130 likes | 312 Views
Access control in a hierarchy using one-way hash functions. Authors: Cungang Yang and Celia Li Source: Computers & Security, vol. 23, pp. 659-664, 2004 Reporter: Jung-wen Lo ( 駱榮問 ) Date: 2006/03/02. Outline. Introduction Hierarchical Structure Drawback of Akl & Taylor
E N D
Access control in a hierarchy using one-way hash functions Authors: Cungang Yang and Celia LiSource: Computers & Security, vol. 23, pp. 659-664, 2004 Reporter: Jung-wen Lo (駱榮問) Date: 2006/03/02
Outline • Introduction • Hierarchical Structure • Drawback of Akl & Taylor • Proposed Scheme • Key Assignment and Key Derivation • Dynamic Access Control • Adding node • Deleting Node • Changing Relationships • Adding • Deleting • Significances • Comments
(K1),t1 Hierarchical Structure (K2),t2 (K3),t3 • 1982 Akl & Taylor • CA: K0, M=pqKi=K0ti mod MUi≦Ujti/tjInt. • Ex. (K4),t4 (K8),t8 (K6),t6 (K7),t7 (K5),t5
Drawback of Akl & Taylor • Large storage when hierarchy is large • Carefully chose public parameters=> Users may collaborate key • Add a new node may use all secret keys and can be gotten by all other nodese.g. Add new node of Cpublic parameters=2×3×5×7×11×13×17×19
Key Assignment and Key Derivation • Hash function of Hi: {H1,H2,…,Hn}n: Max. # of direct child node • Algorithm: • Node without direct parent (dead-end node), CA assign an arbitrary key • Node rj only has one direct parent whose key is K, and rj is the ith direct node of parent (from left to right). => Key of rj=Hi(K) • Node rj has more than one parents (rj1, rj2, …,rjm), and rj is the ith direct child of rj1, the kth of rj2,..,the nth of rjm. Keys of rj’s parents are (K1, K2,…,Km) => Key of rj=Hi(Hi(K1), Hk(K2),…,Hn(Km))
Key Assignment (Cont’) • Dead-end node: Key=random() • One parent: • More parents i K K 1 i Hi(K) … i … K1 K2 Km … 1 … i … i,k,…,n, Hi(Hi(K1), Hk(K2),…,Hn(Km)) … k… 1 …n … 1
Dynamic Access Control - Adding node R’s key: Random Key alternation: A,B,C,D,E,F,G,H R’s key: H3(K1) Key alternation: C,F,G,H
A C Dynamic Access Control - Deleting Node key alternation: F, G, H Delete dead-end A: No key alternation
Changing Relationships - Adding key alternation: H
Changing Relationships - Deleting Key of B will not be regenerated key alternation: F
Significances • Public parameters • Akl-Tylor’s scheme: # of the node in the hierarchy • Proposed scheme: # of child nodes who have more than one parent nodes.=>di is the # of child nodes • eg. N=(2-1)+(2-1)=2 • Key regeneration when insert a new node • Akl-Tylor’s scheme: All nodes • Proposed scheme: Child nodes only
Comments • Misunderstand Akl-Tylor’s scheme • Lack of t8 in the example • The value of tit1=2 t5=2×3×11 t2=2×3 t6=2×3×5×13 t3=2×5 t7=2×5×17 t4=2×3×7 t8=2×5×19 • Delete the dead-end node’s and relation may need to regenerate key • Weird of formula N=Σ(di-1) • di should be the # of parent nodes • The order of the children should be recorded
Example (K1) (K2=H1(K1)) (K3=H2(K1)) [H1(K3)] [H3(K2)] (K4=H1(K2)=H1(H1(K1))) (K8) (K5=H2(H1(K1))) (K7) (K6=H3(H3(K2),H1(K3))