IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 5, NO. 2, APRIL-JUNE 2008 65 An Efficient Time-Bound Hierarchical KeyManagement Scheme for Secure Broadcasting Elisa Bertino, Fellow, IEEE, Ning Shang, and Samuel S. Wagstaff Jr. Abstract—In electronic subscription and pay TV systems, data can be organized and encrypted using symmetric key algorithms according to predefined time periods and user privileges and then broadcast to users. This requires an efficient way of managing the encryption keys. In this scenario, time-bound key management schemes for a hierarchy were proposed by Tzeng and Chien in 2002 and 2005, respectively. Both schemes are insecure against collusion attacks. In this paper, we propose a new key assignment scheme for access control, which is both efficient and secure. Elliptic-curve cryptography is deployed in this scheme. We also provide the analysis of the scheme with respect to security and efficiency issues. Index Terms—Secure broadcasting, time-bound hierarchical key management, elliptic curves, elliptic-curve discrete logarithm problem (ECDLP). Ç1 INTRODUCTION was proposed by Chien  in 2004. This scheme greatlyI N a Web-based environment, the data to be securely broadcast, for example, electronic newspapers or othertypes of content, can be organized as a hierarchical tree reduces computational load and implementation cost. However, it has a security hole against Yi’s three-partyand encrypted by distinct cryptographic keys according to collusion attack . Inspired by Chien’s idea, we propose inaccess control policies. We need a key management this paper a new method for access control using elliptic-scheme so that a higher class can retrieve data content curve cryptography. This scheme is efficient and securethat a lower class is authorized to access, but not vice against Yi’s three-party collusion attacks.versa. In many applications (for example, electronic Although there have been attacks on smart cards  andnewspaper/journal subscription and pay TV broadcast- some other tamper-resistant devices, such attacks requireing), there is a time bound associated with each access special equipment, which would cost more than a subscrip-control policy so that a user is assigned to a certain class tion. The only really valuable data on the smart cards thatfor just a period of time. The user’s keys need to be our scheme uses is the master key. It must be kept secret,updated periodically to ensure that the delivery of the because an attacker who obtained it could derive all theinformation follows the access control policies of the data keys for the data that one could get with this smart card.source. An ideal time-bound hierarchical key management Assuming that the master key can be protected, there is ascheme should be able to perform the above task in an good reason to believe that our scheme, which uses tamper-efficient fashion and minimize the storage and commu-nication of keys. In 2002, Tzeng attempted to solve this resistant devices, can have practical important applicationsproblem . Tzeng’s scheme is efficient in terms of its in areas such as digital rights management.space requirement but is computationally inefficient, since Our original motivation for this paper was to provide aa Lucas function operation is used to construct the better key management scheme for , in which data isscheme, and this incurs heavy computational load. More- encoded in XML and need to be securely broadcast, but aover, it is insecure against collusion attacks, as shown by solution to the key management scheme fails in terms ofYi and Ye . efficiency and security. Another time-bound hierarchical key assignment scheme The rest of this paper is organized as follows: Section 2based on a tamper-resistant device and a secure hash function presents the notation and definitions needed to give a hierarchical structure to the data source. Section 3 proposes the new time-bound key management scheme applied to a. E. Bertino and S.S. Wagstaff Jr. are with the Center for Education and hierarchy. Section 4 contains further discussion of the key