Abstract: A formal definition and analysis on the hierarchical key management is presented for permission management and access control problem in the role hierarchy. Based on one-way hash function, a practical hierarchical key management scheme is proposed. This scheme allows the role to select its master key by itself, and constructs the hierarchical permission relationship with secure hash function and public parameters. The process of key generation and derivation is simple and effective in this proposed scheme, which satisfies the security requirement of the hierarchical permission management. Compared with other present schemes, the new scheme optimizes the efficiency of key derivation and storage overhead. The dynamic access control of hierarchical role can be adapted in this new scheme.

Key words: information security, role-based access control, key management, hierarchy security

摘要： 针对等级角色的权限管理和访问控制，形式化地定义与分析了等级密钥管理问题，提出了一个基于单向散列函数的实用的等级密钥管理方案。该方案允许各等级角色自主选择主密钥，并利用安全的单向散列函数和公开的辅助参数构造角色间的等级权限关系，其密钥生成与密钥推导过程简单快捷，能够有效地满足等级系统权限管理的安全需求。与目前已有的等级密钥管理方案相比较，密钥推导效率及存储开销均有所优化，同时能够更好地适应等级角色访问控制的动态变化。

关键词: 信息安全, 角色访问控制, 密钥管理, 等级安全