Level System In Key Management And Access Control Methods

With the development of information technology and the widely use of information system, information security such as security, integrality and access control of information system are getting more and more important. The multihierarchy management framework from above to below universally exists in the various commerce, governments, and other organizations. According to this framework, the access frame of the information system requirs access privileges and visit rights of relevant informations from successors to predecessors, but quite different on the contrary. This kind of frame, that is access mode from above to below ,is called user hierarchy management system. In order to ensure the information security, we assume that all the information in this system is stored after being encrypted. If users on one certain hierarchy of this system want to fetch the lower hierarchy users' information, they should obtain the cryptographic key firstly, and then get the secret information by decrypting. One of the approaches to realize access control of information system is the management of cryptographic keys.Up to now, cryptographic key management and access control in all of the user hierarchy systems are divided into three types. First of all, the generation, distribution and dynamic management of cryptographic key are relative fixed in the user hierarchy system. Successor's cryptographic key can only be obtained from cryptographic key derivation, and sub-successor's cryptographic key can be obtained from recursion derivation.The more complex things are to add or delete user class and relationship of user class which could affect the whole user hierarchy system, it can also be said that it is not flexible to dynamic access control in the system. Secondly, we can use Chinese Remainder Theorem and polynomial interpolation to generate and derive the cryptographic key. This derivation can get all of the cryptographic keys to access successors,adding or deleting user class and relationship of user class, modifying user cryptographic key etc. only affect part of user classes.Thirdly, the cryptographic key with time-constraint. One user access successor's information is limited by the life period, i.e. the user can only get the successor's cryptographic key and further information in given time period. The user will not get the information as soon as the time is out.Basically, a good cryptographic key assignment scheme must satisfy thefollowing requirements.(1) The algorithms for generation and derivation of cryptographic keys should be very simple and efficient;(2) The system should be able to withstand the attacks originated from the corraborating of some users to derive their predecessor's or sibling's keys;(3 ) The size of public parameters should be as small as possible;(4) The system should be flexible enough to handle the dynamic access controlproblems in an existing hierarchy.The above four aspects are also the main problem in every existing user hierarchy system. Some of these systems are either complicated in derivation or not safe enough. Some public parameters need large spaces to store. Others are not flexible enough to access control dynamically.Besides analyzing the advantages and disadvantages in management of cryptographic key and access control methods of traditional user hierarchy system, we concentrate on practicability of the systems according to the four aspects we mentioned above. Based on the above analysis, we introduce three new schemes. The former two schemes can not only solve the difficulties of the complicate in derivation, security, number of public parameter and the size of space, but also the practicability of different schemes. In these schemes, we discuss such dynamic access control method as how to add/delete user class, user class relationship, modification of cryptographic key for user class etc. in details. After that, we also analyze the security, computation quantity and storage in these schemes. The comparisons with the same kinds of schemes are proposed at last. We propose a new cryptographic key dynamic access scheme with time-constraint and can solve the problems we mentioned above. In this method, we try to solve the problems of the complicate in derivation, security, number and storage of public parameter in the scheme. We also discuss the dynamic access control for the user classes in details and the comparison to the previous schemes in the aspect of security. As the final step we analyze the difference between the new method we introduced and the previous schemes.