Enforcing the security of a time-bound hierarchical key assignment scheme

Information Sciences 176 (2006) 1684–1694 www.elsevier.com/locate/ins

Enforcing the security of a time-bound hierarchical key assignment scheme Alfredo De Santis, Anna Lisa Ferrara, Barbara Masucci

*

Dipartimento di Informatica ed Applicazioni, Universita` di Salerno, Via S. Allende 1, 84081 Baronissi (SA), Italy Received 11 March 2005; received in revised form 25 May 2005; accepted 6 July 2005

Abstract A time-bound hierarchical key assignment scheme is a method to assign a cryptographic key to each class of users in a system organized as a partially ordered hierarchy, in such a way that key derivation is constrained both by class relationships and by time. Recently, a time-bound hierarchical key assignment scheme based on tamper-resistant devices and requiring low computational load and implementation cost has been proposed. Unfortunately, the scheme is not secure. In this paper we show how three malicious users can handle public and private information to misuse their tamper-resistant devices in order to compute some encryption keys that they should not be able to learn. We also show some countermeasures to withstand the weakness we have exploited.  2005 Elsevier Inc. All rights reserved. Keywords: Access control; Key assignment; Collusion attack

*

Corresponding author. Tel.: +39 089 965 336; fax: +39 089 965 272. E-mail addresses: [email protected] (A. De Santis), [email protected] (A.L. Ferrara), [email protected] (B. Masucci). 0020-0255/$ - see front matter  2005 Elsevier Inc. All rights reserved. doi:10.1016/j.ins.2005.07.002

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

1685

1. Introduction The access control problem deals with the specification of usersÕ access permission and is a fundamental issue in any system that manages distributed resources. We consider a scenario where the users of a computer system are organized in a hierarchy formed by a certain number of disjoint classes, called security classes. A hierarchy arises from the fact that some users have more access rights than others. In the real world there are several examples of hierarchies where an access control is required. Applications exist in business and in other areas of the private sector, for example in the management of databases containing sensitive information or in the protection of industrial secrets. Similar situations abound in other areas, particularly in the government and military. A hierarchical key assignment scheme is a method to assign an encryption key and some private information to each class in the hierarchy. The encryption key will be used by each class to protect its data by means of a symmetric cryptosystem. The private information will be used by each class to compute the keys assigned to all classes lower down in the hierarchy. This assignment is carried out by a central authority, which is active only at the distribution phase. Akl and Taylor [2] first proposed an elegant hierarchical key assignment scheme. In their scheme each class is assigned a key that can be used, along with some public parameters generated by a central authority, to compute the key assigned to any class lower down in the hierarchy. Subsequently, many researchers have proposed schemes that either have better performances or allow insertion and deletion of classes in the hierarchy (e.g. [5–9,11]). The problem of designing key assignment schemes for any arbitrary access control policy (i.e., not satisfying the anti-symmetric and transitive properties of a partially ordered hierarchy) has been considered in [4], where a general construction using as a building block a hierarchical key assignment scheme has been proposed. In some situations, as electronic paper subscription and digital TV broadcasting, a user may be assigned to a certain class for only a certain period of time. In such situations the users need a different key for each time period, to encrypt their data. A straightforward implementation of such an assignment scheme requires users to handle a large amount of keys, which is not practical. The problem of reducing the space complexity of the basic straightforward solution was first considered by Tzeng [13], who proposed a time-bound hierarchical key assignment scheme. In his scheme the key derivation is constrained not only by the hierarchy on the classes, but also by the time period. Once the time period is expired, users in a class cannot access any subsequent class keys. However, Yi and Ye [12] showed that the scheme proposed by Tzeng was insecure against collusion attacks carried out by non-authorized users. Recently, Chien [3] has proposed a new time-bound hierarchical key assignment scheme

1686

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

based on tamper-resistant devices that perform only simple arithmetic operations, such as computing hash values or XOR operations. The scheme requires low computational load and implementation cost. In this paper we show that ChienÕs scheme is insecure against collusion attacks carried out by non-authorized users. In particular, we show how three malicious users can handle public and private information to misuse their tamper-resistant devices in order to compute some encryption keys that they should not be able to learn. We also show some countermeasures to withstand the attack we have exploited. The paper is organized as follows: in Section 2 we briefly describe ChienÕs time-bound hierarchical key assignment scheme and remark its security weaknesses. In Section 3 we propose some countermeasures to withstand the attack described in Section 2. Finally, in Section 4 we draw our conclusions.