Research in Information Assurance and Security (CERIAS) and also with the Department of Computer Sciences, Purdue University, West Lafayette, management scheme. Section 5 summarizes our results. IN 47907-2107. E-mail: email@example.com, firstname.lastname@example.org.. N. Shang is with the Department of Electrical and Computer Engineering, with the Center for Education and Research in Information Assurance and 2 DEFINITIONS AND NOTATION Security (CERIAS), and with the Department of Mathematics, Purdue University, West Lafayette, IN 47907-2067. Let S be the data source to be broadcast. We assume that S E-mail: email@example.com. is partitioned into blocks of data called nodes.Manuscript received 27 Feb. 2006; revised 9 Apr. 2007; accepted 29 Oct. 2007; The policy base PB is the set of access control policiespublished online 6 Nov. 2007. defined for S. In our setting, each access control policyFor information on obtaining reprints of this article, please send e-mail to:firstname.lastname@example.org, and reference IEEECS Log Number TDSC-0030-0206. acp 2 PB contains a temporal interval I among its compo-Digital Object Identifier no. 10.1109/TDSC.2007.70241. nents, which specifies the time period in which the 1545-5971/08/$25.00 ß 2008 IEEE Published by the IEEE Computer Society
66 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 5, NO. 2, APRIL-JUNE 2008access control policy is valid. A sample access control policy 3 KEY MANAGEMENT SCHEMEfor XML documents might look like 3.1 Initialization Suppose that we have already generated the set C of classes acp ¼ ðI; P; sbj-spec; prot-obj-spec; priv; prop-optÞ; of nodes of the data source S marked with the policy configurations P ci in PB. Such a set is partially orderedwhere I, P, sbj-spec, prot-obj-spec, priv, and prop-opt are the with respect to " . Let n be the cardinality of C.temporal interval, periodic expression, credential specifica- In this step, the system parameters are initialized, andtion, protection object specification, privilege, and propaga- the system’s class keys Ki are generated:tion option of acp, respectively. Interested readers mayrefer to  and  for details. 1. The vendor chooses an elliptic curve E over a finite It is important to notice that several policies may apply field IFq so that the discrete logarithm problem (DLP)to each node in S. In what follows, we refer to the set of is hard on EðIFq Þ.1 The vendor also chooses a point Q 2 EðIFq Þ with a large prime order, say, p. Thepolicies applying to a node in S as the policy configuration vendor then chooses 2n integers ni and gi such thatassociated with the node. In addition, in what follows, ni gi are all different modulo p for 1 i n. ThePCPB denotes the set of all possible policy configurations vendor computes Pi ¼ ni Q on EðIFq Þ and hi such thatthat can be generated by policies in PB. gi hi 1 ðmod pÞ. The class key Ki ¼ gi Pi is computed We now introduce the notion of a class of nodes, a for class Ci . The points Ri;j ¼ gi Kj þ ðÀKi Þ are alsorelevant notion in our approach. Intuitively, a class of nodes computed whenever Cj 0 Ci (not just when Cj 0d Ci ).corresponds to a given policy configuration and identifies 2. The vendor chooses two random integers a and ball nodes to which such configuration applies. Intuitively, a and a keyed hash message authentication codeclass of nodes includes the set of nodes to which the same (HMAC)  HK ðÀÞ built with a hash function HðÀÞset of access control policies apply. and a fixed secret key K. K serves as the system’sDefinition 1 (class of nodes). Let P ci be a policy configuration master key and is only known to the vendor. belonging to PCPB . The class of nodes marked with P ci , 3. The vendor publishes Ri;j on an authenticated board, denoted by Ci , is the set of nodes belonging to the data source whereas the integers gi , hi , a, and b are kept secret. S marked by all and only the policies in P ci . Note that the Parties can verify the validity of the Ri;j obtained empty set could be a class of nodes marked with a certain policy from the board. This can be realized