A hierarchical access control scheme based on ... - SAGE Journals

Research Article

A hierarchical access control scheme based on Lagrange interpolation for mobile agents

International Journal of Distributed Sensor Networks 2018, Vol. 14(7) Ó The Author(s) 2018 DOI: 10.1177/1550147718790892 journals.sagepub.com/home/dsn

Tsung-Chih Hsiao1 , Zhen-Yu Wu2, Tzer-Long Chen3, Yu-Fang Chung4 and Tzer-Shyong Chen5

Abstract The mobile agent is functioning as an information exchanger with hosts. In order to reduce the communication time that the host sent to the members of a large system. This article proposes to use a function defined by Lagrange polynomial to compute decryption key. Each host will be given a decryption key to access the confidential document by inputting a secret key into an interpolation function which is generated from Lagrange interpolation. Since tasks are done by the mobile agent, the whole process will be performed within a short time period because there is no physical connection between the end devices. The information exchange occurs at the end hosts. Keywords Mobile agent, Lagrange interpolation, access control, key management, heterogeneous systems

Date received: 24 April 2017; accepted: 15 June 2018 Handling Editor: Pascal Lorenz

Introduction This article tends to develop a security scheme with mobile agents and Lagrange interpolation method. With this scheme, the network delay would be significantly reduced. However, the mobile agents can develop their own protocols to interact with the hosts of other agents and roam across heterogeneous systems. Otherwise, it is able to work across various systems and solve the difficulty of integrating heterogeneous systems. We have reviewed several published key management designs associated with interpolation polynomials. In addition, the security scheme could reduce the network delay and improve the computation process, ensuring the overall mechanism security. Moreover, this scheme would generate the computation processes’ time curve charts and show the mathematical derivations.

Previous work From the previous work, Shen and Chen1 proposed a scheme in 2002 to have each class obtain a public and a

private key for access purposes. This scheme was developed based on discrete logarithm2 and Newton’s polynomial interpolation.3 However, the scheme is not good enough for security. In the following year, Hsu and Wu4 pointed out the security flaws of Shen et al.’s scheme in which if there are two classes with the same immediate 1

College of Computer Science and Technology, Huaqiao University, Xiamen, China 2 Department of Information Management, National Penghu University of Science and Technology, Magong, Taiwan 3 Department of Information Technology, Ling Tung University, Taichung, Taiwan 4 Department of Electrical Engineering, Tunghai University, Taichung, Taiwan 5 Department of Information Management, Tunghai University, Taichung, Taiwan Corresponding author: Tzer-Shyong Chen, Department of Information Management, Tunghai University, No. 1727, Sec. 4, Taiwan Boulevard, Xitun District, Taichung 40704, Taiwan. Email: [email protected]

Creative Commons CC BY: This article is distributed under the terms of the Creative Commons Attribution 4.0 License (http://www.creativecommons.org/licenses/by/4.0/) which permits any use, reproduction and distribution of the work without further permission provided the original work is attributed as specified on the SAGE and Open Access pages (https://us.sagepub.com/en-us/nam/ open-access-at-sage).

2 successor, any successor is able to access another which is not authorized to obtain the data. Das et al.5 proposed a solution in 2005 to remedy the security defects of Shen et al.’s scheme. A lot of related works have been proposed to solve access control problems.6–8 Based on discrete logarithm and Newton’s interpolation method, Chang et al.9 proposed a cryptographic key assignment scheme in 2004 to solve the access control problem in partially ordered user hierarchy. However, double encryption problem occurs in his scheme. The security level is the same as single encryption. For Das et al.’s scheme, it uses an encryption system to generate a secret key SKi for each security class. If SCj  SCi, SCi can obtain its secret key and derive SCj’s secret key directly instead of obtaining a decryption key of an authorized file. According to Das et al.’s5 scheme, SCi can use his own secret key SKi to derive the decryption key DKj. This approach is extremely insecure and may infringe upon personal privacy. In this article, for example, it derives a file’s decryption key DKj using the secret key SKi. The way Das et al. used was suspicious in personal privacy which was extremely insecure. Based on interpolation polynomial,10 Das et al.5 and Chang et al.9 offered key management schemes. Those schemes have to be improved in terms of effectiveness and security performance. In contrast, in this research a scheme that was more efficient is proposed since it needs only fewer modules. The essence of the scheme is that the key generation and derivation require much amount of time to complete.