2. Overview of ChienÕs scheme Consider a set of users divided into a number of disjoint classes, C1, . . . , Cn, called security classes. A security class can represent a person, a department, or a user group in an organization. In accordance with authority, position, or power, there is a binary relation  that partially orders the set of classes C = {C1, . . . , Cn}. The poset (C, ) is called a partially ordered hierarchy. For any two classes Ci and Cj, the notation Ci  Cj is used to indicate that the users in Cj can access CiÕs data. Clearly, since Cj can access its own data, it holds that Cj  Cj, for any j = 1, . . . , n. The partially ordered hierarchy (C, ) can be represented by a directed acyclic graph, where each class corresponds to a vertex in the graph and there is an edge from class Cj to class Ci if and only if Ci  Cj. Further, this graph can be simplified by eliminating all self-loops and edges which can be implied by the property of the transitive closure. The life-time of a time-bound cryptographic key assignment scheme for (C, ) is divided into a certain number of time periods, starting at time period 0 and ending at time period z. Each class Cj has several encryption keys, one for each time period. We denote by Kj,t the key assigned to class Cj at time period t. Such a key is used by the users in Cj to encrypt their data at time period t. A user belonging to class Cj from time period t1 to time period t2 can compute the key Ki,t held by class Ci at time period t if and only if Ci  Cj and t1 6 t 6 t2. ChienÕs scheme [3] is based on the following main assumptions: (1) There is a secure one-way hash function h( ). (2) Tamper-resistant devices are available. The owner cannot access the protected data in the device.

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

1687

(3) There is a Trusted Agent (TA) whose task is to assign the encryption keys and the private information to the classes. (4) The system starts at time period 0 and ends at an arbitrary large time period z. Other assumptions implicitly used by the scheme are the following: (1) An authenticated public-board is available. Everyone can read the data on the board but only the TA can update the data. (2) There is a secure channel connecting the TA to each class of users. Such a channel is used by the TA to distribute the private information to each class during the user registration phase. (3) Each class Ci has a public identity IDi. (4) The hierarchy (C, ) is public. The scheme is composed of four phases: initialization, user registration, encrypting key generation and decrypting key derivation. Initialization. The TA randomly chooses two secret values a and b and a secret key ki, for any i = 1, . . . , n. Moreover, for any two distinct classes Ci and Cj such that Cj  Ci and there is no class C‘ such that Cj  C‘  Ci, the TA publishes the value rij = h(XkIDikIDjkki)  kj on the authenticated public board, where X is the TAÕs secret key, k denotes the string concatenation, and  denotes the bit-wise XOR operation. In order to enhance the security of the scheme, the keys k1, . . . , kn could be updated at fixed intervals, depending on the system requirements. User registration. The TA sends to each class Ci the secret key ki, chosen during the initialization phase, by using a secure channel. Any user belonging to Ci in time interval [t1, t2] will be able to compute its encryption key Ki,t, for any time period t1 6 t 6 t2, by using the secret key ki and a tamper-resistant device issued by the TA. Such a device contains • • • •

the TAÕs secret key X; the identity IDi of Ci; the time periods t1, t2, and z; the hash values ht1 ðaÞ and hzt2 ðbÞ, where the expression hm(x) denotes the application of m cascade hashing operations starting from x.

Notice that if during time interval [t1, t2] the TA needs to update the key ki held by class Ci, it also has to update the public values rij for any class Cj such that Cj  Ci and there is no class C‘ such that Cj  C‘  Ci. Moreover, the TA also has to update the public values rji for any class Cj such that Ci  Cj and there is no class C‘ such that Ci  C‘  Cj. However, there is no need to issue a new tamper-resistant device to Ci, since the key ki is not stored on the device.

