Skip to main content
SpringerLink
Log in

Extended hierarchical key assignment scheme (E-HKAS): how to efficiently enforce explicit policy exceptions in dynamic hierarchies

  • Published:
Sādhanā Aims and scope Submit manuscript

Abstract

In this paper, we focus on practically motivated flexibility requirements for the hierarchical access control model, namely transitive exception and anti-symmetric exception. Additionally, we motivate a new flexibility requirement called “class delegation with descendant(s) safety” in a practical application scenario. We propose our extended hierarchical key assignment scheme (E-HKAS) that satisfies all three aforementioned flexibility requirements in a dynamic hierarchy of security classes. To propose a generic E-HKAS, we model the hierarchical access control policy as a collection of access groups. E-HKAS enforces transitive and anti-symmetric exceptions using an efficient group-based encryption scheme. To enforce class delegation with descendant(s) safety, we propose a novel cryptographic primitive called group proxy re-encryption (GPRE) that supports proxy re-encryption between two access groups. We present an IND-CPA-secure construction of our proposed GPRE scheme and formally prove its security. Performance analysis shows that the proposed E-HKAS enforces explicit transitive and anti-symmetric exceptions more efficiently than the existing approaches in the literature. Computation cost for key derivation is constant and does not depend on the depth of the hierarchy. Also, to enforce class delegation with descendant(s) safety, the proposed E-HKAS requires constant number of computational steps to be executed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5

Notes

  1. https://crypto.stanford.edu/pbc/.

References

  1. Atallah M J, Frikken K B and Blanton M 2005 Dynamic and efficient key management for access hierarchies. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS’05), pp. 190–202

  2. Yeh J H, Chow R and Newman R 1998 A key assignment for enforcing access control policy exceptions. In: Proceedings of the International Symposium on Internet Technology, pp. 54–59

  3. Yeh J H, Chow R and Newman R 2003 Key assignment for enforcing access control policy exceptions in distributed systems. Inf. Sci. 152: 63–88

    Article  MathSciNet  Google Scholar 

  4. Lin I C, Hwang M S and Chang C C 2003 A new key assignment scheme for enforcing complicated access control policies in hierarchy. Future Gener. Comput. Syst. 19: 457–462

    Article  Google Scholar 

  5. Chang Y F and Chang C C 2007 Tolerant key assignment for enforcing complicated access control policies in a hierarchy. Fundam. Inform. 76: 13–23

    MathSciNet  MATH  Google Scholar 

  6. Chang Y F 2015 A flexible hierarchical access control mechanism enforcing extension policies. Secur. Commun. Netw. 8: 189–201

    Article  Google Scholar 

  7. Koti N and Purushothama B R 2016 Group-oriented encryption for dynamic groups with constant rekeying cost. Secur. Commun. Netw. 9: 4120–4137

    Article  Google Scholar 

  8. Pareek G and Purushothama B R 2019 Flexible cryptographic access control through proxy re-encryption between groups. In: Proceedings of the 20th International Conference on Distributed Computing and Networking, pp. 507–507

  9. Qin Z, Xiong H, Wu S and Batamuliza J 2016 A survey of proxy re-encryption for secure data sharing in cloud computing. IEEE Trans. Serv. Comput. 9: 1–18

    Article  Google Scholar 

  10. Akl S G and Taylor P D 1983 Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems (TOCS’83) 1: 239–248

  11. Sandhu R S 1998 Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27: 95–98

    Article  Google Scholar 

  12. Zhang Q and Wang Y 2004 A centralized key management scheme for hierarchical access control. In: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM’04), pp.  2067–2071

  13. Ferrara A L and Masucci B 2003 An information-theoretic approach to the access control problem. In: Proceedings of the Italian Conference on Theoretical Computer Science, pp.  342–354

  14. Chang C C, Lin I C, Tsai H M and Wang H H 2004 A key assignment scheme for controlling access in partially ordered user hierarchies. In: Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA’04), pp.  376–379

  15. Das M L, Saxena A, Gulati V P and Phatak D B 2005 Hierarchical key management scheme using polynomial interpolation. ACM SIGOPS Oper. Syst. Rev. 39: 40–47

    Article  Google Scholar 

  16. Hui M T and Chin C C 1995 A cryptographic implementation for dynamic access control in a user hierarchy. Comput. Secur. 14: 159–166

    Article  Google Scholar 

  17. Odelu V, Das A K and Goswami A 2013 A novel linear polynomial-based dynamic key management scheme for hierarchical access control. Int. J. Trust Manag. Comput. Commun. 1: 156–174

    Article  Google Scholar 

  18. Odelu V, Das A K and Goswami A 2013 An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37: 1–18

    Article  Google Scholar 

  19. Chen Y R, Chu C K, Tzeng W G and Zhou J 2013 Cloudhka: a cryptographic approach for hierarchical access control in cloud computing. In: Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS’13), pp. 37–52

  20. Tang S, Li X, Huang X, Xiang Y and Xu L 2016 Achieving simple, secure and efficient hierarchical access control in cloud computing. IEEE Trans. Comput. 65: 2325–2331

    Article  MathSciNet  Google Scholar 

  21. Pareek G and Purushothama B R 2017 On efficient access control mechanisms in hierarchy using unidirectional and transitive proxy re-encryption schemes. In: Proceedings of the 14th International Conference on Security and Cryptography (SECRYPT’17), pp. 519–524

  22. Chen Y R and Tzeng W G 2017 Hierarchical key assignment with dynamic read–write privilege enforcement and extended KI-security. In: Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS’17), pp. 165–183

  23. Hwang M S 2000 Cryptanalysis of YCN key assignment scheme in a hierarchy. Inf. Process. Lett. 73: 97–101

    Article  MathSciNet  Google Scholar 

  24. Freire E S V, Paterson K G and Poettering B 2013 Simple, efficient and strongly KI-secure hierarchical key assignment schemes. In: Proceedings of the Cryptographers Track at the RSA Conference (CT-RSA), pp. 101–114

  25. Castiglione A, Santis A D and Masucci B 2015 Key indistinguishability versus strong key indistinguishability for hierarchical key assignment schemes. IEEE Trans. Depend. Secure Comput. 13: 451–460

    Article  Google Scholar 

  26. Santis A D, Ferrara A L and Masucci B 2011 Efficient provably-secure hierarchical key assignment schemes. Theor. Comput. Sci. 412: 5684–5699

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

This work was supported by the Ministry of Human Resource Development, Government of India.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Goa, Farmagudi, Farmagudi, 403401, India

    Gaurav Pareek & B R Purushothama

Authors
  1. Gaurav Pareek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B R Purushothama
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Pareek.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pareek, G., Purushothama, B.R. Extended hierarchical key assignment scheme (E-HKAS): how to efficiently enforce explicit policy exceptions in dynamic hierarchies. Sādhanā 44, 235 (2019). https://doi.org/10.1007/s12046-019-1216-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s12046-019-1216-8

Keywords

Search

Navigation