Proposed scheme The Lagrange interpolation method will be used to retain the decryption keys for confidential documents by mobile agents for the authorized hosts, which is applied to organizations with no definite hierarchical structure relationships among their departments of sectors. Not only is the Lagrange interpolation an encryption–decryption algorithm, but it also provides a mathematical framework to build a secure key management scheme as well. This mathematical feature is used to establish a set of equations for our proposed scheme. We further implement the ElGamal public key system to enhance security concerns. In our proposed scheme, the mobile agents obtain the encryption key DKt of a confidential document for an authorized host SCi by substituting the secret key SKi of the host SCi an interpolation function FDKt (x).

Key generation phase The mobile agent is designed to obtain and manage the decryption keys DKt for each confidential file. Besides,

International Journal of Distributed Sensor Networks the mobile agent is used to check the authenticity of the class’s secret key SKi for checking the authenticity of the class’s secret key when required. The theme of our scheme is shown as follows: Step 1. The mobile agent randomly selects a big prime number p = 2p# + 1, where p# is also a big prime number. Then, the chosen g is a root of Galois field GF(p) and makes g, p, and p# public. Step 2. The mobile agent selects different decryption keys DKt (t = 1, 2, ..., m, with m being the number of decryption keys in the mobile agent) for each confidential document, where DKt and p – 1 are relatively prime. Step 3. The mobile agent selects different secret keys SKi (i = 1, 2, ..., n, with n being the number of visited hosts), where SKi and p – 1 are relatively prime and SKi is private. Step 4. The interpolation function is established as follows FDKt ðxÞ ¼ x 3 DKt 3

X

x1 i;t li;t ðxÞ

DKt  SCi

where li, j (x) is the Lagrange interpolation polynomial   x  xs, t x  x1, t li, t (x) = = x  xs, t xi, t  x1, t s = 1, s6¼i i, t    x  xs1, t x  xs + 1, t  xi, t  xs1, t xi, t  xs + 1, t   x  xn, t  xi, t  xn, t n Y

In the above formula, DKt  SCi means that SCi is authorized to access the confidential document t which is encrypted using the encryption key DKt; xs, t = IDt jjgSKs (mod p), where IDt is the identity of the confidential document and || is the concatenation operator. Example. Suppose that a confidential document, the encryption key of which is DKt that is kept in a mobile agent, is to be transmitted to an assigned department (see Figure 1). A person with authorized access can substitute the secret key, SCi, into the interpolation function to obtain the corresponding decryption key. The detailed procedure of encryption and decryption is shown below. In the process of encryption, certificate authority (CA) first establishes and makes public the function FDK5 (x) of DK5, then calculates the interpolation function, and finally substitutes xi, j = IDj jjgSKi (mod p) into the interpolation function

Hsiao et al.

3

Figure 1. Hierarchical structure in the access control.



