Hierarchical and Shared Key Assignment

Access control ensures that only the authorized users of a system are allowed to access certain resources or tasks. Usually, according to their powers and responsibilities, users are organized in hierarchies formed by a certain number of disjoint classes. Such hierarchies are implemented by assigning a key to each class, so that the keys for descendant classes can be derived efficiently from classes higher in the hierarchy. However, in many cases the only hierarchical access represents a limitation. Indeed, sometimes it might be useful or even necessary to ensure the access to a resource or task to both his direct responsible (or owner) and a group of users possessing certain credentials. In this paper, we first propose a novel model that extends the conventional hierarchical access and allows such access even by certain sets of qualified users. Afterwards, we propose a construction for hierarchical key assignment schemes in this new model. The proposed construction is provably secure with respect to key indistinguishability and relies on both symmetric encryption and perfect secret sharing.