Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem

Authors:
Ashok Kumar Das;Nayan Ranjan Paul;Laxminath Tripathy
Affiliations:
Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India;Department of Computer Science, KMBB College of Engineering and Technology, Khurda 752 056, India;Department of Information Technology, Eastern Academy of Science and Technology, Bhubaneswar 754 001, India
Venue:
Information Sciences: an International Journal
Year:
2012

Citing 11
Cited 4

An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy

IEEE Transactions on Computers
A cryptographic key generation scheme for multilevel data security

Computers and Security
Cryptographic solution to a problem of access control in a hierarchy

ACM Transactions on Computer Systems (TOCS)
Cryptography and Network Security: Principles and Practice

Cryptography and Network Security: Principles and Practice
Formal Proofs for the Security of Signcryption

PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
A Key Assignment Scheme for Controlling Access in Partially Ordered User Hierarchies

AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem

Journal of Systems and Software
Access control in user hierarchy based on elliptic curve cryptosystem

Information Sciences: an International Journal
Probabilistic algorithms in finite fields

SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Research: Dynamic key management schemes for access control in a hierarchy

Computer Communications
Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting

IEEE Transactions on Information Theory

Data embedding for vector quantization image processing on the basis of adjoining state-codebook mapping

Information Sciences: an International Journal
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System

Journal of Medical Systems
An efficient access control scheme in user hierarchy based on polynomial interpolation and hash function

International Journal of Communication Networks and Distributed Systems
A secure effective key management scheme for dynamic access control in a large leaf class hierarchy

Information Sciences: an International Journal

Quantified Score

Hi-index	0.07

Visualization

Abstract

In a key management scheme for hierarchy based access control, each security class having higher clearance can derive the cryptographic secret keys of its other security classes having lower clearances. In 2008, Chung et al. proposed an efficient scheme on access control in user hierarchy based on elliptic curve cryptosystem [Information Sciences 178 (1) (2008) 230-243]. Their scheme provides solution of key management efficiently for dynamic access problems. However, in this paper, we propose an attack on Chung et al.'s scheme to show that Chung et al.'s scheme is insecure against the exterior root finding attack. We show that under this attack, an attacker (adversary) who is not a user in any security class in a user hierarchy attempts to derive the secret key of a security class by using the root finding algorithm. In order to remedy this attack, we further propose a simple improvement on Chung et al.'s scheme. Overall, the main theme of this paper is very simple: a security flaw is presented on Chung et al.'s scheme and then a fix is provided in order to remedy the security flaw found in Chung et al.'s scheme.