1-3hit |
Kuen-Pin WU Shanq-Jang RUAN Chih-Kuang TSENG Feipei LAI
Access control plays an important role in the area of information security, which guarantees that any access to data is authorized. Hierarchical access control is a special access control model in distributed environment, in which each user protects his local data using a secret key; moreover, for any two related users ui and uj, ui can access uj's data if, and only if, ui's priority is higher than uj. Therefore, there should be a way for ui to obtain the secret key of uj if ui's priority is higher than uj. This paper presents an efficient solution to the problem. A special kind of function called secure filter is used as the building block of the proposed solution. In the solution, an authorized user can acquire correct keys efficiently and securely via secure filters. The proposed solution is also well-performed while inserting/deleting users, injecting/removing relations, and changing secret keys. Especially, only deleting users and removing relations will change some keys in the system, other operations can be performed freely without affecting other keys in the system; only secure filters need to be modified in these cases.
Victor R.L. SHEN Tzer-Shyong CHEN Feipei LAI
A modified cryptographic key assignment scheme for the dynamic access control in a group-oriented user hierarchy is presented. In the partially ordered set (poset, for short) user hierarchy (GjGi) embedded in a group-oriented (t, n) threshold cryptosystem, the source group Gi has higher security clearance to access the information items held in the target group Gj. If a target group Gj has multipe paths reachable from a source group Gi, we must choose the least cost path to rapidly resolve the dynamic access control problem Furthermore, multiple threshold values are also considered in order to meet the different security requirements.
Victor R.L. SHEN Tzer-Shyong CHEN Feipei LAI
A novel cryptographic key assignment scheme for dynamic access control in a user hierarchy is presented. Based on Rabin's public key system and Chinese remainder theorem, each security class SCi is assigned a secret key Ki and some public parameters. In our scheme, a secret key is generated in a bottom-up manner so as to reduce the computation time for key generation and the storage size for public parameters. We also show that our proposed scheme is not only secure but also efficient.