- 77 Views
- Uploaded on
- Presentation posted in: General

A new key assignment scheme for enforcing complicated access control policies in hierarchy

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

A new key assignment scheme for enforcing complicated access control policies in hierarchy

Authors: Iuon-Chang Lin, Min-Shiang Hwang and C. C. Chang

Source: Future Generation Computer Systems, Vol.19, pp.457-462, 2003.

Adviser: Min-Shiang Hwang

Speaker: Chun-Ta Li

Date: 2004/11/18

Cryptanalysis of YCN key assignment scheme in a hierarchy

Authors:Min-Shiang Hwang

Source:Information Processing Letters, Vol.73, pp.97-101, 2000.

Modifying YCN Key Assignment Scheme against Hwang’s Attack

Authors: Jyh-Haw Yeh, Min-Shiang Hwang and Wen-Chen Hu

Preprint submitted to Elsevier Science 5 November 2004

- Access control policy – access control problem in a hierarchy

Key1

Key2

Key3

Key4

Key5

Key6

Key management problem

C1

Key2

Key3

C2

C3

C4

C5

C6

Key4

Key5

Key6

- Ak1 and Taylor [1983]
- Super-key (top-down)
- CA assigns to each user class {prime, secret key, public parameter}
- Cjhigh derive the secret key of Cilow

- Super-key (top-down)

Large public parameter

Secret key and Public parameter of Ci and Cj

Product of the primes of Ci

Large amount of storage to store public parameters

- Mackinnon et al. [1985] – canonical assignment
- Reduce the values of public parameters

- Harn and Lin [1990] – (bottom-up)
- Security: difficulty of factoring a large number
- Size of the storage space is much smaller

- Yeh et al. [1998] – YCN scheme
- transitive exceptions
- anti-symmetrical arrangements

Hwang [2000] YCN is insecure

Several user classes can collaborate to derive the derivation and encryption keys

C1

C4

C2

C3

C5

- CA
- Generates secret number K0
- Generates M (product of two large prime numbers)
- Assign a prime number Pi to each user class Ci
- Compute the product Xi for Ci

C6

除鄰近節點外 順著箭頭所能到達的節點

將能順箭頭指到i節點的Pij值做連乘

Pm = 7

C1

順箭頭所到達不了的節點質數值

Pn4 = Ø

- Compute the public information Tie and Tid for Ci

Pn1 = Ø

Pm = 2

Pm = 2,7

C4

C2

P42= 31

Pm = 2,3,7,11,13

除鄰近節點外的祖先節點

P13,43,53 = 17,37,43

C3

C5

Pm = 2,7

P15 = 19

C6

Pm = 2,3,5,7,11

P16,26,46 = 23,29,41

- Assign the derivation key Kid and encryption key Kie for each Ci
- Cican use its own derivation key Kid to derive the encryption key Kjeof Cj

kept secret by the user class Ci

C1

C4

C2

C2 derives C3’s encryption key K3e K3e=(K02*3*7*11*13*19*23*29*31*41) mod M = (K02*7*29)2*3*7*11*13*19*23*29*31*41/2*7*29 mod M

C3

C5

C6

Theorem 1. Assume that there are only two top classes (Ca and Cb) in the hierarchy. Ca and Cb can collaborate to derive the derivation and encryption keys of all of the classes in the YCN scheme.

C1

- gcd(Tad, Tbd) = 1
- sTad + tTbd = 1
- Ca and Cb can collaborate to derive the secret K0
KsadKtbd= (K0)sTad(K0)tTbd mod M

= (K0)(sTad+tTbd) mod M

= K0

- gcd(T1d,T4d) = gcd(52003,94054) = 1
- (s, t) = (76107, -42080) such that sT1d + tT4d = 1
Ks1dKt4d= (K0)sT1d(K0)tT4d mod M

= (K0)((76107*52003)-(42080*94054)) mod M

= K0

C4

C2

C3

C5

C6

T1d = 7,17,19,23

T4d = 2,31,37,41

C1

Theorem 2. If C1,C2,…, and Cn are n top classes in the hierarchy, any two of these classes (e.g., C1 and C2) can collaborate to derive the derivation and encryption keys of all successors of these top classes.

