| Nowadays, in most orgnizations, such as companies and government agencies, the personnel are frequently organized in the form of a hierarchy and there are desirable requirements for enabling the important information secure and easy accessing. An effective way to solve these problems is by using various administrative strategies and approaches built upon the techniques of cryptography. For example, multilevel encryption schemes can be applied to provide the confidentiality of archives, while digital signature or authentication codes can be employed to keep the integrality of archives. As the secret key needs to be secret, it is desirable to use effective key assignment protocols as well as key management protocols insure security and convenience of a hierarchy structure system, especially in systems with frequently dynamic change.In the hierarchy structure of a information system, users and their information items are classified into a number of disjoint sets of security classes, say SC = {SC1, SC2,..., SCn}. Every node represents a security class SCi . The so-called dynamic access control in a hierarchy is to add/delete classes, add/delete relationships, and change secret keys.According to cryptographic techniques and knowledge about number theory, key assignment schemes using in a hierarchy structure can be mainly classified as follows: schemes based on the integer factoring problem and the discrete logarithm problem, schemes based on Newton's interpolating polynomial, schemes based on the Chinese Remainder Theorem, schemes based on one-way function, and so on.A good cryptographic key assignment scheme must satisfy the following requirements.(1) The algorithms for generation and derivation of cryptographic keys should be very simple and efficient;(2) The system should be able to withstand the attacks originated from the collaborating of some users to derive their predecessor's or sibling's keys;(3 ) The size of public parameters should be as small as possible;(4) The system should be flexible enough to handle the dynamic access control problems in an existing hierarchy.This paper summarizes the present situation and progress of dynamic access control schemes in a hierarchy, and then gives a brief description of typical key assignment schemes, more specifically, schemes based on the integer factoring problem and the discrete logarithm problem, schemes based on Newton's interpolating polynomial, schemes based on the Chinese Remainder Theorem. This paper also makes analysis of some famous dynamic access control schemes, which are of great significance to the development of this field, and then shows various attack scenarios against these schemes.As the traditional method for dynamic access control in a hierarchy cannot effectively resolve problems in some application setting, two new dynamic access control schemes were proposed to correct this situation, one is built on Newton's interpolating polynomial, and the other is built on one-way function. In the former scheme, when some user at a higher level is absent, a user at a lower level can act as the substitution for him to finish the dynamic access control work. Moreover, the latter scheme can make it attractive for the broadcast encryption environment, e.g., a user at higher level can the key of a user at lower level in an efficient and simple manner and do the dynamic access control work.It is worthwhile nothing that there is still further work to be considered, for instance, how to optimize the process of dynamic access control, which includes adding/deleting security classes, adding/deleting relationships, and changing keys; how to avoid public parameters rapidly increaseing with the number of security classes rising; how to keep the size of public parameters small; how to prevent conspiracy attacks, etc. Integrated with new cryptographic techniques and novel cryptosysytems, improved methods will be provided to effectively implement dynamic access control schemes, which require smaller storage space. |
PDF Full Text Request