1. A novel key management scheme for dynamic access control in a user hierarchy Authors: Tzer-Shyong Chen ( 陳澤雄 ) and Jen-Yan Huang Source: Applied Mathematics and Computation, Vol. 162, pp. 339–351, 2005 Reporter: Jung-wen Lo ( 駱榮問 ) Date: 2006/03/14

2. 2 Introduction Definition:  ≦ : binary partially-ordered relationship  User’s security clearance: each user is assigned to a security class. Review  Akl & Taylor (1983) Size of Ti is enlarged as the security classes expand  MacKinnon et al. (1985)  Harn & Lin (1990) Bottom-up key generation scheme  Lin (1997) When user change key, the new key will be exposed  Kuo et al. (1999) [Chen et al.] Better then Lin’s scheme

3. 3 Key generation & Derivation Key generation (CA)  Select E k () & D k ()  Select H() & public it  Select larger positive integer P i & sk i for all security class Sc i  IF SC j ≦ SC i, public R ij =E H(P j  sk i ) (SK j ) Key derivation (SC i ) IF SC j ≦ SC i  Compute H(Pj  sk i )  K j =D H(P j  sk i ) (R ij ) =D (P j  sk i ) (E H(P j  sk i ) (SK j )) SC i SC j P i,(sk i ) P j,(sk j ) R ij =E H(P j  sk i ) (SK j )

4. 4 Dynamic access control Adding class SC k (CA)  Select P k, sk k  IF SC k ≦ SC i R ik =E H(P k  sk i ) (SK k )  IF SC j ≦ SC k R kj =E H(P j  sk k ) (SK j )  IF SC k ≦ SC i & SC j ≦ SC k R ij =E H(P j  sk i ) (SK j ) SC i SC j P i,(sk i ) P j,(sk j ) R ij SC k P k,(sk k ) R ik R kj ＋ SC 7

5. 5 － SC 7 Dynamic access control (Cont ’ ) Deleting class SC k (CA)  Delete P k, sk k  IF SC k ≦ SC i Delete R ik  IF SC j ≦ SC k Delete R kj  IF SC k ≦ SC i & SC j ≦ SC k Delete R ij SC i SC j P i,(sk i ) P j,(sk j ) R ij SC k P k,(sk k ) R ik R kj

6. 6 Dynamic access control (Cont ’ ) Adding relationships (CA)  SC b ≦ SC a R ab =E H(P b  sk a ) (SK b )  IF SC j ≦ SC b & SC b ≦ SC a R aj =E H(P j  sk a ) (SK j )  IF SC a ≦ SC i & SC b ≦ SC a R ib =E H(P b  sk i ) (SK b )  IF SC j ≦ SC b & SC a ≦ SC i R ij =E H(P j  sk i ) (SK j ) SC b SC j P b,(sk b ) P j,(sk j ) R ij SC a P a,(sk a ) R ab R aj SC i P i,(sk i ) R ib R ij

7. 7 Dynamic access control (Cont ’ ) Adding Relationship SC 6 ≦ SC 5

8. 8 Dynamic access control (Cont ’ ) Deleting relationships (CA)  Delete R ab  IF SC j ≦ SC b & SC b ≦ SC a R aj =E H(P j  sk a ) (SK j )  IF SC a ≦ SC i & SC b ≦ SC a R ib =E H(P b  sk i ) (SK b )  IF SC j ≦ SC b & SC a ≦ SC i R ij =E H(P j  sk i ) (SK j ) SC b SC j P b,(sk b ) P j,(sk j ) R ij SC a P a,(sk a ) R ab R aj SC i P i,(sk i ) R ib R ij

9. 9 Dynamic access control (Cont ’ ) Deleting Relationship SC 5 ≦ SC 2

10. 10 Dynamic access control (Cont ’ ) Changing secret keys sk k  sk’ k SC j ≦ SC k ≦ SC i  R’ ik =E H(P k  sk i ) (SK’ k )  R’ kj =E H(P j  sk’ k ) (SK j )

11. 11 Security analysis & Discussion Attacks  Contrary attack  H() & E()  Interior collection attack  H() & E()  Exterior collecting attack  H()  Collaborative attack  H()  Sibling attack  H() Function comparisons

12. 12 Comments Remove too much when delete class or relationship Nearly be a full tree  Root may have all relationships among all classes and itself