C4

C2

- C1 and C2 derivation and encryption keys of C6
- gcd(T1d, T2d) = 7
- s(T1d/7) + t(T2d/7) = 1
- C1 and C2 can collaborate to derive the secret (K0)7
((K1d)s(K2d)t)T6d/7mod M

= ((K0)sT1d(K0)tT2d)T6d/7 mod M

= (K0)T6dmod M

= K6d

- C5 and C6 derivation and encryption keys of C3
- gcd(T5d, T6d) = 2*7 = 14
- s(T5d/14) + t(T6d/14) = 1
- C1 and C2 can collaborate to derive the secret (K0)14
((K5d)s(K6d)t)T3d/14mod M

= ((K0)sT5d(K0)tT6d)T3d/14 mod M

= (K0)T3dmod M

= K3d

C3

C5

C6

(K0)7

(K0)14

C1

- CA
- Generates secret number K0
- Generates M (product of two large prime numbers)
- Assign a prime number Pi to each user class Ci
- Compute the product Pi` for Ci

C4

C2

C3

C5

C6

Tid

Tid

- CA computes the public information Tid and Tie

C1

5*

11*19

*7

*13

*3

(1,3)

(1,5)

(1,4)

(1,6)

1(2)

C4

C2

3

2*

5*

7*

C3

C5

(5,1)

(5,3)

(5,4)

5(2)

Tie

C6

*17

2*3*5*7*11*13

*1

- CA assigns a derivation key Kid = (K0)Tidmod M and an encryption key Kie = (K0)Tiemod M
- A class Ci can apply a key derivation function fil(x,y) to derive another class Cl’s key (x and y could be either the character d or e)
- fil(x,y) = (Kix)Tly/Tix = ((K0)Tix)Tly/Tix = (K0)Tly)mod M = Kly

- Theorem 1. Under the modified YCN key assignment scheme, Tid|Tle if and only if the policy allows Ci to access Cl, i.e., (Ci,Cl) .
- Theorem 2. If the policy does not allow any class Cik to access Cl, i.e., ,then both Tld and Tle are not multiple of Y under the modified YCN scheme, where .
- Theorem 3. If there is a transitive exception Ci Cl with an intermediate class Ck, i.e., Ci(Ck), then Tid Tkd and Tke Tld under the modified YCN scheme.

- CA generates two large primes: p and q
- CA calculates n = p*q, where n is public
- CA chooses another parameter, g
- CA chooses a set of distinct primes {e1,e2,…,em} for all user classes {C1,C2,…,Cm}
- CA calculates {d1,d2,…,dm}

gcd(Ø(n), ei) = 1 and 1 < ei < Ø(n)

ei x di≡ 1 mod Ø(n)

- CA generates the derivation keys {DK1,DK2,…,DKm} and the secret keys {SK1,SK2,…,SKm} for all user classes {C1,C2,…,Cm}
- Ci can derive the secret key of class Cj with the derivation key DKi as follows:

- Example
- CA calculates the derivation keys
- C1:DK1 = gd2*d4 mod n SK1 = gd1 mod n
- C2:DK2 = gd3*d4 mod n SK2 = gd2 mod n
- C3:DK3 = null SK3 = gd3 mod n
- C4:DK4 = gd2 mod n SK4 = gd4 mod n

- C1 derives the secret keys SK2 and Sk4
- SK2 = DK1e4 mod n
- SK4 = DK1e2 mod n

- CA calculates the derivation keys

Thanks for your attention

- transitive exceptions
- C1 can access C2 and C2 can access C3
- But C1 cannot access C3

- anti-symmetrical arrangements
- C2 can access C4 and C4 can access C2
- But C2 and C4 are two different user classes