Loading in 2 Seconds...

A new key assignment scheme for enforcing complicated access control policies in hierarchy

Loading in 2 Seconds...

- By
**elvin** - Follow User

- 115 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' A new key assignment scheme for enforcing complicated access control policies in hierarchy' - elvin

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### A new key assignment scheme for enforcing complicated access control policies in hierarchy

### Cryptanalysis of YCN key assignment scheme in a hierarchy

### Modifying YCN Key Assignment Scheme against Hwang’s Attack

Authors: Iuon-Chang Lin, Min-Shiang Hwang and C. C. Chang

Source: Future Generation Computer Systems, Vol.19, pp.457-462, 2003.

Adviser: Min-Shiang Hwang

Speaker: Chun-Ta Li

Date: 2004/11/18

Authors:Min-Shiang Hwang

Source:Information Processing Letters, Vol.73, pp.97-101, 2000.

Authors: Jyh-Haw Yeh, Min-Shiang Hwang and Wen-Chen Hu

Preprint submitted to Elsevier Science 5 November 2004

Introduction

- Access control policy – access control problem in a hierarchy

Key1

Key2

Key3

Key4

Key5

Key6

Key management problem

C1

Key2

Key3

C2

C3

C4

C5

C6

Key4

Key5

Key6

Introduction (cont.)

- Ak1 and Taylor [1983]
- Super-key (top-down)
- CA assigns to each user class {prime, secret key, public parameter}
- Cjhigh derive the secret key of Cilow

Large public parameter

Secret key and Public parameter of Ci and Cj

Product of the primes of Ci

Introduction (cont.)

Large amount of storage to store public parameters

- Mackinnon et al. [1985] – canonical assignment
- Reduce the values of public parameters

- Harn and Lin [1990] – (bottom-up)
- Security: difficulty of factoring a large number
- Size of the storage space is much smaller

- Yeh et al. [1998] – YCN scheme
- transitive exceptions
- anti-symmetrical arrangements

Hwang [2000] YCN is insecure

Several user classes can collaborate to derive the derivation and encryption keys

Original YCN Scheme

C4

C2

C3

C5

- CA
- Generates secret number K0
- Generates M (product of two large prime numbers)
- Assign a prime number Pi to each user class Ci
- Compute the product Xi for Ci

C6

除鄰近節點外 順著箭頭所能到達的節點

將能順箭頭指到i節點的Pij值做連乘

Original YCN Scheme (cont.)

Pm = 7

C1

順箭頭所到達不了的節點質數值

Pn4 = Ø

- Compute the public information Tie and Tid for Ci

Pn1 = Ø

Pm = 2

Pm = 2,7

C4

C2

P42= 31

Pm = 2,3,7,11,13

除鄰近節點外的祖先節點

P13,43,53 = 17,37,43

C3

C5

Pm = 2,7

P15 = 19

C6

Pm = 2,3,5,7,11

P16,26,46 = 23,29,41

Original YCN Scheme (cont.)

- Assign the derivation key Kid and encryption key Kie for each Ci
- Cican use its own derivation key Kid to derive the encryption key Kjeof Cj

kept secret by the user class Ci

C1

C4

C2

C2 derives C3’s encryption key K3e K3e=(K02*3*7*11*13*19*23*29*31*41) mod M = (K02*7*29)2*3*7*11*13*19*23*29*31*41/2*7*29 mod M

C3

C5

C6

The Weakness of the YCN Scheme

Theorem 1. Assume that there are only two top classes (Ca and Cb) in the hierarchy. Ca and Cb can collaborate to derive the derivation and encryption keys of all of the classes in the YCN scheme.

C1

- gcd(Tad, Tbd) = 1
- sTad + tTbd = 1
- Ca and Cb can collaborate to derive the secret K0

KsadKtbd= (K0)sTad(K0)tTbd mod M

= (K0)(sTad+tTbd) mod M

= K0

- gcd(T1d,T4d) = gcd(52003,94054) = 1
- (s, t) = (76107, -42080) such that sT1d + tT4d = 1

Ks1dKt4d= (K0)sT1d(K0)tT4d mod M

= (K0)((76107*52003)-(42080*94054)) mod M

= K0

C4

C2

C3

C5

C6

T1d = 7,17,19,23

T4d = 2,31,37,41

The Weakness of the YCN Scheme (cont.)

