Efficient Time-Bound Hierarchical Key Assignment Scheme Source: IEEE Transactions on Knowledge and Data Engineering, Vol. 16, No. 10, Oct. 2004, pp. 1301-1304 Authors: Hung-Yu Chien Speaker: Chia-Lin Kao Date: 2004/09/22

Outline Introduction Proposed scheme Conclusions

Introduction A B C F D E

Notations Role: Ci, Cj, TA(Trusted Agent) Data in Cards: IDi, ki, ht1(a), hz-t2(b), X ki: secret key for Ci a, b: random secret values at TA z: max time periods hm(x) = h(h(…(h(x))…)) Ki,t: key for Ci at time t h(): a secure one-way hash function

Proposed Scheme Initialization: TA randomly selects n secret key ki, 1≤i≤n, and two random secret values a and b. TA publishes a public value rij on an authenticated public board. X is TA’s secret key rij=h(X||IDi||IDj||ki) ⊕kj

Proposed Scheme User Registration: TA distributes ki to Ci through a secure channel. TA also issues the user a tamper-rsistant device in which TA’s secret key X, and the identity of Ci, IDi, ht1(a), hz-t2(b) are stored.

Proposed Scheme Encrypting Key Gneration: At time t (t1≤t≤t2), the data belonging to Cj would be encrypted by the key Kj,t Kj,t=h(kj⊕ht(a)⊕hz-t (b))

Proposed Scheme Decrypting Key Derivation: Ci inputs rij, IDj, and ki deivce computes kj by kj=rij⊕h(X||IDi||IDj||ki) ht(a)=ht-t1(ht1(a)) hz-t(b)=ht2-t(hz-t2(b)) Kj,t=h(kj⊕ht(a)⊕hz-t (b)) rij=h(X||IDi||IDj||ki) ⊕kj t1≤t≤t2

Conclusions New time-bound key assignment scheme based on a low-cost tamper-resistant device. Without public key cryptography, our scheme greatlyreduces the computational load and the implementation cost.