A centralized key management scheme for hierarchical access control

Abstract

Key management schemes are used to provide access control to data streams for legitimate users. The users often have certain partially ordered relations, while data streams also form some partially ordered relations. Previous key management schemes have failed to take into consideration either the user relations or data stream relations. We propose a centralized key management scheme for hierarchical access control that considers both partially ordered users and partially ordered data streams. Our scheme improves the efficiency of key management by encrypting multiple equivalent data streams with a single data encryption key, instead of encrypting each data stream with a unique data encryption key in the multi-group key management scheme (Sun, Y. and Ray Liu, K.J., IEEE INFOCOM, 2004). We develop a simulation model to evaluate the performance of our proposed scheme. Simulation results show that our scheme reduces at least 20% of storage overhead at every user and rekey overhead compared to the multi-group key management scheme.