by using digital configuration. We denote by C the set of all classes of nodes signatures. defined over S marked with the policy configurations in PCPB . The public values Ri;j are constructed in such a way that We also have the requirement that we distinguish and include the owner of the key Kj of the lower class Cj cannot obtain in C the empty sets marked by policy configurations consisting any information about the class key Ki of the higher class Ci of only one access control policy and exclude from C the empty without knowing the secret value gi , and the owner of the sets marked by any other policy configurations. Note that C higher class key Ki cannot compute Kj on its own due to corresponds to a subset of PCPB . the difficulty of solving the DLP. It turns out that such a construction is secure against the attack , which breaks We distinguish and include the empty sets correspond- Chien’s earlier scheme . We will discuss this ining to different singleton policy configurations so that keys Section 4.3.3.can be assigned to these classes, which enable users 3.2 Encrypting Key Generationbelonging to these classes to derive the required decryption In this step, we generate the temporal encryption class keyskeys of lower classes. This key derivation process will be Ki;t at time granule t by using the system’s class keys Ki .described in Section 3. The class of nodes Ci 2 C is encrypted by a symmetric The idea for the secure broadcasting mode of the data encryption algorithm, for example, AES . We denote bysource is this that the portions of the source marked by Ki;t the secret key for Ci at time granule t 2 ½Tb ; Te ¼ ½1; Z.different classes of nodes are encrypted by different secret The generation process for Ki;t is given as follows:keys and are broadcast periodically to the subscribers. À ÁSubscribers receive only the keys for the document sources Ki;t ¼ HK ðKi ÞY È H t ðaÞ È H ZÀt ðbÞ È IDi ;that they can access according to the policies. The following definition introduces a partial-order where ðKi ÞY is the y-coordinate of Ki , H m ðxÞ is the m-foldrelation defined over C. iteration of HðÀÞ applied to x, IDi is the identity of Ci , and È is the bitwise XOR. Note that we can choose HðÀÞDefinition 2 (partial-order relation on C). Let Ci and Cj be properly in the initialization process so that the output of two classes of nodes marked by P ci and P cj , respectively, HK is the right length for a key for the symmetric where P ci and P cj are policy configurations in PCPB . We say encryption algorithm that we use. that Ci dominates Cj , written Cj Ci , if and only if The one-way property of the hash function H ensures P ci P cj . We also write Cj 0 Ci if Cj Ci but Cj 6¼ Ci . We that H t ðaÞ and H ZÀt ðbÞ can be calculated only when the also say that Ci directly dominates Cj , written Cj 0d Ci , if and values H t1 ðaÞ and H ZÀt2 ðbÞ are available for some t1 and t2 , only if Ci 6¼ Cj and Cj CÃ Ci implies CÃ ¼ Ci or CÃ ¼ Cj . with t1 t t2 . This is the idea for the construction of the We call “Cj 0d Ci ” a directed edge. We say that Ci dominates “time bound” of the key management scheme. Cj via n directed edges if there exists fCik g1 k nÀ1 C such that Cj 0d Ci1 , CinÀ1 0d Cj and CikÀ1 0d Cik for 2 k n À 1. 1. For more background on elliptic-curve cryptography, see .
BERTINO ET AL.: AN EFFICIENT TIME-BOUND HIERARCHICAL KEY MANAGEMENT SCHEME FOR SECURE BROADCASTING 673.3 User Subscription [1, 70]. Let U be a user wishing to subscribe the sports portionThis is the user subscription phase, in which a tamper- of the newspaper for 1 week, say, the period I ¼ ½8; 14. Weresistant device storing important information is issued to could match U with an access control policy acp1 ¼ ð½8; 14,the subscriber. All days, Subscriber/type = “full”, Sports_supplement, view, Upon receiving a subscription request, an appropriate CASCADE). Then, we can find the class of nodes C1 markedaccess control policy acpi is searched until there is a match, with policy configuration acp1 from a pregenerated table.then the policy configuration in PB, which contains