Key management in tree shaped hierarchies

We refer to an access control system based on subjects and objects. Subjects are active entities, e.g. processes, while objects are passive entities, e.g. messages exchanged between the nodes of a distributed computing environment. The system is partitioned into security classes organized into a tree shaped hierarchy. A subject assigned to a given class can access the objects in this class and in all the classes that descend from this class in the class hierarchy. To this aim, a key is associated with each class. A mechanism of the protection system, called key derivation, allows a subject that holds the key of a given class to transform this key into the keys of the descendant classes. This mechanism is based on a single, publicly known one-way function. If the class hierarchy is modified, by adding a new class or deleting an existing class, the necessary form of key redistribution is partial, and is limited to the classes in the subtree of the root that is involved in the change

Key management in wireless sensor networks

We refer to a distributed architecture consisting of sensor nodes connected by wireless links and organized in a tree shaped hierarchy. We present a paradigm for the management of the cryptographic keys used by nodes to communicate, and we consider the problems connected with key generation, distribution, and replacement. In our paradigm, names are assigned to nodes by using a uniform scheme, which is based on the position of the given node in the node hierarchy. Each node holds a hierarchical key to communicate with its ancestors, and a level key to communicate with its siblings. A single, publicly-known parametric one-way function is used to assign hierarchical keys to nodes, in an iterative procedure that starts from the key of the root of the node hierarchy, and proceeds downwards to the lowest hierarchical levels. A similar procedure is used to generate the level keys. The total memory requirements for key storage are extremely low. The number of keys exchanged in a key replacement process is kept to a minimum. Dynamic access control is fully supported, whereby new nodes can be added to the node hierarchy, and existing nodes can be evicted from the hierarchy