     x  x2, 5 x  x3, 5 x  x4, 5 x  x5, 5 x  x6, 5 x1, 5  x2, 5 x1, 5  x3, 5 x1, 5  x4, 5 x1, 5  x5, 5 x1, 5  x6, 5 SK2 x  ID5 jjg (mod p) x  ID5 jjg SK3 (mod p) 3 = SK SK SK ID5 jjg 1 (mod p)  ID5 jjg 2 (mod p) ID5 jjg 1 (mod p)  ID5 jjgSK3 (mod p) x  ID5 jjgSK4 (mod p) x  ID5 jjgSK5 (mod p) 3 3 ID5 jjgSK1 (mod p)  ID5 jjg SK4 (mod p) ID5 jjgSK1 (mod p)  ID5 jjgSK5 (mod p) x  ID5 jjgSK6 (mod p) 3 ID5 jjgSK1 (mod p)  ID5 jjg SK6 (mod p)       x  x1, 5 x  x2, 5 x  x4, 5 x  x5, 5 x  x6, 5 l3, 5 (x) = x3, 5  x1, 5 x3, 5  x2, 5 x3, 5  x4, 5 x3, 5  x5, 5 x3, 5  x6, 5 SK1 x  ID5 jjg (mod p) x  ID5 jjg SK2 (mod p) 3 = ID5 jjgSK3 (mod p)  ID5 jjgSK1 (mod p) ID5 jjg SK3 (mod p)  ID5 jjgSK2 (mod p) x  ID5 jjgSK4 (mod p) x  ID5 jjgSK5 (mod p) 3 3 ID5 jjgSK3 (mod p)  ID5 jjg SK4 (mod p) ID5 jjgSK3 (mod p)  ID5 jjgSK5 (mod p) x  ID5 jjgSK6 (mod p) 3 ID5 jjgSK3 (mod p)  ID5 jjg SK6 (mod p)       x  x1, 5 x  x2, 5 x  x3, 5 x  x4, 5 x  x5, 5 l6, 5 (x) = x6, 5  x1, 5 x6, 5  x2, 5 x6, 5  x3, 5 x6, 5  x4, 5 x6, 5  x5, 5 SK1 SK2 x  ID5 jjg (mod p) x  ID5 jjg (mod p) 3 = SK SK SK 6 1 ID5 jjg (mod p)  ID5 jjg (mod p) ID5 jjg 6 (mod p)  ID5 jjgSK2 (mod p) x  ID5 jjg SK3 (mod p) x  ID5 jjgSK4 (mod p) 3 3 ID5 jjg SK6 (mod p)  ID5 jjgSK3 (mod p) ID5 jjgSK6 (mod p)  ID5 jjg SK4 (mod p) SK5 x  ID5 jjg (mod p) 3 SK ID5 jjg 6 (mod p)  ID5 jjgSK5 (mod p)

l1, 5 (x) =

The interpolation function is thus obtaining n o FDK5 (x) = x 3 DK5 3 ðx1, 5 Þ1 l1, 5 (x) + ðx3, 5 Þ1 l3, 5 (x) + ðx6, 5 Þ1 l6, 5 (x)

4

International Journal of Distributed Sensor Networks

When security class 3 wishes to obtain the decryption key DK5, x3, 5 = ID5 jjgSK3 (mod p) is substituted into FDK5 (x)

Suppose that a confidential document, the encryption key of which is DKt that is kept in a mobile agent, is to be transmitted to an assigned department (see



