A New Class of Key Management Scheme for Access Control in Dynamic Hierarchies

Abstract

Cryptographic techniques for Hierarchical Access Control (HAC) have recently attracted intensive research interests. A large number of key management schemes have been proposed for access control in hierarchy. Their constructions are based mainly on one-way functions and are computationally secure. Many of these schemes were however, found with different problems in terms of structure, security, efficiency and dynamics. In this paper, we propose a new key management scheme that can be used for access control in dynamic hierarchies. The new scheme is based on the secret sharing principle, without using a one-way function. Consequently, it is unconditionally secure. In addition, it has the following properties: (i) supporting full dynamics at both node and user levels; (ii) allowing any random reconfiguration of access hierarchy; (iii) utilizing the same algorithm for key computation and also descendant key derivation (regardless how far its descendant is away from the node); and (iv) eliminating performance bottlenecks at the trusted Central Authority (CA).