1 / 20

A new key assignment scheme for enforcing complicated access control policies in hierarchy

A new key assignment scheme for enforcing complicated access control policies in hierarchy. Authors: Iuon-Chang Lin, Min-Shiang Hwang and C. C. Chang Source: Future Generation Computer Systems, Vol.19, pp.457-462, 2003. Adviser: Min-Shiang Hwang Speaker: Chun-Ta Li Date: 2004/11/18.

elvin
Télécharger la présentation

A new key assignment scheme for enforcing complicated access control policies in hierarchy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A new key assignment scheme for enforcing complicated access control policies in hierarchy Authors: Iuon-Chang Lin, Min-Shiang Hwang and C. C. Chang Source: Future Generation Computer Systems, Vol.19, pp.457-462, 2003. Adviser: Min-Shiang Hwang Speaker: Chun-Ta Li Date: 2004/11/18

  2. Cryptanalysis of YCN key assignment scheme in a hierarchy Authors:Min-Shiang Hwang Source:Information Processing Letters, Vol.73, pp.97-101, 2000.

  3. Modifying YCN Key Assignment Scheme against Hwang’s Attack Authors: Jyh-Haw Yeh, Min-Shiang Hwang and Wen-Chen Hu Preprint submitted to Elsevier Science 5 November 2004

  4. Introduction • Access control policy – access control problem in a hierarchy Key1 Key2 Key3 Key4 Key5 Key6 Key management problem C1 Key2 Key3 C2 C3 C4 C5 C6 Key4 Key5 Key6

  5. Introduction (cont.) • Ak1 and Taylor [1983] • Super-key (top-down) • CA assigns to each user class {prime, secret key, public parameter} • Cjhigh derive the secret key of Cilow Large public parameter Secret key and Public parameter of Ci and Cj Product of the primes of Ci

  6. Introduction (cont.) Large amount of storage to store public parameters • Mackinnon et al. [1985] – canonical assignment • Reduce the values of public parameters • Harn and Lin [1990] – (bottom-up) • Security: difficulty of factoring a large number • Size of the storage space is much smaller • Yeh et al. [1998] – YCN scheme • transitive exceptions • anti-symmetrical arrangements Hwang [2000] YCN is insecure Several user classes can collaborate to derive the derivation and encryption keys

  7. C1 Original YCN Scheme C4 C2 C3 C5 • CA • Generates secret number K0 • Generates M (product of two large prime numbers) • Assign a prime number Pi to each user class Ci • Compute the product Xi for Ci C6 除鄰近節點外 順著箭頭所能到達的節點 將能順箭頭指到i節點的Pij值做連乘

  8. Original YCN Scheme (cont.) Pm = 7 C1 順箭頭所到達不了的節點質數值 Pn4 = Ø • Compute the public information Tie and Tid for Ci Pn1 = Ø Pm = 2 Pm = 2,7 C4 C2 P42= 31 Pm = 2,3,7,11,13 除鄰近節點外的祖先節點 P13,43,53 = 17,37,43 C3 C5 Pm = 2,7 P15 = 19 C6 Pm = 2,3,5,7,11 P16,26,46 = 23,29,41

  9. Original YCN Scheme (cont.) • Assign the derivation key Kid and encryption key Kie for each Ci • Cican use its own derivation key Kid to derive the encryption key Kjeof Cj kept secret by the user class Ci C1 C4 C2 C2 derives C3’s encryption key K3e K3e=(K02*3*7*11*13*19*23*29*31*41) mod M = (K02*7*29)2*3*7*11*13*19*23*29*31*41/2*7*29 mod M C3 C5 C6

  10. The Weakness of the YCN Scheme Theorem 1. Assume that there are only two top classes (Ca and Cb) in the hierarchy. Ca and Cb can collaborate to derive the derivation and encryption keys of all of the classes in the YCN scheme. C1 • gcd(Tad, Tbd) = 1 • sTad + tTbd = 1 • Ca and Cb can collaborate to derive the secret K0 KsadKtbd= (K0)sTad(K0)tTbd mod M = (K0)(sTad+tTbd) mod M = K0 • gcd(T1d,T4d) = gcd(52003,94054) = 1 • (s, t) = (76107, -42080) such that sT1d + tT4d = 1 Ks1dKt4d= (K0)sT1d(K0)tT4d mod M = (K0)((76107*52003)-(42080*94054)) mod M = K0 C4 C2 C3 C5 C6 T1d = 7,17,19,23 T4d = 2,31,37,41