     x3, 5  x2, 5 x3, 5  x3, 5 x3, 5  x4, 5 x3, 5  x5, 5 x3, 5  x6, 5 x1, 5  x2, 5 x1, 5  x3, 5 x1, 5  x4, 5 x1, 5  x5, 5 x1, 5  x6, 5 SK2 SK3 x3, 5  ID5 jjg (mod p) ID5 jjg (mod p)  ID5 jjgSK3 (mod p) 3 = SK SK ID5 jjg 1 (mod p)  ID5 jjg 2 (mod p) ID5 jjgSK1 (mod p)  ID5 jjgSK3 (mod p) x3, 5  ID5 jjg SK4 (mod p) x3, 5  ID5 jjgSK5 (mod p) 3 3 ID5 jjg SK1 (mod p)  ID5 jjgSK4 (mod p) ID5 jjgSK1 (mod p)  ID5 jjg SK5 (mod p) SK6 x3, 5  ID5 jjg (mod p) 3 ID5 jjgSK1 (mod p)  ID5 jjgSK6 (mod p) =0       x3, 5  x1, 5 x3, 5  x2, 5 x3, 5  x4, 5 x3, 5  x5, 5 x3, 5  x6, 5 l3, 5 (x3, 5 ) = x3, 5  x1, 5 x3, 5  x2, 5 x3, 5  x4, 5 x3, 5  x5, 5 x3, 5  x6, 5 SK3 SK1 SK3 ID5 jjg (mod p)  ID5 jjg (mod p) ID5 jjg (mod p)  ID5 jjgSK2 (mod p) 3 = ID5 jjgSK3 (mod p)  ID5 jjg SK1 (mod p) ID5 jjgSK3 (mod p)  ID5 jjgSK2 (mod p) ID5 jjg SK3 (mod p)  ID5 jjgSK4 (mod p) ID5 jjgSK3 (mod p)  ID5 jjg SK5 (mod p) 3 3 ID5 jjg SK3 (mod p)  ID5 jjgSK4 (mod p) ID5 jjgSK3 (mod p)  ID5 jjg SK5 (mod p) SK3 SK6 ID5 jjg (mod p)  ID5 jjg (mod p) 3 ID5 jjg SK3 (mod p)  ID5 jjgSK6 (mod p) =1       x3, 5  x1, 5 x3, 5  x2, 5 x3, 5  x3, 5 x3, 5  x4, 5 x3, 5  x5, 5 l6, 5 (x3, 5 ) = x6, 5  x1, 5 x6, 5  x2, 5 x6, 5  x3, 5 x6, 5  x4, 5 x6, 5  x5, 5 SK1 x3, 5  ID5 jjg (mod p) x3, 5  ID5 jjgSK2 (mod p) 3 = ID5 jjgSK6 (mod p)  ID5 jjg SK1 (mod p) ID5 jjgSK6 (mod p)  ID5 jjgSK2 (mod p) ID5 jjg SK3 (mod p)  ID5 jjgSK3 (mod p) x3, 5  ID5 jjgSK4 (mod p) 3 3 ID5 jjg SK6 (mod p)  ID5 jjgSK3 (mod p) ID5 jjgSK6 (mod p)  ID5 jjg SK4 (mod p) SK5 x3, 5  ID5 jjg (mod p) 3 SK ID5 jjg 6 (mod p)  ID5 jjgSK5 (mod p) =0

l1, 5 (x3, 5 ) =

FDK5 (x3, 5 ) yields the decryption key DK5 n o FDK5 (x3, 5 ) = x3, 5 3 DK5 3 ðx1, 5 Þ1 l1, 5 (x) + ðx3, 5 Þ1 l3, 5 (x) + ðx6, 5 Þ1 l6, 5 (x) 9 8  1 > 30 > ID5 jjgSK1 (mod p) > > = <  1 SK3 SK 3 = ID5 jjg (mod p) 3 DK5 3 + ID5 jjg (mod p) 31 > > > >  1 ; : + ID5 jjgSK6 (mod p) 30  1 = ID5 jjgSK3 (mod p) 3 DK5 3 ID5 jjg SK3 (mod p) = DK5

Key derivation phase Step 1. Set the right of the host Si to access a certain DKt. Step 2.The security class SCi uses its secret key SKi and the public function FDKt(x) to obtain DKt.

Figure 1). A person with authorized access can substitute the secret key, SCi, into the interpolation function to obtain the corresponding decryption key.

Analysis of security We would go over the security analyses of the Lagrange interpolation method in the context of common

Hsiao et al.

5

external attacks, reversed attacks, cooperative attacks, and many other sources of attacks. In addition, we would discuss from the viewpoint of attackers to compromise the proposed scheme to ensure that the method is secure.

