All organizations share data in a carefully managed fashion by using access control mechanisms. We focus on enforcing access control by encrypting the data and managing the encryption keys. We make the realistic assumption that the structure of any organisation is a hierarchy of security classes. Data from a certain security class can only be accessed by another security class, if it is higher or equal in the hierarchy. Otherwise access is denied. Our solution is based on the Diffie-Hellman key exchange protocol. The worst case performance of our solution is slightly better than that of all other existing solutions. We show that our performance in practical cases is linear in the size of the hierarchy, whereas the best results from the literature are quadratic.
|Place of Publication||Enschede|
|Publisher||Centre for Telematics and Information Technology (CTIT)|
|Number of pages||23|
|Publication status||Published - Nov 2005|
|Name||CTIT Technical Report Series|
|Publisher||University of Twente, Centre for Telematica and Information Technology (CTIT)|
- Access control
- Hierarchical key management
Zych, A., Doumen, J., Hartel, P., & Jonker, W. (2005). A Diffie-Hellman based Key Management Scheme for Hierarchical Access Control. (CTIT Technical Report Series; No. CTIT-TR-05-57). Enschede: Centre for Telematics and Information Technology (CTIT).