1688

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

Encrypting key generation. The data belonging to Ci during the time period t will be encrypted by using the key Ki,t = h(ki  ht(a)  hzt(b)). Decrypting key derivation. Let Ci and Cj be two distinct classes such that Cj  Ci and there is no class C‘ such that Cj  C‘  Ci. An user belonging to Ci in time interval [t1, t2] is able to compute the key Kj,t held by Cj at time period t, where t1 6 t 6 t2, by executing the following steps: (1) The user inputs to its tamper-resistant device the public value rij, the identity IDj, the time period t, and his secret key ki. (2) The tamper-resistant device derives the secret key kj by computing kj = rij  h(XkIDikIDjkki). (3) The tamper-resistant device computes ht ðaÞ ¼ htt1 ðht1 ðaÞÞ and hzt ðbÞ ¼ ht2 t ðhzt2 ðbÞÞ. (4) The tamper-resistant device computes Kj,t = h(kj  ht(a)  hzt(b)). The above steps can be performed when Cj  Ci and there is no class C‘ such that Cj  C‘  Ci. On the other hand, if C j  C ‘s      C ‘1  C i , where s P 1, similar computations can be performed to iteratively compute the key held by any class in the path from Ci to Cj. For clarity, we explain how this happens: (1) The user inputs to its tamper-resistant device the sequential list of the public values ri‘1 ; r‘1 ‘2 ; . . . ; r‘s1 ‘s ; r‘sj and of the identities ID‘1 ; . . . ; ID‘s , IDj of the classes along the path from Ci to Cj, the time period t, and his secret key ki. (2) The tamper-resistant device derives the secret key k ‘1 by computing k ‘1 ¼ ri‘1  hðX kIDi kID‘1 kk i Þ. Afterwards, for any w = 2, . . . , s, it computes k ‘w ¼ r‘w 1‘w  hðX kID‘w 1 kID‘w kk ‘w 1 Þ. Finally, it computes k j ¼ r‘s j  hðX kID‘s kIDj kk ‘s Þ. (3) The tamper-resistant device computes ht ðaÞ ¼ htt1 ðht1 ðaÞÞ and hz  tðbÞ ¼ ht2 t ðhzt2 ðbÞÞ. (4) The tamper-resistant device computes Kj,t = h(kj  ht(a)  hzt(b)). Clearly, any user belonging to Ci in time interval [t1, t2] is also able to compute the key Ki,t, where t1 6 t 6 t2. This is implicit in ChienÕs scheme, but for clarity we explain how this happens: (1) The user inputs to its tamper-resistant device the time period t and his secret key ki. (2) The tamper-resistant device computes ht ðaÞ ¼ htt1 ðht1 ðaÞÞ and hzt ðbÞ ¼ ht2 t ðhzt2 ðbÞÞ. (3) The tamper-resistant device computes Ki,t = h(kiht(a)  hzt(b)).

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

1689

2.1. A security weakness In this section we show a security weakness of ChienÕs scheme, relying in the fact that malicious users can handle public and private information, which is not authenticated, to misuse their tamper-resistant devices in order to compute some encryption keys that they should not be able to learn. Consider the hierarchy of Fig. 1 and assume that the users in C1, C2, C3, and C4 are associated with time intervals [t1, t6], [t2, t5], [t3, t4], and [t2, t3], respectively, where 0 6 t1 < t2 < t3 < t4 < t5 < t6 6 z. During the initialization phase, the TA randomly chooses the secret keys k1, k2, k3, k4 and publishes the values r12 = h(XkID1kID2kk1)  k2, r13 = h(XkID1kID3kk1)  k3, and r24 = h(XkID2kID4kk2)  k4 on the authenticated public-board. During the user registration phase, the TA sends to each class the corresponding secret key and the tamper-resistant devices. Since C4  C2, during the decrypting key derivation phase users in C2 can use the public value r24 and their tamper-resistant device to compute K4,t, for any time period t2 6 t 6 t5. In the following we show how users in C3 and C4 can collude to compute a faked public value r024 . Such a value can be used at any time period t such that t2 6 t < t3 and t4 < t 6 t5 to misuse the tamper-resistant device held by users in C2, in order to compute the unauthorized key K3,t. Notice that, according to ChienÕs scheme, users in C3 should not be able to compute K3,t for any time period t such that 0 6 t < t3 and t4 < t 6 z, even if they collude with other unauthorized classes with distinct time intervals. In order to compute the faked public value, the coalition has to perform very simple operations, i.e., two XOR operations, as shown in the following: (1) A malicious user belonging to C4 in time interval [t2, t3] uses the public value r24 = h(XkID2kID4kk2)  k4 and its secret key k4 to compute the hash value h(XkID2kID4kk2) = r24  k4. (2) A malicious user belonging to C3 in time interval [t3, t4] uses its secret key k3 and the hash value h(XkID2kID4kk2), computed by the malicious user in C4, to compute a faked public value r024 ¼ hðX kID2 kID4 kk 2 Þ  k 3 .