only These nodes are encrypted and broadcast periodically. U canacpi , is found, and thus, the corresponding class of nodes derive the decryption key for the subscription period usingmarked with it, say, Ci , is identified. Note that Ci , which the issued class key K1 and the tamper-resistant device storing HK , E, IFq , ID1 , h1 , and H 8 ðaÞ, H 56 ðbÞ ¼ H 70À14 ðbÞ.could be an empty set, is always in C by the construction in For example, U inputs K1 into the device. To obtain theDefinition 1. We define the encryption information EncInfi decryption key K1;10 at time granule t ¼ 10, the deviceas follows: computes À Á EncInfi ¼ f H t1 ðaÞ; H ZÀt2 ðbÞ g; À Á À Á H 10 ðaÞ ¼ H 2 H 8 ðaÞ ; H 60 ðbÞ ¼ H 4 H 56 ðbÞ :where the set on the right side is defined for all acceptable Then, K1;10 ¼ HK ððK1 ÞY È H 10 ðaÞ È H 60 ðbÞ È ID1 Þ, the verytime intervals ½t1 ; t2 for acpi . thing needed. To obtain the decryption key at t ¼ 13 for a The vendor distributes the class key Ki to the subscriber class C2 C1 , U inputs K1 , ID2 , and R1;2 into the device. Thethrough a secure channel. The vendor also issues the device first computes the class key of C2 :subscriber a tamper-resistant device storing HK (thusH and K), E, IFq , IDi , hi , and EncInfi . There is also a K2 ¼ h1 Á ðR1;2 þ K1 Þ:secure clock embedded in the device, which keeps track of Then, it computesthe current time. The device is tamper resistant in the sense À Á À Áthat no one can recover K, hi , and EncInfi , change the H 13 ðaÞ ¼ H 5 H 8 ðaÞ ; H 57 ðbÞ ¼ H H 56 ðbÞ ;values of IDi , or change the time of the clock. and K2;13 ¼ HK ððK2 ÞY È H 13 ðaÞ È H 57 ðbÞ È ID2 Þ, the de-3.4 Decrypting Key Derivation cryption key needed.In this step, the temporal keys for a class and the classes Note that all computations are executed by the tamper-below it are reconstructed by the tamper-resistant device. resistant device. The device can prevent the results of the Assume that the subscription process mentioned above computations from being revealed so that even the user Uis completed for a subscriber U associated with class Ci . does not know the class key K2 of the class of nodes C2 0 C1 .U can then use the information received from the vendor This makes the system secure.to decrypt the data in class Cj , with Cj Ci , as follows: 1. If Cj ¼ Ci , U inputs only Ki into the tamper-resistant 4 FURTHER DISCUSSION device. Otherwise, if Cj 0 Ci , U first retrieves Ri;j We have proposed a key assignment scheme for secure from the authenticated public board and then inputs broadcasting based on a tamper-resistant device. A secure it together with the class identity IDj of Cj and its hash function and the intractability of the DLP on elliptic secret class key Ki . curves over the finite field IFq are also assumed. 2. If Kj is the only input, the next step is executed directly. Otherwise, the tamper-resistant device 4.1 Tamper-Resistant Devices computes the secret class key of Cj : The tamper-resistant device plays an important role in our scheme. The system’s master key K must be protected by Kj ¼ hi Á ðRi;j þ Ki Þ: the device. A leak of EncInfi will not help the attackers much, because they are not able to compute the HMAC, 3. If t 2 ½t1 ; t2 for some acceptable time interval ½t1 ; t2 thus the temporal class keys, without knowing K. A leak of acpi , the tamper-resistant device computes of hi will enable the user of class Ci to obtain the class key À Á À Á Kj of Cj , where Cj Ci , by computing H t ðaÞ ¼ H tÀt1 H t1 ðaÞ ; H ZÀt ðbÞ ¼ H t2 Àt H ZÀt2 ðbÞ ; Kj ¼ hi Á ðRi;j þ Ki Þ; a n d Kj;t ¼ HK ððKj ÞY È H t ðaÞ È H ZÀt ðbÞ È IDj Þ. Note that the values H t1 ðaÞ and H ZÀt2 ðbÞ are as done by the device. However, this does not help the user precomputed and stored in the tamper-resistant decrypt any information belonging to a class not lower than device. Ci . Unless K is discovered, the attacks to retrieve 4. At time granule t, the protected data belonging to EncInfi and hi on individual devices are not effective. class Cj can be decrypted by applying the key Kj;t . With the use of a tamper-resistant device, the security of the scheme is strong enough. Attacks on tamper-resistant3.5 An Example devices need special equipment. It is cheaper to buy aWe now provide an example to illustrate the above process. subscription than the special equipment. As such, the Consider an electronic newspaper system. Let 1 day be attacker does not have economic incentives to mount sucha tick of time in this system and Z ¼ 70 be the lifetime of an attack, unless he could capture the master key K. Anthe system; that is, the system exists in the temporal interval attacker who could find all the information on several
