@inproceedings{ddf0926d3ce64363953cb739f4571285,
title = "Key management for non-tree access hierarchies",
abstract = "Access hierarchies are useful in many applications and are modeled as a set of access classes organized by a partial order. A user who obtains access to a class in such a hierarchy is entitled to access objects stored at that class, as well as objects stored at its descendant classes. Efficient schemes for this framework assign only one key to a class and use key derivation to permit access to descendant classes. Ideally, the key derivation uses simple primitives such as cryptographic hash computations and modular additions. A straightforward key derivation time is then linear in the length of the path between the user's class and the class of the object that the user wants to access. Recently, work presented in [2] has given an efficient solution that significantly lowers this key derivation time, while using only hash functions and modular additions. Two fast-key-derivation techniques in that paper were given for trees, achieving O(log log n) and O(1) key derivation times, respectively, where n is the number of access classes. The present paper presents efficient key derivation techniques for hierarchies that are not trees, using a scheme that is very different from the above-mentioned paper. The construction we give in the present paper is recursive and uses the one-dimensional case solution as its base. It makes a novel use of the notion of the dimension d of an access graph, and provides a solution through which no key derivation requires more than 2d+1 hash function computations, even for {"}unbalanced{"} hierarchies whose depth is linear in their number of access classes n. The significance of this result is strengthened by the fact that many access graphs have a low d value (e.g., trees correspond to the case d = 2). Our scheme has the desirable property (as did [2] for trees) that addition and deletion of edges and nodes in the access hierarchy can be {"}contained{"} in the node and do not result in modification of keys at other nodes (no wholesale re-keying as changes are made to the access hierarchy).",
keywords = "Access hierarchy, Dimension of a graph, Fast key derivation",
author = "Atallah, \{Mikhail J.\} and Marina Blanton and Frikken, \{Keith B.\}",
year = "2006",
doi = "10.1145/1133058.1133062",
language = "English",
isbn = "1595933549",
series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",
publisher = "Association for Computing Machinery ",
pages = "11--18",
booktitle = "SACMAT 2006",
address = "United States",
note = "11th ACM Symposium on Access Control Models and Technologies, SACMAT 2006 ; Conference date: 07-06-2006 Through 09-06-2006",
}