External attacks The attackers steal from outside. They hack valuable information to accumulate money. This situation could result in the divulgence of confidential information and damages. Accordingly, this becomes a serious issue in the process of security analyses. Regarding external attack, attackers with the knowledge of public parameters are not able to obtain any decryption key DKt and, consequently, are not able to obtain any confidential file. If the external attackers wish to extract the secret key SKi from the interpolation function parameters xi, j = IDj jjg SKi (mod p), then they have to solve the discrete logarithm problem, which is known to be computationally infeasible since p is a large prime. The interpolation function FDK5 (x) itself must have certain security levels since the function FDK5 (x) is used to generate the decryption key DKt for authorized hosts. We assume that the attacker tends to obtain the decryption key DK2 by solving the interpolation function. The attacker may first study the l1, 2 (x) component of FDK2 (x). Since the public parameters p and g are the only known information to the attackers, they cannot so successfully hack the information. Thus, the attacker gets nothing from the study of l1, 2 (x). Similarly, the attacker gains nothing by studying the other components of FDK2 (x); in other words, there is built-in security in the interpolation function FDK5 (x) and an analysis of FDK5 (x) reveals no information about the secret key SKi and the decryption key DKt.

Figure 2. Reversed attacks.

Figure 3. Cooperative attacks.

Since the secret keys SKi in the parameters xi, t = IDt jjgSKi (mod p) are not related, the user with lower authority does not have the knowledge of enough parameters to derive the secret key of a user of higher authority.

Cooperative attacks Reversed attacks The reversed attack is defined as a process in which the user with lower authority intends to access the higher level. Referring to Figure 2, SCj stands for a user with lower authority and SCi is the user with higher authority. If a user successfully carries out a reversed attack on a user who has higher authority, then the attacker could illegally obtain the secret key to access to the confidential documents. After hacking the information successfully, the attackers may tend to sell it which would result in loss to the organization. It is thus important to prevent reversed attack. Regarding the method proposed, we note that li, t (x) =

Cooperative attack means that a group of users try to cooperatively obtain the secret key of a user with higher access in the organization. Referring to Figure 3, SCj and SCk stand for users with lower authority and SCi for users with higher authority. Cooperative attack can therefore be concerned as several reversed attacks assembled together. Comparing with reversed attacks, there is more internal participation involved since attacks can pool the knowledge of their own secret keys. As far as this problem is concerned, the secret keys should be randomly selected. It could remove the regularity among the secret keys and the possibility of

       x  xs, t x  x1, t x  xs1, t x  xs + 1, t x  xn, t =   x  xs, t xi, t  x1, t xi, t  xs1, t xi, t  xs + 1, t xi, t  xn, t s = 1, s6¼i i, t n Y

6

International Journal of Distributed Sensor Networks

deriving the secret key based on the knowledge of a set of other secret keys. Since the method proposed applies to the organization without a definite hierarchical structure, the security classes can be viewed as independent units, so that the secret key of one security class cannot be obtained by a reversed attack carried out by a single user or by a cooperative attack carried out by a group of users. By an analysis of the interpolation function P FDKt (x) = xDKt DKt  Si x1 i, j li, j (x), it is seen that a compromise in security is most likely to lie in the parameter li, t (x). Taking l1, 2 (x), for example, we have 

   x  x2, 2 x  x3, 2 x  x4, 2 l1, 2 (x) = x1, 2  x2, 2 x1, 2  x3, 2 x1, 2  x4, 2    x  x5, 2 x  x6, 2 x1, 2  x5, 2 x1, 2  x6, 2 x  ID2 jjg SK2 (mod p) = ID2 jjg SK1 (mod p)  ID2 jjgSK2 (mod p) x  ID2 jjgSK3 (mod p) 3 ID2 jjgSK1 (mod p)  ID2 jjg SK3 (mod p) x  ID2 jjgSK4 (mod p) 3 ID2 jjgSK1 (mod p)  ID2 jjg SK4 (mod p) x  ID2 jjgSK5 (mod p) 3 ID2 jjgSK1 (mod p)  ID2 jjg SK5 (mod p) x  ID2 jjgSK6 (mod p) 3 ID2 jjgSK1 (mod p)  ID2 jjg SK6 (mod p)

