A Secure Key Management Scheme for Hierarchical Access Control with Secret Key Validity Checking

Abstract

Providing Security and privacy for resources in hierarchical access control is one of the fundamental security services in computer science. This service is becoming very complex to manage because of the growing number of users who have different access rights. Several key management schemes for dynamic hierarchical access control were proposed to solve the problem where higher level security classes can derive secret keys of all their corresponding successors. These schemes are used to generate, distribute and renew secret keys that are needed to encrypt data resources. In this paper, we propose a secure key management model to ensure that authorized and legitimate users have access only to resources to which they are entitled to. The proposed scheme is based on Elliptic Curve Cryptography. In this scheme, users are separated into security classes, each with different authorization level. For each security class, a specific encryption key is generated and assigned so that a class with higher authorization level can derive the key of any of its successors. Through the informal security analysis, our scheme is shown to be provably secure against both external and internal attacks. The proposed scheme provides an efficient solution to execute key generation and key derivation phases, and to overcome dynamic access control problems. In addition, our scheme makes it possible for users to verify the access to resources by running the key validity checking process to consider a derived secret key as a legitimate key before being used.