68 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 5, NO. 2, APRIL-JUNE 2008tamper-resistant devices could execute a collusion attack to 4.3.2 Collusion Attackcompute extra temporal decryption keys. Second, any collusion attack with more than one input to the As pointed out above, the only information that needs to device does not work either. Since the encryption informationbe kept secret by the tamper-resistant device is the system’s EncInfi for a device with identity IDi is not likely to bemaster key K. The Trusted Platform Module (TPM) modified because of the tamper resistance of the device,technology , which is good for storing and using any attempt to derive temporal decrypting keys for asecret keys, can well suit our need. We are aware that there class Cm that is not lower than Ci inevitably involves theare attacks on TPMs . There are countermeasures against computation of the class key Km . According to step 2 of thethose attacks . Moreover, none of these attacks is capable Decrypting Key Derivation process, gi Km must be compu-of extracting the exact secret information being protected table by the device with a suitable choice of the input(in our case, the system key K). Hence, the attackers are parameters. However, we do not see any way of accomplish-not able to perform the HMAC operations. Therefore, ing this computation without solving the DLP on EðIFq Þ.an attack relying on the knowledge of K is not feasible inpractice. We believe that the use of the tamper-resistant 4.3.3 X. Yi’s Attackhardware is practical and secure in reality. As a particular case of the collusion attack just described, One might argue that if we need such a strong tamper- Yi’s attack  against Chien’s scheme  cannot be replayedresistant device, then we might as well store the neededtemporal decryption keys on it directly and discard the key here to break our scheme. We will demonstrate this case tomanagement scheme. However, that approach is not give an impression of how the asymmetry introduced bypractical, because the number of needed keys can be large, elliptic-curve cryptography helps strengthen the scheme.considering the temporal intervals and hierarchy. In that Yi’s attack cannot apply directly to our scheme due tocase, the system’s class keys cannot be easily updated. Our our different construction. An analog of it would work asproposed scheme is elegant and more efficient in terms of follows: Two users collude to derive certain information Infstorage on the tamper-resistant devices. and pass it to a third user U so that U can input Inf together with his/her secret key to the tamper-resistant device to4.2 Hash Functions and Elliptic-Curve Discrete derive the decryption keys of a class not lower than U’s. Logarithm Problem Suppose that U belongs to class Cj and U wants to deriveSome of the most widely used hash functions, for example, decryption keys Ki;t of Ci , which is not lower than Cj . Then,SHA-0, MD4, Haval-128, RipeMD-128, and MD5, were Ki needs to be computed by the device. Thus, thebroken years ago, whereas SHA-1 was announced broken information to be passed to U should be Inf ¼ gj Ki þearly in 2005. Essentially, these hash functions have been ðÀKj Þ so that when U inputs Inf, IDi , and Kj , the tamper-proven not to be collision free, but it is still hard to find a resistant device will computepreimage to a given digest in a reasonable time. In view ofthis, these attacks on hash functions will not affect the hj Á ðInf þ Kj Þ ¼ hj