In the above expression, SK2, ..., SK6 are unknown to the attackers. Suppose that SK2 stands for the secret key that cooperative attackers wish to obtain. Assume that the owners of SK3, ..., SK6 are the cooperative attackers. With the knowledge of SK3, ..., SK6, the cooperative attackers are not able to extract SK2 from x2, 2 = ID2 jjgSK2 (mod p) due to the difficulty of solving a discrete logarithm problem. Hence, using a large prime p in the formation of g SKi mod p, our proposed method is secure and the cooperative attacks can be prevented effectively.

Equation attacks In an equation attack, the attackers attempt to obtain the secret key of a user by analyzing a known equation. Referring to Figure 3, SC1 and SC2 can derive the key DK2 through the interpolation function FDK2 (x) by replacing x with x1,2 and x2,2, respectively. We now consider if SC2 can derive the secret key SK1 of SC1 by utilizing the knowledge of public parameters, his own secret key SK2, and analyzing the interpolation function FDK2 (x). An analysis of the interpolation function FDK2 (x) yields

FDK2 (x2, 2 ) = x2, 2 DK2

X

x1 i, 2 li, 2 (x2, 2 )

DK2  SCi

) FDK2 (x2, 2 )DK21 = x2, 2

X

(xi, 2 )1 li, 2 (x2, 2 )

DK2  SCi

) FDK2 (x2, 2 )DK21 n o = x2, 2 ðx1, 2 Þ1 l1, 2 (x2, 2 ) + ðx2, 2 Þ1 l2, 2 (x2, 2 ) + ðx4, 2 Þ1 l4, 2 (x2, 2 )

On the right-hand side of the above equation, only the l2, 2 (x2, 2 ) term is 1 and the other two terms are 0. SC2 cannot obtain the parameter x1, 2 = ID2 jjg SK1 (mod p) from the equation of FDK2 (x). Even if SC2 somehow manages to obtain the value of x1,2, it still has to solve the difficult problem of extracting SK1. This analysis shows that our proposed method is secure against equation attack.

Analysis of performance We would address the computational overheads and storage in this subsection. Most of the published schemes associated with the Lagrange interpolation method did not follow an environment structure adopted by our proposed scheme. As a result, we compare our proposed scheme with those of Das et al.5 and Chang et al.9 since these two schemes follow a similar structure. It is shown in Knuth11 that the process of interpolation (k + 1) points using Newton’s formula requires (k2 + k)/2 divisions and k2 + k subtractions, where k is the degree of the interpolating polynomial. As for the evaluation of the polynomial to derive the successor’s secret key, we can base on the knowledge of Knuth;11 (2k – 1) multiplications, 2k additions, and one modular operation are demanded by applying Horner’s rule. Therefore, our proposed Pscheme requires a computation time of 2TMUL + 1  i  k vi (Tl + TINV ) + kTexp to generate the access functions FDKt(x) in the key generation phase, where Tl is the computation time for evaluating an interpolating polynomial. In the key derivation phase of our proposed scheme, a computation time of viTexp is required for computing g SKi mod p and a computing time of mTl is required for evaluating FDKt(x). Hence, a computation time of viTexp + mTl is required in thePkey derivation phase. P A computation v )T + ( time for (k + i exp 1ik 1  i  k vi + m)Tl + P v T + 2T is thus required for the key i INV MUL 1ik generation phase and the key derivation phase of our proposed scheme. The scheme of Chang et al.,9 which utilizes Newton’s interpolation formula,Prequires a computaP v tion time of 1  i  k i Tl + (2 1  i  k vi + k)Texp + polynomials Hi(x) and kTINV to create the interpolating K 1 the parameters Vi = Ei i (mod p) in the key generation phase. In the key derivation phase, a computation time

Hsiao et al.

7

Table 1. Analysis of computational complexity. Key generation/derivation Chang et al.9 Das et al.5

The proposed scheme

(4

X

v 1ik i

X

+ k + m)Texp

+( vi + k)Tl + kTINV X 1ik ( v + k)Tl 1ik i X X + vi TINV + (2 v )T 1  i  k 1  i  k i hash X X vi v )T (k + 1  i  k i exp X 1ik +( vi + m)Tl X 1ik + v T + 2TMUL 1  i  k i INV

of vi Texp + kTl is required for computing xj = KiIDi (mod p) and yj = Hi (xj ) and a computation time of vi Texp + mTexp is required for computing K Kj = yKj i (mod p) and Ej = Vj j (mod P p). Hence, a computation time of (4 1  i  k vi + k)Texp + P ( 1  i  k vi + k)Tl + kTINV is required for the key generation phase and the key derivation phase of the scheme of Chang et al. We notice that the most timeconsuming operation used in constructing the scheme of Chang et al. is modular exponentiation. Following the same line of reasoning, the computation times for the key generation phase and the key derivation phase of the scheme of Das etP al.5 are given, P respectively, by ( 1  i  k vi )Tl + 1  i  k vi TINV P + ( 1  i  k vi )TP Hence, a compuhash and kTl + vi Thash .P v + k)T + tation time of ( i l 1ik 1  i  k vi TINV + P (3 1  i  k vi )Thash is required for the key generation phase and derivation phase of the scheme of Das et al.5 We now consider the storage space required by each of the three schemes under comparison. For our proposed scheme, a storage space of (m + 2)len is required for the public parameters and a storage space of len is required for each private key SKi of user SCi. For the scheme of Chang et al., a storage space of (2k + 1)len is required for the public parameters Vi, Hi(x), and p. A storage space of length len is required for each private key Ki. For the scheme of Das et al.,5 a storage space of (k + m)len is needed for the public parameters IDj and Hi(x) and a storage space of len is required for each private key. Since the number of security classes (k) is larger than the number of confidential files (m), our proposed scheme requires a smaller storage space than the other two schemes for most of the time. We notice that the key operation12–14 used in constructing the three schemes under comparison is the same: modular exponentiation. The computational complexity of the schemes by Chang et al.9 and Das

Complexity

Storage of public parameters

Storage of private keys

O(k2) in modular exponentiation

(2k + 1)len

len

O(k2) in hashing

(k + m)len

len

O(k2) in modular exponentiation

(m + 2)len

len

et al.5 is O(k2) in the number of modular hashing. The computational complexity of our proposed scheme is O(k2) in the number of modular exponentiation. The complexity and the storage requirement of the three schemes under comparison are listed in Table 1. We now conduct a numerical experiment to compare the performance in terms of the computation time required by the key generation and derivation phases. Figure 4 shows the different computation times for the key generation phase of the three schemes versus the number of members of the hierarchy. The computation times for the proposed scheme, the scheme of Das et al., and the scheme of Chang et al. are shown using red, blue, and green lines, respectively. As the number of members reaches 1200, the computation times for the proposed scheme, the scheme of Das et al., and the scheme of Chang et al. are, respectively, 33.76, 29.94, and 43.02 s. We notice that the scheme of Das et al. consistently requires a smaller computation time than the proposed scheme, but the proposed scheme is better than the scheme of Chang et al.’s. This can be explained by the fact that the scheme of Das et al. uses a symmetric encryption/decryption algorithm to protect the secret keys and the proposed method and, on the other hand, uses an asymmetric encryption/decryption algorithm. Since a symmetric encryption/decryption algorithm is ‘‘faster’’ than an asymmetric encryption/ decryption algorithm, it does not come as a surprise that the scheme of Das et al. outperforms the proposed scheme. However, we remark that an asymmetric encryption/decryption algorithm generally provides better security than a symmetric encryption/decryption algorithm. We now consider the computation times required by the key derivation phase for the three schemes under comparison. The plots of the computation times that follow a structure similar to that shown in Figure 4 are presented in Figure 5. Again, the scheme of Chang

8

International Journal of Distributed Sensor Networks

Figure 4. Key generation phase.

