Access control in a hierarchy using a one-way trap door function

AbstractOften a security system groups users into a hierarchy, with user classes on top having access to objects of user classes below them. Previously proposed cryptographic schemes [1–6] assign a key to each user class. Any user can compute from his key the keys of all user classes who are below him in the hierarchy, thus giving him their access privileges. Moreover, these schemes prevent the possibility of users collaborating to compute a key to which they are not entitled. The major disadvantage of the proposed schemes is that it is not easy to add a new user without having to change most of the previously defined keys. The other major disadvantage is the amount of storage it takes to store the keys.In this paper, we overcome these problems whenever the number of user classes is large and the hierarchical structure is non-skewed. The proposed algorithm, inspired by a remarkable concept invented by S.J. MacKinnon [5], also permits a user to access all files of users who are below him in the class hierarchy. It makes it easy, however, to add new user keys without affecting most of the previously-assigned keys