Á ðgj Ki þ Kj À Kj Þ ¼ Ki :security of our scheme, as long as the DLP on the elliptic In order to obtain Inf, someone must be able to computecurves is still hard. So far, there is no foreseeable break- gj Ki . Given that class Ci is not lower than Cj , gj Ki is not athrough in solving DLP on elliptic curves. summand of any of the published values on the authenti- Without having to keep Q 2 EðIFq Þ secret, no one, cated board, and thus, it cannot be produced via collusion,including the user Ui , can recover the secret values gi considering the fact that the ECDLP is hard.and hi of the system due to the difficulty of the elliptic- Therefore, Yi’s attack cannot be modified to attack ourcurve DLP (ECDLP). Therefore, the system is secure. scheme.4.3 Security against Possible Attacks 4.4 Yet Another Good FeatureNote that the tamper-resistant device in our scheme is an An important advantage of our scheme is that the vendororacle that does calculation in the Decrypting Key Derivation can change the class keys of the system at anytime withoutprocess. This raises the question of whether such a device having to reissue new devices to the users, whereas only thecan be attacked by an adversary to gain secret information user’s class keys and the public information Ri;j need to beto subvert this process. This concern is necessary, since updated. However, when an individual user wants toChien’s scheme has been successfully attacked (see ) due change the subscription, a new device needs to be issued.to the weakness of the oracle. We face a similar situation here. This also needs to be done when a different class is desired.4.3.1 Attack from the Outside 4.5 Space and Time ComplexityFirst, any attack against our scheme with only one input to Our scheme publishes one value Ri;j for each partial-orderthe device will not work. Any attempt to gain the temporal relation Cj 0 Ci . The total number of public values is at most nðnÀ1Þdecrypting key with only one input KÃ to the device with 2 , where n is the number of classes in C. On the useridentity IDi will not succeed, unless the input is the side, the tamper-resistant device stores only HK , E, IFq , IDi ,right class key Ki bound to the same device. This can hi , and EncInfi .easily be seen, since in this case, the device will compute À Á At any time granule t, the tamper-resistant device needsHK ðKÃ ÞY È H t ðaÞ È H ZÀt ðbÞ È IDi at time granule t (we to perform ðt À t1 Þ þ ðt2 À tÞ þ 2 ¼ t2 À t1 þ 2 Z hashmay assume that t is valid; that is, it is in the subscription iterations. Note that there are two hash iterations perperiod). This value is meaningless, unless KÃ ¼ Ki . HMAC operation . In a system of a life period of 5 years,
BERTINO ET AL.: AN EFFICIENT TIME-BOUND HIERARCHICAL KEY MANAGEMENT SCHEME FOR SECURE BROADCASTING 69 TABLE 1 A Comparison of the Three SchemesSuppose that Cj Ci , t 2 ½t1 ; t2 .Notation:n: number of classes jCj.r: number of child classes Ci on path from Ci to Cj .Th : hashing operation.Te : modular exponentiation.TL : Lucas function operation.TE : elliptic-curve scalar multiplication.which updates user keys every hour, Z is approximately 5 CONCLUSIONS43,800. We did an experiment using SHA-1 as the hash In this paper, we have proposed an efficient time-boundfunction on a Gateway MX3215 laptop computer that has a hierarchical key management scheme based on the use of1.40 GHz Intel(R) Celeron(R) M processor and 256 Mbytes elliptic-curve cryptography for secure broadcasting of data.of memory and runs Ubuntu 6.10 Edgy Eft. The code is The number of encryption keys to be managed dependswritten in C and built with GNU C compiler version 4.1.2. only on the number of access control policies. A tamper-The result showed that 43,800 hash iterations took resistant device plays an important role in our scheme.0.0800 second of processing time. In practice, t2 À t1 is usually The obvious solution of storing all needed decryption keysmuch smaller than Z, and the hash computation is really fast. in a tamper-resistant device is not practical, because the The bulk of the computation performed