  11. The Weakness of the YCN Scheme (cont.) C1 Theorem 2. If C1,C2,…, and Cn are n top classes in the hierarchy, any two of these classes (e.g., C1 and C2) can collaborate to derive the derivation and encryption keys of all successors of these top classes. C4 C2 • C1 and C2 derivation and encryption keys of C6 • gcd(T1d, T2d) = 7 • s(T1d/7) + t(T2d/7) = 1 • C1 and C2 can collaborate to derive the secret (K0)7 ((K1d)s(K2d)t)T6d/7mod M = ((K0)sT1d(K0)tT2d)T6d/7 mod M = (K0)T6dmod M = K6d • C5 and C6 derivation and encryption keys of C3 • gcd(T5d, T6d) = 2*7 = 14 • s(T5d/14) + t(T6d/14) = 1 • C1 and C2 can collaborate to derive the secret (K0)14 ((K5d)s(K6d)t)T3d/14mod M = ((K0)sT5d(K0)tT6d)T3d/14 mod M = (K0)T3dmod M = K3d C3 C5 C6 (K0)7 (K0)14

  12. The Modified YCN Scheme C1 • CA • Generates secret number K0 • Generates M (product of two large prime numbers) • Assign a prime number Pi to each user class Ci • Compute the product Pi` for Ci C4 C2 C3 C5 C6

  13. Tid Tid The Modified YCN Scheme (cont.) • CA computes the public information Tid and Tie C1 5* 11*19 *7 *13 *3 (1,3) (1,5) (1,4) (1,6) 1(2) C4 C2 3 2* 5* 7* C3 C5 (5,1) (5,3) (5,4) 5(2) Tie C6 *17 2*3*5*7*11*13 *1

  14. The Modified YCN Scheme (cont.) • CA assigns a derivation key Kid = (K0)Tidmod M and an encryption key Kie = (K0)Tiemod M • A class Ci can apply a key derivation function fil(x,y) to derive another class Cl’s key (x and y could be either the character d or e) • fil(x,y) = (Kix)Tly/Tix = ((K0)Tix)Tly/Tix = (K0)Tly)mod M = Kly

  15. The Modified YCN Scheme (cont.) • Theorem 1. Under the modified YCN key assignment scheme, Tid|Tle if and only if the policy allows Ci to access Cl, i.e., (Ci,Cl) . • Theorem 2. If the policy does not allow any class Cik to access Cl, i.e., ,then both Tld and Tle are not multiple of Y under the modified YCN scheme, where . • Theorem 3. If there is a transitive exception Ci Cl with an intermediate class Ck, i.e., Ci(Ck), then Tid Tkd and Tke Tld under the modified YCN scheme.

  16. A New Key Assignment Scheme • CA generates two large primes: p and q • CA calculates n = p*q, where n is public • CA chooses another parameter, g • CA chooses a set of distinct primes {e1,e2,…,em} for all user classes {C1,C2,…,Cm} • CA calculates {d1,d2,…,dm} gcd(Ø(n), ei) = 1 and 1 < ei < Ø(n) ei x di≡ 1 mod Ø(n)

  17. A New Key Assignment Scheme (cont.) • CA generates the derivation keys {DK1,DK2,…,DKm} and the secret keys {SK1,SK2,…,SKm} for all user classes {C1,C2,…,Cm} • Ci can derive the secret key of class Cj with the derivation key DKi as follows:

  18. A New Key Assignment Scheme (cont.) • Example • CA calculates the derivation keys • C1:DK1 = gd2*d4 mod n SK1 = gd1 mod n • C2:DK2 = gd3*d4 mod n SK2 = gd2 mod n • C3:DK3 = null SK3 = gd3 mod n • C4:DK4 = gd2 mod n SK4 = gd4 mod n • C1 derives the secret keys SK2 and Sk4 • SK2 = DK1e4 mod n • SK4 = DK1e2 mod n

  19. Thanks for your attention

  20. Example • transitive exceptions • C1 can access C2 and C2 can access C3 • But C1 cannot access C3 • anti-symmetrical arrangements • C2 can access C4 and C4 can access C2 • But C2 and C4 are two different user classes

More Related