An Inner Product Space-Based Hierarchical Key Assignment Scheme for Access Control

An inner product space-based hierarchical key assignment/access control scheme is presented in this work. The proposed scheme can be utilized in any cloud delivery model where the data controller implements a hierarchical access control policy. In other words, the scheme adjusts any hierarchical access control policy to a digital medium. The scheme is based on inner product spaces and the method of orthogonal projection. While distributing a basis for each class by the data controller, the left-to-right and bottom-up policy can provide much more flexibility and efficiency, especially during any dynamic update/change in the hierarchical structure. For each class, the secret keys can be derived only when a predetermined subspace is available. A parent class can obtain the secret keys of its child classes, which means a one-way function, and the opposite direction is not allowed. Our scheme is collusion attack and privilege creep problem resistant, as well as key recovery and indistinguishability secure. The performance analysis shows that the data storage overhead is more tolerable than other schemes in the literature. In addition, the other advantage of our scheme over many others in the literature is that it needs only one operation for the derivation of the secret key of child classes.