by the tamper- number of keys needed can be large. In addition, with such a solution, when the system’s class keys need to be updated,resistant device is the calculation of Kj ¼ hi ðRi;j þ Ki Þ in all devices containing these keys must be discarded, andstep 2 of the Decrypting Key Derivation phase. A rough new devices need to be issued. Our approach to keyestimate  shows that a 160-bit prime p (the order of Q on management avoids these disadvantages.EðIFq Þ) should give us enough security (against the best In the future, we hope to analyze our system from theECDLP attack) in this situation. In this case, to derive the point of view of provable security. This would require aclass key Kj of class Ci 0 Ci from Ki , the device needs to more formal description of our system than what we haveperform at most 160 elliptic-curve doublings and 81 elliptic- given here. We also plan to implement our scheme and docurve additions when the method based on repeated experiments on smart cards.doubling and adding is used. This amounts to 241 ellipticadditions. Ignoring the negligible field addition in IFq , each APPENDIXelliptic-curve addition requires one field inversion and COMPARISON OF THREE SCHEMEStwo field multiplications. If we choose q to be a 160-bit We compare the three time-bound hierarchical key manage-number and regard the time to perform a field inversion as ment schemes in Table 1.that of three field multiplications, the class key derivationprocess needs roughly 241 Â 5 Â 1602 % 225 bit operations. ACKNOWLEDGMENTSEven a smart card can do this in a few seconds . Our The authors would like to thank the anonymous reviewersscheme is, in fact, slower than Chien’s scheme, in which for their helpful comments, Abhilasha Bhargav-Spantzelonly hash computations are widely used. However, it is still for the suggestions about the TPM technology, and thevery efficient from the point of view of application and Center for Education and Research in Informationprovides enhanced security. Assurance and Security, Purdue University for support. We include in the Appendix a table comparing the three The work reported in this paper was partially supported bytime-bound hierarchical key management schemes. the US National Science Foundation under Grant 0430274.
70 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 5, NO. 2, APRIL-JUNE 2008REFERENCES Ning Shang is currently working toward the PhD degree in the Department of Mathematics, the Advanced Encryption Standard, http://csrc.nist.gov/ Department of Electrical and Computer Engi- CryptoToolkit/aes/, 2007. neering, and the Center for Education and R. Anderson and M. Kuhn, “Low-Cost Attacks on Tamper- Research in Information Assurance and Security Resistant Devices,” Proc. Fifth Int’l Workshop Security Protocols (CERIAS), Purdue University. His research (IWSP ’97), pp. 125-136, 1997. interests include computational number theory, E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, “An Access elliptic and hyperelliptic cryptography, and im- Control Model Supporting Periodicity Constraints and Tem- plementation of cryptographic schemes. He is a poral Reasoning,” ACM Trans. Database Systems, vol. 23, no. 3, member of the AMS and the SIAM. pp. 231-285, Sept. 1998. E. Bertino, B. Carminati, and E. Ferrari, “A Temporal Key Samuel S. Wagstaff Jr. received the BS degree Management Scheme for Secure Broadcasting of XML Docu- in mathematics from Massachusetts Institute of ments,” Proc. Ninth ACM Conf. Computer and Comm. Security Technology, Cambridge, and the PhD degree in (CCS ’02), pp. 31-40, Nov. 2002. mathematics from Cornell University, Ithaca, H.