Upload
julius-flowers
View
212
Download
0
Embed Size (px)
Citation preview
A Time-Bound Hierarchical Key Assignment
Cryptosystem with No Lifetime Limit
Jyh-haw YehDept. of Computer Science
Boise State University
Problem history
The problem was first proposed by Tzeng (2002).
Alternative schemes: Chien’s (2004), Huang and Chang’s (2004), Wang and Laih’s (2006).
Tzeng’s, Chien’s, Huang and Chang’s schemes were broken.
Wang and Laih’s scheme is secure but cannot assign keys on the fly.
Problem
A system is divided into n classes.
These n classes form a hierarchical structure.
Time is divided into periods.
Each user is assigned to a class C_i with a set of time periods T.
The system give the user a user key K_{I,T}.
Problem (cont…)
Each class C_j in each time period t encrypts its own data by a key K_{j,t}.
A user, in C_i with time periods T, is able to access data in C_j encrypted at time t iff C_i is higher than C_j and t is in T.
The problem becomes assigning keys so that K_{i,T} K_{j,t} iff C_i is higher than C_j and t is in T.
Problem (cont…)
C 1 ,1
C 2 ,1 C 3 ,1
C 4 ,1 C 5 ,1C 6 ,1
C 1 , t
C 2 , t C 3 , t
C 4 , t C 5 , tC 6 , t
- - - - - - - - - - - - - - - -
T im e p er io d 1 T im e p er io d t
E a c h c la s s C j ,t ha s a k e y K j ,t to e nc ry p t d a ta ge ne ra te d a t tim e t
E a c h u s e r is a s s igne d a k e y K i ,T if he b e lo ngs to c la s s C i w ith a s e t o f tim e p e rio d T
A s s ign k e y s in a w a y tha t K i ,T is a b le to d e riv e K j ,t iff C i > = C j a ndt in T
Application
A publisher publishes journals periodically. Different packages of journals for
subscription.Users subscribe packages for different
time periods.Only subscribed users can access the
journals published in the time periods the users subscribed to.
Application (cont…)
The journals can be just posted online, but encrypted.
Each journal published in different time period is encrypted by a different key .
Each user has one user key.
The user key can decrypt only the journals the user are entitled to access.
An Example
Key Assignment
Based on RSA algorithm.4 processes:
Initialization: compute parameters. Encryption key Generation: assign an encryption
key for each class at each time period. User key generation: Key derivation: use a user key and some public
parameters to derive an encryption.
Key assignment (cont…)
In it ia liz a tion :
F ind tw o la rge p rim e s p a nd q , the nC ho o s e a nu m b e rC o m p u te a p a ir o f p a ra m e te rs
fo r e a c h c la s s , w he re
P u b lic p a ra m e te rs : a nd a ll .
qpn ng
iC
),(ii cc ba
ngg icicba
mod
n saic'
Key Assignment (cont…)
iC
),( tt ba
ngg tt ba mod
E nc ryption k e y ge ne ra tion :
A t ea ch tim e p e rio d , c o m p u te a p a ir o f p a ra m e te rs , w h e re
A s s ign a n e n c ry p tio n fo r e ac h c la s s , w h e retiK ,
nbb
gK ijjCC tc
ti mod)(
,
t
iC
U se r k e y ge ne ra tion :
If a u s e r is a s s ign ed to c la s s fo r a s e t o f tim e p e rio d s , th en th e u se r ge t a u s e r key
nbb
gK ijjCC Tt tc
Ti mod)()(
,
T
Key Assignment (cont…)
Key Assignment (cont…)
K e y d e riva tion :
If a u s e r, w ith a u s e r key , w o u ld like to d e rive an en c ry p tio n key , th en th e u s e r p e rfo rm s th e fo llo w in g co m p u ta tio n
TiK ,
,kK
,
,,
,,,
mod)(
mod))()()((
mod))((
)(
k
CC c
tTt tCCCC cTt tCC c
tTt tCCCC c
Ti
K
nbb
g
naabb
g
naa
K
kj j
kjij jij j
kjij j
Comparison
Schemes Tzeng Chien W & L The Scheme
Security Broken Broken
# of public parameters
O(m) O(m²) O(m z) O(m+z)
Assign non-consecutive time periods
No No Yes Yes
System’s life Limited Limited Unlimited, but with
extra effort
Unlimited
Hardware support
No Yes No No
Future Works
Develop dynamic management component of the scheme: add (delete) new classes, add (delete) users, add (delete) time periods to (from) users.
Comprehensive analysis of the efficiency of the scheme: storage, computation…
Formal proofs of the security.