances in Cryptology, Crypto. Lecture Notes in Computer Science (1996), pp. 1–15
M. Bellare, A. Desai, E. Jokipii, P. Rogaway, A concrete security treatment of symmetric encryption, in Proc. of the 38th IEEE Symposium on Foundations of Computer Science (1997), pp. 394–403
E. Bertino, B. Carminati, E. Ferrari, A temporal key management scheme for secure broadcasting of XML documents, in Proc. of the ACM Conference on Computer and Communications Security (2002), pp. 31–40
D. Boneh, X. Boyen, Efficient selective-ID secure identity-based encryption without random oracles, in Advances in Cryptology—Eurocrypt. Lecture Notes in Computer Science (2004), pp. 223–238
D. Boneh, X. Boyen, E.-J. Goh, Hierarchical identity based encryption with constant size ciphertext, in EUROCRYPT (2005), pp. 440–456
D. Boneh, M.K. Franklin, Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)
D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)
R. Canetti, S. Halevi, J. Katz, A forward-secure public-key encryption scheme, in Proc. of Advances in Cryptology—Eurocrypt. Lecture Notes in Computer Science, vol. 2656 (2003), pp. 255–271
T. Chen, Y. Chung, Hierarchical access control based on Chinese remainder theorem and symmetric algorithm. Comput. Secur. 21(6), 565–570 (2002)
H.-Y. Chien, Efficient time-bound hierarchical key assignment scheme. IEEE Trans. Knowl. Data Eng. 16(10), 1301–1304 (2004)
J. Crampton, K. Martin, P. Wild, On key assignment for hierarchical access control, in Proc. of the 19th IEEE Computer Security Foundations Workshop (2006), pp. 98–111
P. D’Arco, A. De Santis, A.L. Ferrara, B. Masucci, Variations on a theme by Akl and Taylor: security and tradeoffs. Theor. Comput. Sci. 411(1), 213–227 (2010)
A. De Santis, A.L. Ferrara, B. Masucci, Cryptographic key assignment schemes for any access control policy. Inf. Process. Lett. 92(4), 199–205 (2004)
A. De Santis, A.L. Ferrara, B. Masucci, Enforcing the security of a time-bound hierarchical key assignment scheme. Inf. Sci. 176(12), 1684–1694 (2006)
A. De Santis, A.L. Ferrara, B. Masucci, Efficient provably-secure hierarchical key assignment schemes, in MFCS, ed. by L. Kucera, A. Kucera. Lecture Notes in Computer Science, vol. 4708 (Springer, Berlin, 2007), pp. 371–382
A. De Santis, A.L. Ferrara, B. Masucci, New constructions for provably-secure time-bound hierarchical key assignment schemes. Theor. Comput. Sci. 407(1–3), 213–230 (2008)
S.D. Galbraith, K. Harrison, D. Soldera, Implementing the tate pairing, in Proc. of the Algorithmic Number Theory Symposium. Lecture Notes in Computer Science (2000), pp. 385–394
O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM 33(4), 792–807 (1986)
S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
L. Harn, H.Y. Lin, A cryptographic key generation scheme for multilevel data security. Comput. Secur. 9(6), 539–546 (1990)
H.F. Huang, C.C. Chang, A new cryptographic key assignment scheme with time-constraint access control in a hierarchy. Comput. Stand. Interfaces 26, 159–166 (2004)
M.S. Hwang, A cryptographic key assignment scheme in a hierarchy for access control. Math. Comput. Model. 26(1), 27–31 (1997)
A. Joux, A one round protocol for tripartite Diffie-Hellman, in Proc. of the Algorithmic Number Theory Symposium (2000), pp. 385–394
J. Katz, M. Yung, Characterization of security notions for probabilistic private-key encryption. J. Cryptol. 19(1), 67–95 (2006)
H.T. Liaw, S.J. Wang, C.L. Lei, A dynamic cryptographic key assignment scheme in a tree structure. Comput. Math. Appl. 25(6), 109–114 (1993)
C.H. Lin, Dynamic key management schemes for access control in a hierarchy. Comput. Commun. 20, 1381–1385 (1997)
I.C. Lin, M.S. Hwang, C.C. Chang, A new key assignment scheme for enforcing complicated access control policies in hierarchy. Future Gener. Comput. Syst. 19, 157–462 (2003)
S.J. MacKinnon, P.D. Taylor, H. Meijer, S.G. Akl, An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Trans. Comput. 34(9), 797–802 (1985)
A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions for elliptic curve traces for FR-reduction. IEICE Trans. Fundam. E-84(5) (2001)
M. Naor, O. Reingold, Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2), 231–262 (2004)
R.S. Sandhu, Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)
V. Shen, T. Chen, A novel key management scheme based on discrete logarithms and polynomial interpolations. Comput. Secur. 21(2), 164–171 (2002)
Q. Tang, C.J. Mitchell, Comments on a cryptographic key assignment scheme. Comput. Stand. Interfaces 27, 323–326 (2005)
W.-G. Tzeng, A time-bound cryptographic key assignment scheme for access control in a hierarchy. IEEE Trans. Knowl. Data Eng. 14(1), 182–188 (2002)
W.-G. Tzeng, A secure system for data access based on anonymous and time-dependent hierarchical keys, in Proc. of the ACM Symposium on Information, Computer and Communications Security (2006), pp. 223–230
S.-Y. Wang, C.- Laih, Merging: an efficient solution for a time-bound hierarchical key assignment scheme. IEEE Trans. Dependable Secure Comput. 3(1), 91–100 (2006)
T. Wu, C. Chang, Cryptographic key assignment scheme for hierarchical access control. Int. J. Comput. Syst. Sci. Eng. 1(1), 25–28 (2001)
J. Yeh, An RSA-based time-bound hierarchical key assignment scheme for electronic article subscription, in Proc. of the ACM CIKM International Conference on Information and Knowledge Management (2005), pp. 285–286
J. Yeh, R. Chow, R. Newman, A key assignment for enforcing access control policy exceptions, in Proc. of the International Symposium on Internet Technology (1998), pp. 54–59
X. Yi, Security of chien’s efficient time-bound hierarchical key assignment scheme. IEEE Trans. Knowl. Data Eng. 17(9), 1298–1299 (2005)
X. Yi, Y. Ye, Security of Tzeng’s time-bound key assignment scheme for access control in a hierarchy. IEEE Trans. Knowl. Data Eng. 15(4), 1054–1055 (2003)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Matt Paterson
Rights and permissions
About this article
Cite this article
Ateniese, G., De Santis, A., Ferrara, A.L. et al. Provably-Secure Time-Bound Hierarchical Key Assignment Schemes. J Cryptol 25, 243–270 (2012). https://doi.org/10.1007/s00145-010-9094-6
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9094-6