Fig. 1. A partially ordered hierarchy.

1690

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

Now we show how a malicious user in C2 can use the faked public value r024 computed by the malicious users in C3 and C4 to misuse the tamper-resistant device held by users in C2, in order to compute the unauthorized key K3,t for any time period t such that t2 6 t < t3 and t4 < t 6 t5. (1) The malicious user in C2 inputs to its tamper-resistant device the faked public value r024 , the identity ID4, the time period t, and his secret key k2. (2) The tamper-resistant device computes r024  hðX kID2 kID4 kk 2 Þ ¼ k 3 . (3) The tamper-resistant device computes ht ðaÞ ¼ htt2 ðht2 ðaÞÞ and hzt ðbÞ ¼ ht5 t ðhzt5 ðbÞÞ. (4) The tamper-resistant device computes K3,t = h(k3  ht(a)  hzt(b)). Therefore, users in C3 are able to compute the key K3,t for any time period t such that t2 6 t < t3 and t4 < t 6 t5, by colluding with other unauthorized classes with distinct time intervals.

3. Improving the security of ChienÕs scheme The weakness of ChienÕs scheme we have exploited relies in the fact that malicious users can handle public and private information, which is not authenticated, to misuse their tamper-resistant devices. In the following we propose some countermeasures to withstand the attack described in the previous section. In order to improve the security of the scheme, the ideas behind such proposals can be combined together. 3.1. A first countermeasure The first countermeasure we propose requires the TA to perform one more hashing operation for each public value, but does not change the kind of operations performed by the tamper-resistant devices held by the users. For each pair of distinct classes Ci and Cj such that Cj  Ci and there is no class C‘ such that Cj  C‘  Ci, the TA could compute the public value rij as rij = h(XkIDikIDjkki)  h(Xkkj). The encryption key for class Cj at time period t could be defined as Kj,t = h(h(Xkkj)  ht(a)  hzt(b)). It is easy to see that the public information cannot be used by malicious users to misuse their tamper-resistant devices. Indeed, even knowing their secret key kj and the public information rij = h(XkIDikIDjkki)  h(Xkkj), the users in Cj cannot compute the hash value h(XkIDikIDjkki) needed to compute the faked public value r0ij , since they do not know the TAÕs secret key X, which is stored on the tamper-resistant device. On the other hand, during the decrypting key derivation, given two distinct classes Cj  Ci, the tamper-resistant device held by users in Ci, on inputs rij,

