Detecting Flaws in Dynamic Hierarchical Key Management Schemes Using Specification Animation

  • Anil Mundra
  • Anish Mathuria
  • Manik Lal Das
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7154)


In key assignment schemes for hierarchical access control systems, each access class has a key associated with it that can be used to derive the keys associated with every descendant of that class. Many recently proposed key assignment schemes support updates to the hierarchy such as addition and deletion of classes and class relationships. The dynamic changes entail a change to the hierarchy as well as re-computing of public and secret information. In this paper, we describe a software tool that supports the animation of specifications of dynamic schemes. The specification of a scheme, written in Prolog, corresponds to a symbolic model of the algorithms used by the scheme for key generation and for handling dynamic changes. The tool allows us to generate a test hierarchy, generate keys for the classes in the hierarchy, and simulate various dynamic operations. The animation search using the tool has shown to be useful in finding previously unreported attacks on several existing dynamic schemes.


Public Information Secret Information Dynamic Scheme Fair Exchange Protocol Dynamic Access Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)CrossRefGoogle Scholar
  2. 2.
    Kayem, A.V.D.M., Akl, S.G., Martin, P.: On replacing cryptographic keys in hierarchical key management systems. Journal of Computer Security 16(3), 289–309 (2008)CrossRefGoogle Scholar
  3. 3.
    Lin, C.-H.: Dynamic key management schemes for access control in a hierarchy. Computer Communications 20(15), 1381–1385 (1997)CrossRefGoogle Scholar
  4. 4.
    Lin, C.-H.: Hierarchical key assignment without public-key cryptography. Computers & Security 20(7), 612–619 (2001)CrossRefGoogle Scholar
  5. 5.
    Lo, J.-W., Hwang, M.-S., Liu, C.-H.: An efficient key assignment scheme for access control in a large leaf class hierarchy. Inf. Sci. 181(4), 917–925 (2011)CrossRefzbMATHGoogle Scholar
  6. 6.
    Shen, V.R.L., Chen, T.-S.: A novel key management scheme based on discrete logarithms and polynomial interpolations. Computers & Security 21(2), 164–171 (2002)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Wu, T.-C., Chang, C.-C.: Cryptographic key assignment scheme for hierarchical access control. Comput. Syst. Sci. Eng. 16(1), 25–28 (2001)Google Scholar
  8. 8.
    Yang, C., Li, C.: Access control in a hierarchy using one-way hash functions. Computers & Security 23(8), 659–664 (2004)CrossRefGoogle Scholar
  9. 9.
    Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM Conference on Computer and Communications Security, pp. 190–202. ACM (2005)Google Scholar
  10. 10.
    Millen, J.K., Clark, S.C., Freedman, S.B.: The interrogator: Protocol security analysis. IEEE Trans. Software Eng. 13(2), 274–288 (1987)CrossRefGoogle Scholar
  11. 11.
    Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers & Security 11(1), 75–89 (1992)CrossRefGoogle Scholar
  12. 12.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  13. 13.
    Boyd, C., Kearney, P.: Exploring Fair Exchange Protocols Using Specification Animation. In: Pieprzyk, J., Okamoto, E., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 209–223. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Tang, S.: Efficient key assignment for hierarchical access control using one-way hash function. In: Proceedings of the 10th WSEAS International Conference on Computers, ICCOMP 2006, Stevens Point, Wisconsin, USA, pp. 350–354 (2006)Google Scholar
  15. 15.
    Chen, T.-S., Huang, J.-Y.: A novel key management scheme for dynamic access control in a user hierarchy. Applied Mathematics and Computation 162(1), 339–351 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    He, Z.H., Li, Y.-S.: Dynamic key management in a user hierarchy. In: 2nd International Conference on Anti-counterfeiting, Security and Identification, ASID 2008, pp. 298–300 (August 2008)Google Scholar
  17. 17.
    Crampton, J., Martin, K.M., Wild, P.R.: On key assignment for hierarchical access control. In: CSFW, pp. 98–111. IEEE Computer Society (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Anil Mundra
    • 1
  • Anish Mathuria
    • 1
  • Manik Lal Das
    • 1
  1. 1.DA-IICTGandhinagarIndia

Personalised recommendations