C1

Theorem 2. If C1,C2,…, and Cn are n top classes in the hierarchy, any two of these classes (e.g., C1 and C2) can collaborate to derive the derivation and encryption keys of all successors of these top classes.

C4

C2

- C1 and C2 derivation and encryption keys of C6
- gcd(T1d, T2d) = 7
- s(T1d/7) + t(T2d/7) = 1
- C1 and C2 can collaborate to derive the secret (K0)7

((K1d)s(K2d)t)T6d/7mod M

= ((K0)sT1d(K0)tT2d)T6d/7 mod M

= (K0)T6dmod M

= K6d

- C5 and C6 derivation and encryption keys of C3
- gcd(T5d, T6d) = 2*7 = 14
- s(T5d/14) + t(T6d/14) = 1
- C1 and C2 can collaborate to derive the secret (K0)14

((K5d)s(K6d)t)T3d/14mod M

= ((K0)sT5d(K0)tT6d)T3d/14 mod M

= (K0)T3dmod M

= K3d

C3

C5

C6

(K0)7

(K0)14

The Modified YCN Scheme

C1

- CA
- Generates secret number K0
- Generates M (product of two large prime numbers)
- Assign a prime number Pi to each user class Ci
- Compute the product Pi` for Ci

C4

C2

C3

C5

C6

Tid

The Modified YCN Scheme (cont.)- CA computes the public information Tid and Tie

C1

5*

11*19

*7

*13

*3

(1,3)

(1,5)

(1,4)

(1,6)

1(2)

C4

C2

3

2*

5*

7*

C3

C5

(5,1)

(5,3)

(5,4)

5(2)

Tie

C6

*17

2*3*5*7*11*13

*1

The Modified YCN Scheme (cont.)

- CA assigns a derivation key Kid = (K0)Tidmod M and an encryption key Kie = (K0)Tiemod M
- A class Ci can apply a key derivation function fil(x,y) to derive another class Cl’s key (x and y could be either the character d or e)
- fil(x,y) = (Kix)Tly/Tix = ((K0)Tix)Tly/Tix = (K0)Tly)mod M = Kly

The Modified YCN Scheme (cont.)

- Theorem 1. Under the modified YCN key assignment scheme, Tid|Tle if and only if the policy allows Ci to access Cl, i.e., (Ci,Cl) .
- Theorem 2. If the policy does not allow any class Cik to access Cl, i.e., ,then both Tld and Tle are not multiple of Y under the modified YCN scheme, where .
- Theorem 3. If there is a transitive exception Ci Cl with an intermediate class Ck, i.e., Ci(Ck), then Tid Tkd and Tke Tld under the modified YCN scheme.

A New Key Assignment Scheme

- CA generates two large primes: p and q
- CA calculates n = p*q, where n is public
- CA chooses another parameter, g
- CA chooses a set of distinct primes {e1,e2,…,em} for all user classes {C1,C2,…,Cm}
- CA calculates {d1,d2,…,dm}

gcd(Ø(n), ei) = 1 and 1 < ei < Ø(n)

ei x di≡ 1 mod Ø(n)

A New Key Assignment Scheme (cont.)

- CA generates the derivation keys {DK1,DK2,…,DKm} and the secret keys {SK1,SK2,…,SKm} for all user classes {C1,C2,…,Cm}
- Ci can derive the secret key of class Cj with the derivation key DKi as follows:

A New Key Assignment Scheme (cont.)

- Example
- CA calculates the derivation keys
- C1:DK1 = gd2*d4 mod n SK1 = gd1 mod n
- C2:DK2 = gd3*d4 mod n SK2 = gd2 mod n
- C3:DK3 = null SK3 = gd3 mod n
- C4:DK4 = gd2 mod n SK4 = gd4 mod n
- C1 derives the secret keys SK2 and Sk4
- SK2 = DK1e4 mod n
- SK4 = DK1e2 mod n

Example

- transitive exceptions
- C1 can access C2 and C2 can access C3
- But C1 cannot access C3
- anti-symmetrical arrangements
- C2 can access C4 and C4 can access C2
- But C2 and C4 are two different user classes

Download Presentation

Connecting to Server..