| Summary: | 博士 === 國立中正大學 === 電機工程所 === 96 === RESEARCHES ON HIERARCHICAL ACCESS CONTROL MULTICAST SYSTEMS BASED ON ELLIPTIC CURVE
Student: Ming-Chang Wu Advisors: Dr. Jyh-Horng Wen and Dr. Mao-Ching Chiu
ABSTRACT
This dissertation is based on elliptic curve addition property and it is applied to construct a hierarchical access control multicast system. The system has a lot of security classes and the central authority (CA) distributes a group key for every security class. CA uses different group key to encrypt different multicast data. The member in every security class first needs to get the group key. Then, he/she decrypts the multicast data with the obtained group key.
In every security class, CA assigns each member to give a private key in the system. CA distributes the members in every security class to many subgroup with the group division method and each subgroup is applied a subgroup key. After CA constructs the sub-elliptic curve filter (SECF) for each subgroup with the subgroup key and the private keys of the subgroup, he/she constructs main-elliptic curve filter (MECF) with the group key and all the subgroup keys in the security class. The member in each subgroup first acquires the corresponding subgroup key with one''s own private key to operate the SECF. Then, the member obtains the corresponding group key with the subgroup key to operate the MECF. The member obtains the multicast data with the group key.
In fact, a lot of security classes in the system are the ordered relationship. The higher security class is denoted as the predecessor of the lower security class and the lower security class is denoted as the successor of the higher security class. After the predecessor''s member has obtained the multicast data, the multicast data are encrypted with his/her group key. CA constructs the elliptic curve polynomial (ECP) with the predecessor''s group keys and the successor''s group key. The predecessor can obtain the successor''s group key from the ECP. The predecessor acquires the successor''s multicast data with the obtained group key, but it is not vice versa.
As the successors have the common predecessors, the successors are formed large group for a common issue and they require a common group key. The common group key is used to encrypt/decrypt the common multicast data. CA produces the common group key with another ECP. After the predecessors obtain the common group key, he/she can acquire the common multicast data with the obtained common group key. As the successor obtains the common group key, he/she also can acquire the common multicast data with the obtained common group key.
We propose the scheme which is the following function of the dynamic access control. CA can finish simply the dynamic access control works including the changing group keys, adding security classes, deleting security classes, adding ordered relationships, and deleting ordered relationships. In the security analysis, many different possible attacks to the group key are simulated to analyze the system security. The analysis results show that the system is secure. Also, we propose the group division method. When no member joins in or departs from the corresponding subgroup, CA does not reconstruct the SECF. Hence, the proposed scheme is less computation time complexity. In conclusion, the proposed scheme offers a valuable solution for the hierarchical access control multicast system.
|
|---|