-Y. Chien, “Efficient Time-Bound Hierarchical Key Assignment New York. He is a professor of computer science Scheme,” IEEE Trans. Knowledge and Data Eng., vol. 16, no. 10, in the Department of Computer Sciences, Purdue pp. 1302-1304, Oct. 2004. University, West Lafayette, Indiana. He is also FIPS Publication 198, The Keyed-Hash Message Authentication Code with the Center for Education and Research in (HMAC), http://csrc.nist.gov/publications/fips/fips198/ Information Assurance and Security (CERIAS). fips-198a.pdf, 2008. Before coming to Purdue, he taught at the A. Jurisic and A.J. Menezes, “Elliptic Curves and Cryptography,” University of Rochester, Rochester, New York, the University of Illinois, Dr. Dobb’s J., pp. 23-36, Apr. 1997. Urbana, and the University of Georgia, Athens. From 1971 to 1972, he http://www.raaktechnologies.com/download/raak-c7-standard. was with the Institute for Advanced Study, Princeton, New Jersey. He is pdf, Web article, 2007. the leader of the Cunningham Project, which factors numbers of the form E.R. Sparks, “A Security Assessment of Trusted Platform bn Æ 1. His research interests include primality testing, integer factoriza- Modules,” computer science technical report, http:// tion, cryptography, secure patch distribution, and watermarking. He has www.ists.dartmouth.edu/library/341.pdf, 2007. supervised five PhD theses and published five books and more than Trusted Platform Module, https://www.trustedcomputinggroup. 60 research papers. He is a coinventor (with R. Baillie) of an algorithm org/groups/tpm/, 2007. that was published in 1980 and was selected as the ANSI Standard X9-80 W.G. Tzeng, “A Time-Bound Cryptographic Key Assignment for choosing industrial-grade primes for use in cryptography. It is used Scheme for Access Control in a Hierarchy,” IEEE Trans. worldwide as part of the secure-socket layer. He is a member of the AMS, Knowledge and Data Eng., Proc. Sixth ACM Symp. Access Control the MAA, and the UPE. Models and Technologies (SACMAT ’01), vol. 14, no. 1, pp. 182- 188, Jan./Feb. 2002. X. Yi, “Security of Chien’s Efficient Time-Bound Hierarchical Key Assignment Scheme,” IEEE Trans. Knowledge and Data Eng., . For more information on this or any other computing topic, vol. 17, no. 9, pp. 1298-1299, Sept. 2005. please visit our Digital Library at www.computer.org/publications/dlib. X. Yi and Y. Ye, “Security of Tzeng’s Time-Bound Key Assignment Scheme for Access Control in a Hierarchy,” IEEE Trans. Knowledge and Data Eng., vol. 15, no. 4, pp. 1054-1055, July/Aug. 2003. L.C. Washington, Elliptic Curves, Number Theory and Cryptography. Chapman Hall/CRC, 2003. Elisa Bertino is a professor of computer science in the Department of Computer Sciences, Purdue University and the Research Director of the Center for Education and Research in Information Assurance and Security (CERIAS). Previously, she was a faculty member in the Department of Computer Science and Commu- nication, University of Milan, where she directed the DB and SEC Laboratory. She was a visiting researcher at the IBM Research Laboratory (nowAlmaden), San Jose, at the Microelectronics and Computer TechnologyCorporation, at Rutgers University, and at Telcordia Technologies. From2001 to 2007, she was a coeditor in chief of the Very Large DatabaseSystems (VLDB) Journal. She serves also on the editorial boards ofseveral scientific journals, including the IEEE Internet Computing,IEEE Security and Privacy, ACM Transactions on Information andSystem Security, and ACM Transactions on Web. Her main researchinterests include security, privacy, digital identity management systems,database systems, distributed systems, multimedia systems. She haspublished more than 250 papers in all major refereed journals and in theproceedings of international conferences and symposia. She is acoauthor of Object-Oriented Database Systems: Concepts and Archi-tectures (Addison-Wesley, 1993), Indexing Techniques for AdvancedDatabase Systems (Kluwer Academic Publishers, 1997), IntelligentDatabase Systems (Addison-Wesley, 2001), and Security for WebServices and Service Oriented Architectures (Springer, Fall 2007). Sheis a fellow of the IEEE and the ACM and a Golden Core member of theIEEE Computer Society. She received the 2002 IEEE Computer SocietyTechnical Achievement Award for her “outstanding contributions todatabase systems and database security and advanced data manage-ment systems” and the 2005 IEEE Computer Society Tsutomu KanaiAward for “pioneering and innovative research contributions to securedistributed systems.”