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

1691

IDj, t, and ki, can compute the hash value h(Xkkj) = rij  h(XkIDikIDjkki), needed to compute Kj,t = h(h(Xkkj)  ht(a)  hzt(b)). 3.2. A second countermeasure The second countermeasure we propose requires the TA and the tamperresistant devices held by the users to perform encryptions and decryptions, respectively, by using a secure symmetric key cryptosystem [10]. Let E and D be the encryption and decryption functions of a symmetric cryptosystem. We denote by EK(x) and DK(y) the encryption of the plaintext x and the decryption of the ciphertext y under the symmetric key K, respectively. For each pair of distinct classes Ci and Cj such that Cj  Ci and there is no class C‘ such that Cj  C‘  Ci, the TA could compute the public value rij as rij ¼ Ef ðX ;IDi ;IDj ;ki Þ ðk j Þ, i.e., as the encryption of kj under a symmetric key f(X, IDi, IDj, ki), where f denotes a suitable function, for example, f(X, IDi, IDj, ki) = h(XkIDikIDjkki). Notice that the size of the symmetric key depends on the selected function f. Thus, by appropriately selecting f, several symmetric encryption schemes can be used. It is easy to see that the public information cannot be used by malicious users to misuse their tamper-resistant devices. Indeed, if the symmetric cryptosystem is secure, users in Cj cannot derive the symmetric key f(X, IDi, IDj, ki) from the knowledge of the plaintext kj and the ciphertext rij. Therefore, they cannot compute the faked public value r0ij needed in our attack. On the other hand, during the decrypting key derivation, given two distinct classes Cj  Ci, the tamper-resistant device held by users in Ci, on inputs rij, IDj, t, and ki, can compute the symmetric key f(X, IDi, IDj, ki) and then compute k j ¼ Df ðX ;IDi ;IDj ;ki Þ ðrij Þ by decrypting rij, in order to obtain Kj,t = h(kj  ht(a)  hzt(b)). Clearly, in addition to computation of hash values, the tamper-resistant device should also be able to perform decryptions. Several symmetric encryption schemes have been designed to run efficiently in a broad range of environments, from smart-cards to programmable gate arrays (for example, the Advanced Encryption Standard (AES) [1]). 3.3. A third countermeasure The third countermeasure we propose consists in authenticating the public information by using a Message Authentication Code (MAC) [10], in order to forbid malicious users to provide forged values to their tamper-resistant devices. More precisely, for each pair of distinct classes Ci and Cj such that Cj  Ci and there is no class C‘ such that Cj  C‘  Ci, the TA could compute a MAC for the message hrijkIDikIDji, by using a symmetric key f(X, IDi, IDj, ki), where f denotes a suitable function, for example, f(X, IDi, IDj,

1692

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

ki) = h(XkIDikIDjkki). Hence, the TA could publish the pair ðhrij kIDi kIDj i; MACf ðX ;IDi ;IDj ;ki Þ ðhrij kIDi kIDj iÞÞ. During the decryption key derivation, users in Ci are also required to input their device with the value MACf ðX ;IDi ;IDj ;ki Þ ðhrij kIDi kIDj iÞ in addition to the values rij, IDj, t, and ki. Since the TAÕs secret key X and the identity IDi are stored on the device, users in Ci can compute MACf ðX ;IDi ;IDj ;ki Þ ðhrij kIDi kIDj iÞ and check if this coincides with the last input value. In this case the device will continue its computation, in the same way as in ChienÕs scheme. On the other hand, if the two values are different, the device will abort its computation. Clearly, in addition to computation of hash values, the tamper-resistant device should also be able to compute a MAC. 3.4. Performance evaluation In this section we compare the three countermeasures we have proposed. Denote by Th the time required to perform one hashing operation with the tamper-resistant device and consider a class Ci with time interval [t1, t2]. First we notice that in ChienÕs scheme the device held by Ci is required to perform t2  t1 + 1 hashing operations in order to compute the key Ki,t, thus requiring time (t2  t1 + 1)Th. On the other hand, for any class Cj such that Cj  Ci and there are s P 0 classes along the path from Ci to Cj, the device held by Ci has to perform t2  t1 + s + 2 hashing operations in order to compute the key Kj,t, thus requiring time (t2  t1 + s + 2)Th. In the following we analyze the number of operations required by the proposed countermeasures: (1) The first countermeasure does not change the kind of operations sperformed by the tamper-resistant device held by Ci, but requires it to perform one more hashing operation for each public value rij. Therefore, for any Cj such that Cj  Ci and there are s P 0 classes along the path from Ci to Cj, the device held by Ci, in order to compute the key Kj,t, has to perform further s + 1 hashing operations, thus requiring total time (t2  t1 + s + 2)Th + (s + 1)Th. (2) The second countermeasure also requires the tamper-resistant device held by Ci to perform one decryption for each public value rij. Therefore, for any Cj such that Cj  Ci and there are s P 0 classes along the path from Ci to Cj, the device held by Ci, in order to compute the key Kj,t, has to perform further s + 1 decryptions, thus requiring total time (t2  t1 + s + 2)Th + (s + 1)Td, where Td denotes the time required to perform one decryption operation with the tamper-resistant device. (3) The third countermeasure also requires the tamper-resistant device held by Ci to compute a message authentication code for each public value rij. This does not change the kind of operations performed by the device if a hash-based MAC is used (for example, the HMAC [10]). Therefore,

