Hierarchical structures are frequently used to manage access to sensitive data in various contexts, ranging from organizational settings to IoT networks. A Hierarchical Key Assignment Scheme (HKAS) is designed to cryptographically enforce access control in hierarchical structures. It operates by assigning secrets and encryption keys to a set of classes within a partially ordered hierarchy. This approach ensures that the secret of a higher-level class can be used to efficiently derive keys for all classes positioned at a lower level in the hierarchy. In this paper, we introduce a novel cryptographic primitive that we name HKAS with Key Rotation (KR-HKAS). This extension enhances the current HKAS framework by enabling a provably secure mechanism for periodically rotating both encryption keys and secrets, without necessitating a complete setup reset. This proactive approach effectively mitigates the risk of security breaches due to compromised cryptographic material, aligning with the best security practice.

Hierarchical Key Assignment Schemes with Key Rotation

Alfredo De Santis;Barbara Masucci
2024-01-01

Abstract

Hierarchical structures are frequently used to manage access to sensitive data in various contexts, ranging from organizational settings to IoT networks. A Hierarchical Key Assignment Scheme (HKAS) is designed to cryptographically enforce access control in hierarchical structures. It operates by assigning secrets and encryption keys to a set of classes within a partially ordered hierarchy. This approach ensures that the secret of a higher-level class can be used to efficiently derive keys for all classes positioned at a lower level in the hierarchy. In this paper, we introduce a novel cryptographic primitive that we name HKAS with Key Rotation (KR-HKAS). This extension enhances the current HKAS framework by enabling a provably secure mechanism for periodically rotating both encryption keys and secrets, without necessitating a complete setup reset. This proactive approach effectively mitigates the risk of security breaches due to compromised cryptographic material, aligning with the best security practice.
2024
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4862293
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact