A hierarchical key assignment scheme: A unified approach for scalability and efficiency, with a specialized implementation in cloud computing

Abstract

Access control is a fundamental component of information security management, defined as the process of selectively restricting access to resources. This process includes policies and protocols that determine who can access various system resources, under what conditions, and when. It primarily aims to protect data integrity and confidentiality. The proper configuration and implementation of access control systems are crucial, especially for organizations that handle critical and sensitive data. Access methods prevent unauthorized access, thereby protecting sensitive data within the organization from disclosure, alteration, or destruction. Configuring and managing access control processes require the establishment of systems that control and monitor access to resources. These systems operate within the framework of predefined dynamic or static rules and policies. The primary goal is to ensure that only authorized users can access target resources and perform specific actions. Various access models have been developed to effectively implement access controls. These models, which regulate access to system resources, include mandatory, discretionary, role-based, rule-based, attribute-based, and identity-based access methods. Each model aims to provide solutions that meet the requirements of the access environment and comply with institutional or organizational policies. In cases where these models alone are insufficient, particularly in environments with resources and users that have different security and clearance levels, the use of multilevel access control models like Bell-LaPadula may be necessary. These and similar models can typically be configured to the needs of the access environment by combining multiple simple access models and making various additions and modifications. If the users and/or resources in an access environment have a hierarchical structure, and access to resources is granted hierarchically, this type of control is called hierarchical access control. Such access environments require various access tools and policies, along with multilevel access control models, to make access secure, hierarchical, and effective. Hierarchical key assignment schemes are one of the most crucial components within the information security management systems of organizations that handle sensitive data. As an application of hierarchical access control, these schemes ensure hierarchical and secure access to secret cryptographic keys for users at various clearance levels. In hierarchical key assignment schemes, users within the access environment are divided into different classes (groups) that form a hierarchical structure, and a unique secret cryptographic key is assigned to each class. The hierarchical structure based on these classes forms a partially ordered set, which is often represented by an access graph. Typically, these structures define public/private key components for the scheme itself, and for the classes and/or edges within the access graph. In an access graph, a user in a class at a higher security (classification) level can derive the secret key of their own class, and also the secret keys of all descendant classes, using a combination of their own class's secret key and the public/private key components of descendant classes, scheme and/or edges. These schemes serve as a crucial component of cryptographic key management systems in various critical domains today. Among these domains are cloud computing, organizational data access, healthcare systems, multilevel databases, the Internet of Things, drone swarm coordination, and the protection of customer information in the finance sector. Particularly in cloud computing environments, the presence of different user roles and access levels necessitates hierarchical and multi-layered access to system resources.