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

1693

for any Cj such that Cj  Ci and there are s P 0 classes along the path from Ci to Cj, the device held by Ci, in order to compute the key Kj,t, has to perform further s + 1 MAC computations, thus requiring total time (t2  t1 + s + 2)Th + (s + 1)TMAC, where TMAC denotes the time required to perform one MAC computation with the tamper-resistant device. 4. Conclusions Chien [3] has recently proposed a time-bound cryptographic key assignment scheme in a partially-ordered hierarchy. His scheme is based on tamper-resistant devices and requires low computational load and implementation cost. In this paper we have shown how three malicious users may handle public and private information to misuse tamper-resistant devices in order to compute some encryption keys that they should not be able to learn. We have also shown three countermeasures to withstand the weakness we have exploited. Another easy way to prevent the weakness we have exploited requires the TA to store the secret key ki assigned to class Ci on its tamper-resistant device, and give the users in the class a password to access the device. However, if the key ki held by class Ci needs to be updated during the time-interval associated to Ci, the TA is required to issue a new tamper-resistant device to the class. All countermeasures we have proposed do not require such a redistribution, since the key ki is not stored on the device. Acknowledgements We would like to thank the anonymous referees for their careful reading and useful comments. This research has been partially supported by the European Network of Excellence in Cryptology under project IST-2002-507932-Ecrypt and by the University of Salerno under project Sicurezza Dati, Computazione Distribuita e Compressione Dati. References [1] Advanced Encryption Standard. Available from: . [2] S.G. Akl, P.D. Taylor, Cryptographic solution to a problem of access control in a hierarchy, ACM Trans. Comput. Syst. 1 (3) (1983) 239–248. [3] H.Y. Chien, Efficient time-bound hierarchical key assignment scheme, IEEE Trans. Knowled. Data Eng. 16 (10) (2004) 1301–1304. [4] A. De Santis, A.L. Ferrara, B. Masucci, Cryptographic key assignment schemes for any access control policy, Inform. Process. Lett. 92 (4) (2004) 199–205.

1694

A. De Santis et al. / Information Sciences 176 (2006) 1684–1694

[5] L. Harn, H.Y. Lin, A cryptographic key generation scheme for multilevel data security, Comput. Security 9 (6) (1990) 539–546. [6] M.S. Hwang, A cryptographic key assignment scheme in a hierarchy for access control, Math. Comput. Modell. 26 (1) (1997) 27–31. [7] H.T. Liaw, S.J. Wang, C.L. Lei, A dynamic cryptographic key assignment scheme in a tree structure, Comput. Math. Appl. 25 (6) (1993) 109–114. [8] C.H. Lin, Dynamic key management schemes for access control in a hierarchy, Comput. Commun. 20 (1997) 1381–1385. [9] S.J. MacKinnon, P.D. Taylor, H. Meijer, S.G. Akl, An optimal algorithm for assigning cryptographic keys to control access in a hierarchy, IEEE Trans. Comput. C-34 (9) (1985) 797– 802. [10] A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. [11] R.S. Sandhu, Cryptographic implementation of a tree hierarchy for access control, Inform. Process. Lett. 27 (1988) 95–98. [12] X. Yi, Y. Ye, Security of TzengÕs time-bound key assignment scheme for access control in a hierarchy, IEEE Trans. Knowled. Data Eng. 15 (4) (2003) 1054–1055. [13] W.-G. Tzeng, A time-bound cryptographic key assignment scheme for access control in a hierarchy, IEEE Trans. Knowled. Data Eng. 14 (1) (2002) 182–188.