北京大学学报(自然科学版)

一个基于单向散列函数的实用等级密钥管理方案

韩心慧1,龙勤1,司端锋2,诸葛建伟1,叶志远1   

  1. 1北京大学计算机科学技术研究所,北京100871;2中国科学院软件研究所信息安全国家重点实验室,北京100080;
  • 收稿日期:2007-06-19 出版日期:2008-07-20 发布日期:2008-07-20

A Practical Hierarchical Key Management Scheme Based on One-Way Hash Function

HAN Xinhui1 LONG Qin1 SI Duanfeng2 ZHUGE Jianwei1 YE Zhiyuan1   

  1. 1Institute of Computer Science and Technology, Peking University, Beijing 100871; 2State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080;
  • Received:2007-06-19 Online:2008-07-20 Published:2008-07-20

摘要: 针对等级角色的权限管理和访问控制,形式化地定义与分析了等级密钥管理问题,提出了一个基于单向散列函数的实用的等级密钥管理方案。该方案允许各等级角色自主选择主密钥,并利用安全的单向散列函数和公开的辅助参数构造角色间的等级权限关系,其密钥生成与密钥推导过程简单快捷,能够有效地满足等级系统权限管理的安全需求。与目前已有的等级密钥管理方案相比较,密钥推导效率及存储开销均有所优化,同时能够更好地适应等级角色访问控制的动态变化。

关键词: 信息安全, 角色访问控制, 密钥管理, 等级安全

Abstract: A formal definition and analysis on the hierarchical key management is presented for permission management and access control problem in the role hierarchy. Based on one-way hash function, a practical hierarchical key management scheme is proposed. This scheme allows the role to select its master key by itself, and constructs the hierarchical permission relationship with secure hash function and public parameters. The process of key generation and derivation is simple and effective in this proposed scheme, which satisfies the security requirement of the hierarchical permission management. Compared with other present schemes, the new scheme optimizes the efficiency of key derivation and storage overhead. The dynamic access control of hierarchical role can be adapted in this new scheme.

Key words: information security, role-based access control, key management, hierarchy security

中图分类号: