A Practical Hierarchical Key Management Scheme Based on One-Way Hash Function

Acta Scientiarum Naturalium Universitatis Pekinensis

Previous Articles Next Articles

A Practical Hierarchical Key Management Scheme Based on One-Way Hash Function

HAN Xinhui¹ LONG Qin¹ SI Duanfeng² ZHUGE Jianwei¹ YE Zhiyuan¹

¹Institute of Computer Science and Technology, Peking University, Beijing 100871； ²State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080；

Received:2007-06-19 Online:2008-07-20 Published:2008-07-20

一个基于单向散列函数的实用等级密钥管理方案

韩心慧¹,龙勤¹,司端锋²,诸葛建伟¹,叶志远¹

¹北京大学计算机科学技术研究所，北京100871；²中国科学院软件研究所信息安全国家重点实验室，北京100080；

Abstract

Abstract: A formal definition and analysis on the hierarchical key management is presented for permission management and access control problem in the role hierarchy. Based on one-way hash function, a practical hierarchical key management scheme is proposed. This scheme allows the role to select its master key by itself, and constructs the hierarchical permission relationship with secure hash function and public parameters. The process of key generation and derivation is simple and effective in this proposed scheme, which satisfies the security requirement of the hierarchical permission management. Compared with other present schemes, the new scheme optimizes the efficiency of key derivation and storage overhead. The dynamic access control of hierarchical role can be adapted in this new scheme.

Key words: information security, role-based access control, key management, hierarchy security

摘要： 针对等级角色的权限管理和访问控制，形式化地定义与分析了等级密钥管理问题，提出了一个基于单向散列函数的实用的等级密钥管理方案。该方案允许各等级角色自主选择主密钥，并利用安全的单向散列函数和公开的辅助参数构造角色间的等级权限关系，其密钥生成与密钥推导过程简单快捷，能够有效地满足等级系统权限管理的安全需求。与目前已有的等级密钥管理方案相比较，密钥推导效率及存储开销均有所优化，同时能够更好地适应等级角色访问控制的动态变化。

关键词: 信息安全, 角色访问控制, 密钥管理, 等级安全

CLC Number:

TP309

HAN Xinhui,LONG Qin,SI Duanfeng,ZHUGE Jianwei,YE Zhiyuan. A Practical Hierarchical Key Management Scheme Based on One-Way Hash Function[J]. Acta Scientiarum Naturalium Universitatis Pekinensis.

韩心慧,龙勤,司端锋,诸葛建伟,叶志远. 一个基于单向散列函数的实用等级密钥管理方案[J]. 北京大学学报（自然科学版）.

[1]	XU Dongyang,TANG Zhi,YU Yinyan. SDDRM: Toward Segment-Based Dynamic Digital Rights Management in Document Protection [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2012, 48(4): 565-573.
[2]	LI Jiajing,LIANG Zhiyin,WEI Tao,MAO Jian. A Malicious Behavior Analysis Method Based on Program Semantic [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2008, 44(4): 537-542.
[3]	WEI Tao,MAO Jian,ZOU Wei . A Novel Compound Conditions Recognition Algorithm in Decompilation [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2008, 44(1): 37-43.

A Practical Hierarchical Key Management Scheme Based on One-Way Hash Function

一个基于单向散列函数的实用等级密钥管理方案

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics