Conventional hierarchical key assignment schemes have not been concerned with a practical situation: Users might be assigned to a class for only a period of time. When a user leaves a class, the keys of that class and all the descendent classes must be renewed. For applications where the privileges of users change frequently or where there are many users, the communication load for key redistributions is very large. Recently, Tzeng (2002) proposed a time-bound hierarchical key assignment scheme to address this issue. However, Tzeng's scheme was very complex and suffered from a collusion attack. In this paper, we propose an efficient time-bound scheme based on a technique called merging. The idea behind merging is to consider primitive keys instead of hierarchies. It is conceptually like the compression used in source coding. Through this technique, it is feasible to combine multiple keys into an aggregate key. Thus, communication and storage requirements are greatly reduced. This technique can also be used for an alternative implementation of Akl-Taylor's scheme. Moreover, it can be used to construct a systematic approach for adjusting hierarchies in Akl-Taylor's scheme as well. Through the insights gained from these exercises, we may see that some problems that are usually addressed by the conventional key assignment schemes can be solved directly via merging, with better performance. Furthermore, if other suitable merging functions are found in the future, new secure hierarchical key assignment schemes and time-bound schemes is obtained accordingly.
IEEE Transactions on Dependable and Secure Computing / vol.3, no.1, pp.91-100, DOI: 10.1109/TDSC.2006.15