摘要
分层结构广泛地应用于军队、政府部门和商贸企业等许多团体机构的管理,访问控制也是信息系统安全中的一个重要问题。1997年,Lin提出了分层系统中实现访问控制的动态密钥管理方案,该方案具有许多优良的性能。随后,Lee和Hwang证明Lin方案具有两个致命的弱点:从泄露的旧组密钥很容易得到修改的新组密钥;当两个用户等级类的身份标识中不同的位很少时,低等级类中没有授权的用户容易获取高等级类的组密钥。为此,该文提出了一种等级系统中实现访问控制的动态密钥管理新方案。同现有的方案相比,新方案的安全性是基于离散对数问题的,该方案不仅克服了Lin方案的两个缺陷,而且还保持了原方案的优良特性。
Hierarchical structure of users exists in many organizations,such as military and government departments or business corporations.Access control has been an important security issue in information systems.In1997,Lin proposed dynamic key management schemes with many advantages for access control in a hierarchy.Then,Lee and Hwang show that Lin's schemes have two weaknesses:The newly chosen group key can be easily derived with the exposed old group key.Beside,if the identity of a class is different from those of the other classes by just a few bits,a user in first class can easily derive the group keys of these classes to which he /she is not entitled.This paper proposes an improvement of Lin's scheme ,whose security is based on the discrete logarithm problem.The scheme not only resists the Lee and Hwang's attacks,but also keeps the excellence of Lin's schemes.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第15期23-25,共3页
Computer Engineering and Applications
基金
国家自然科学基金(编号:60173038
69873020)
广东省自然科学基金(编号:010421
000759
980690)
暨南大学211工程
关键词
离散对数问题
访问控制
用户分层系统
偏序集
discrete logarithm problem,access control,user hierarchy,partially ordered set