A secure solution on hierarchical access control

Hierarchical access control is an important and traditional problem in information security. In 2001, Wu et.al. proposed an elegant solution for hierarchical access control by the secure-filter. Jeng and Wang presented an improvement of Wu et. al.’s method by the ECC cryptosystem. However, secure-filter method is insecure in dynaminc access control. Lie, Hsu and Tripathy, Paul pointed out some secure leaks on the secure-filter and presented some improvements to eliminate these secure flaws. In this paper, we revise the secure-filter in Jeng-Wang method and propose another secure solutions in hierarchical access control problem. CA is a super security class (user) in our proposed method and the secure-filter of $u_i$ in our solutions is a polynomial of degree $n_i+1$ in $\mathbb{Z}p^*$, $f_i(x)=(x-h_i)(x-a_1)…(x-a{n_i})+L_{l_i}(K_i)$. Although the degree of our secure-filter is larger than others solutions, our solution is secure and efficient in dynamics access control.

💡 Research Summary

The paper addresses the long‑standing problem of key management in hierarchical access control (HAC) systems, especially under dynamic changes such as user addition or removal. It begins with a concise review of the evolution of secure‑filter based schemes. Wu et al. (2001) introduced a polynomial‑based secure filter f_i(x)=∏(x‑g_i^{s_t})+K_i, which works well for static hierarchies but leaks information when the hierarchy changes. Jeng and Wang later combined this idea with elliptic‑curve cryptography (ECC), replacing the secret values g_i^{s_t} by the ECC mapping ˜A(n_j P_i). Their scheme reduces the need to regenerate all keys after a structural change, yet it remains vulnerable to two attacks discovered later.

Lin‑Hsu’s attack (2009‑2011) shows that when a new predecessor is inserted, the old polynomial’s roots remain solutions of the difference between the new and old polynomials, allowing an adversary to solve for the secret key K_i. Tripathy and Paul (2011) exploit the fact that the coefficients of the new polynomial differ from the old one by a predictable amount, enabling extraction of the newly added root and consequently K_i. Lin‑Hsu attempted to patch the vulnerability by hashing the ECC values with a random r, but this forces a complete recomputation of every secure filter whenever the hierarchy changes, which is inefficient.

To overcome both shortcomings, the authors propose a revised secure‑filter of the form

 f_i(x) = (x‑h_i)·∏{j=1}^{n_i}(x‑a{i,j}) + L_{l_i}(K_i),

where:

• h_i is a secret integer chosen by the central authority (CA) for each security class,
• a_{i,j}=˜A(n_j P_i) are the ECC‑derived values used in Jeng‑Wang,
• L_{l_i} is a cyclic l‑shift operator applied to the key K_i in a chosen radix b,
• n_i is the degree of the original filter (the number of direct predecessors).

The addition of the (x‑h_i) factor guarantees that the set of old roots no longer solves the equation f_i(x)−f̃_i(x)=0 after a hierarchy change, thereby neutralizing the Lin‑Hsu attack. The cyclic shift L_{l_i} obscures the key itself; only a user who knows the exact shift amount l_i can recover K_i by applying the inverse shift L_{−l_i}, which is mathematically guaranteed (Proposition 1). Consequently, the Tripathy‑Paul attack, which relies on coefficient comparison, also fails because the constant term is now a shifted version of K_i rather than K_i itself.

Security analysis demonstrates that an adversary who learns the public coefficients of f_i(x) and the public ECC values cannot recover h_i, l_i, or K_i without solving the discrete logarithm problem on the underlying elliptic curve, which is assumed hard. The scheme therefore inherits the strong security properties of ECC while adding two layers of protection that are independent of the polynomial degree.

Performance-wise, the degree of the polynomial increases from n_i to n_i+1, but this incurs only a modest extra multiplication when evaluating the polynomial. The cyclic shift operation is O(log_b p) and can be implemented with simple bitwise rotations, so the overhead is negligible compared to the ECC point multiplication required for ˜A(n_j P_i). The authors argue that, in practice, the total computational cost is comparable to the original Jeng‑Wang method, while the need to recompute the entire filter after each hierarchy modification is eliminated; only the secret parameters h_i and l_i need to be refreshed, which the CA can do locally.

The paper concludes that the proposed secure‑filter provides a robust, efficient solution for dynamic hierarchical access control. It eliminates the known attacks on earlier secure‑filter schemes without sacrificing scalability. However, the model assumes a fully trusted CA that securely stores and distributes the secret integers h_i and shift amounts l_i. If these values are compromised, the security guarantees collapse. Future work suggested includes distributing h_i and l_i using secret‑sharing techniques, integrating post‑quantum primitives to protect against quantum attacks, and providing empirical performance measurements on realistic HAC deployments.