A Time-Bound Hierarchical Key Assignment

Cryptosystem with No Lifetime Limit

Jyh-haw YehDept. of Computer Science

Boise State University

Problem history

The problem was first proposed by Tzeng (2002).

Alternative schemes: Chien’s (2004), Huang and Chang’s (2004), Wang and Laih’s (2006).

Tzeng’s, Chien’s, Huang and Chang’s schemes were broken.

Wang and Laih’s scheme is secure but cannot assign keys on the fly.

Problem

A system is divided into n classes.

These n classes form a hierarchical structure.

Time is divided into periods.

Each user is assigned to a class C_i with a set of time periods T.

The system give the user a user key K_{I,T}.

Problem (cont…)

Each class C_j in each time period t encrypts its own data by a key K_{j,t}.

A user, in C_i with time periods T, is able to access data in C_j encrypted at time t iff C_i is higher than C_j and t is in T.

The problem becomes assigning keys so that K_{i,T} K_{j,t} iff C_i is higher than C_j and t is in T.

Problem (cont…)

C 1 ,1

C 2 ,1 C 3 ,1

C 4 ,1 C 5 ,1C 6 ,1

C 1 , t

C 2 , t C 3 , t

C 4 , t C 5 , tC 6 , t

- - - - - - - - - - - - - - - -

T im e p er io d 1 T im e p er io d t

E a c h c la s s C j ,t ha s a k e y K j ,t to e nc ry p t d a ta ge ne ra te d a t tim e t

E a c h u s e r is a s s igne d a k e y K i ,T if he b e lo ngs to c la s s C i w ith a s e t o f tim e p e rio d T

A s s ign k e y s in a w a y tha t K i ,T is a b le to d e riv e K j ,t iff C i > = C j a ndt in T

Application

A publisher publishes journals periodically. Different packages of journals for

subscription.Users subscribe packages for different

time periods.Only subscribed users can access the

journals published in the time periods the users subscribed to.

Application (cont…)

The journals can be just posted online, but encrypted.

Each journal published in different time period is encrypted by a different key .

Each user has one user key.

The user key can decrypt only the journals the user are entitled to access.

An Example

Key Assignment

Based on RSA algorithm.4 processes:

Initialization: compute parameters. Encryption key Generation: assign an encryption

key for each class at each time period. User key generation: Key derivation: use a user key and some public

parameters to derive an encryption.

Key assignment (cont…)

In it ia liz a tion :

F ind tw o la rge p rim e s p a nd q , the nC ho o s e a nu m b e rC o m p u te a p a ir o f p a ra m e te rs

fo r e a c h c la s s , w he re

P u b lic p a ra m e te rs : a nd a ll .

qpn ng

iC

),(ii cc ba

ngg icicba

mod

n saic'

Key Assignment (cont…)

iC

),( tt ba

ngg tt ba mod

E nc ryption k e y ge ne ra tion :

A t ea ch tim e p e rio d , c o m p u te a p a ir o f p a ra m e te rs , w h e re

A s s ign a n e n c ry p tio n fo r e ac h c la s s , w h e retiK ,

nbb

gK ijjCC tc

ti mod)(

,

t

iC

U se r k e y ge ne ra tion :

If a u s e r is a s s ign ed to c la s s fo r a s e t o f tim e p e rio d s , th en th e u se r ge t a u s e r key

nbb

gK ijjCC Tt tc

Ti mod)()(

,

T

Key Assignment (cont…)

Key Assignment (cont…)

K e y d e riva tion :

If a u s e r, w ith a u s e r key , w o u ld like to d e rive an en c ry p tio n key , th en th e u s e r p e rfo rm s th e fo llo w in g co m p u ta tio n

TiK ,

,kK

,

,,

,,,

mod)(

mod))()()((

mod))((

)(

k

CC c

tTt tCCCC cTt tCC c

tTt tCCCC c

Ti

K

nbb

g

naabb

g

naa

K

kj j

kjij jij j

kjij j

Comparison

Schemes Tzeng Chien W & L The Scheme

Security Broken Broken

# of public parameters

O(m) O(m²) O(m z) O(m+z)

Assign non-consecutive time periods

No No Yes Yes

System’s life Limited Limited Unlimited, but with

extra effort

Unlimited

Hardware support

No Yes No No

Future Works

Develop dynamic management component of the scheme: add (delete) new classes, add (delete) users, add (delete) time periods to (from) users.

Comprehensive analysis of the efficiency of the scheme: storage, computation…

Formal proofs of the security.