Figure 5. Key derivation phase.

et al. always required the highest computation time. The proposed scheme is slightly better than the scheme of Das et al. As explained in the previous paragraph, this is due to the difference in the efficiency of a symmetric encryption/decryption algorithm and an asymmetric encryption/decryption algorithm.

Conclusion We tend to develop a key management scheme to improve the security concern in data access. With the technology of mobile agents, we can easily build a hierarchical access control. On the other hand, the Lagrange interpolation and access control schemes

Hsiao et al.

9

provide management ability, and the classification and control of secure hierarchy are carried out. Moreover, the Lagrange interpolation method provides features of easy calculation and compromise resistance. To secure data access management efficiently, we implement mobile agents to confidential files across the system. Certain types of attacks are addressed. It is shown that our proposed method is secure against external attacks, reverse attacks, cooperative attacks, and equation attacks. Declaration of conflicting interests The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the Science & Technology Planning Fund of Quanzhou (No. 2016T009) and the Natural Science Foundation of Fujian Province of China (No. 2017J01109).

ORCID iD Tsung-Chih Hsiao

https://orcid.org/0000-0003-1859-2860

References 1. Shen VRL and Chen TS. A novel key management scheme based on discrete logarithms and polynomial interpolations. Comput Secur 2002; 21(2): 164–171. 2. Diffie W and Hellman ME. New directions in cryptography. Inform Theory 1976; 22(6): 644–654. 3. Scarborough JB and Hilsenrath J. Numerical mathematical analysis. Baltimore: Johns Hopkins Press, 1955.

4. Hsu CL and Wu TS. Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy. Comput Secur 2003; 22(5): 453–456. 5. Das ML, Saxena A, Gulati VP, et al. Hierarchical key management scheme using polynomial interpolation. SIGOPS Oper Syst Rev 2005; 39(1): 40–47. 6. Chao WY, Tsai CY and Hwang MS. An improved keymanagement scheme for hierarchical access control. Int J Network Secur 2017; 19(4): 639–643. 7. Tang SH, Li XY, Huang XY, et al. Achieving simple, secure and efficient hierarchical access control in cloud computing. IEEE T Comput 2016; 65(7): 2325–2331. 8. Castiglione A, Santis AD, Masucci B, et al. Cryptographic hierarchical access control for dynamic structures. IEEE T Inf Foren Sec 2016; 11(10): 2349–2364. 9. SChang CC, Lin I, Tsai H, et al. A key assignment scheme for controlling access in partially ordered user hierarchies. In: Proceedings of the international conference on advanced information networking and application (AINA’04), vol. 2, Fukuoka, Japan, 29–31 March 2004, pp.376–379. New York: IEEE. 10. Subramanian M and Korah R. A framework of secured embedding scheme using vector discrete wavelet transformation and Lagrange interpolation. J Comput Networks Comm 2018; 2018: 1–9. 11. Knuth DE. The art of computer programming. 3rd ed. Reading, MA: Addison-Wesley, 1998. 12. Hsiao TC, Chen TL, Liu CH, et al. Quality control of lead-acid battery according to its condition test for UPS supplier and manufacturers. Math Probl Eng 2014; 2014: 910820. 13. Chung YF, Hsiao TC and Chen SC. The application of RFID monitoring technology to patrol management system in petrochemical industry. Wireless Pers Commun 2014; 79(2): 1063–1088. 14. Stallings W. Cryptography and network security: principles and practice. 4th ed. Upper Saddle River, NJ: Prentice Hall, 2005.