KEY MANAGEMENT FOR NON - TREE ACCESS HIERARCHIES by Mikhail

Access hierarchies are useful in many applications and are modeled as a set of access classes organized by a partial order. A user who obtains access to a class in such a hierarchy is entitled to access objects stored at that class, as well as objects stored at its descendant classes. Efficient schemes for this framework assign only one key to a class and use key derivation to permit access to descendant classes. Ideally, the key derivation uses simple primitives such as cryptographic hash computations and modular additions. A straightforward key derivation time is then linear in the length of the path between the user’s class and the class of the object that the user wants to access. Recently, work presented in [2] has given an efficient solution that significantly lowers this key derivation time, while using only hash functions and modular additions. Two fastkey-derivation techniques in that paper were given for trees, achieving O(log log n) andO(1) key derivation times, respectively, where n is the number of access classes. The present paper presents efficient key derivation techniques for hierarchies that are not trees, using a scheme that is very different from the above-mentioned paper. The construction we give in the present paper is recursive and uses the onedimensional case solution as its base. It makes a novel use of the notion of the dimension d of an access graph, and provides a solution through which no key derivation requires more than 2d+1 hash function computations, even for “unbalanced” hierarchies whose depth is linear in their number of access classes n. The significance of this result is strengthened by the fact that many access graphs have a low d value (e.g., trees correspond to the case d = 2). Our scheme has the desirable property (as did [2] for trees) that addition and deletion of edges and nodes in the access hierarchy can be “contained” Portions of this work were supported by Grants IIS0325345, IIS-0219560, IIS-0312357, and IIS-0242421 from the National Science Foundation, and by sponsors of the Center for Education and Research in Information Assurance and Security. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SACMAT’06, June 7–9, 2006, Lake Tahoe, California, USA. Copyright 2006 ACM 1-59593-354-9/06/0006 ...$5.00. in the node and do not result in modification of keys at other nodes (no wholesale re-keying as changes are made to the access hierarchy).