Efficient and Scalable Access Management Scheme Based on Chinese Remainder Theorem

1College of Computer Science and Technology, Huaqiao University, No. 668 Jimei Avenue, Xiamen 361021, Fujian, China 2Department of Electrical Engineering, Taiwan University, No. 1, Sec. 4, Roosevelt Rd., Taipei 10617, Taiwan 3Department of Statistics, Tunghai University, No. 1727, Sec. 4, Taiwan Boulevard, Xitun District, Taichung 40704, Taiwan 4Department of Information Technology, Ling Tung University, 1, Ling tung Rd., Taichung 40852, Taiwan 5Department of Information Management, Tunghai University, No. 1727, Sec. 4, Taiwan Boulevard, Xitun District, Taichung 40704, Taiwan


Introduction
With the rapid development of computer technology and the Internet, more and more resources are shared through the Internet. Problems regarding access control naturally arise as resources are shared over the Internet. It is worth noting that access control mechanisms are widely used in online video systems, wireless networks, electronic documents, and so on. Therefore, it is necessary to construct an access control mechanism to access data effectively and securely. Common access control problems are unauthorized access, data invasion or destruction, inconsistent permissions, privacy leakage, etc. These imply that the access control problem is worthy of further study.
The purpose of information security access control is to restrict data access to legitimate members. In the information transmission environment using sensor networks, this is essential because the sensor network is a public transport environment, meaning there are more security threats, so more security methods are needed to protect the data access of legitimate members. (1,2) We implement the Chinese remainder theorem (CRT) (3,4) in the first scheme to construct an access control scheme. We can comprehend CRT in a simple way, understand, and manipulate this research in various applications, such as online video systems.
This research examines potential internal threats and possible external attacks. According to previous issues on key management, schemes to meet the requirements of the design of the access control mechanism should be developed. We propose that access control schemes based on three mathematical theories can be used to provide secure communication under different application environments.
The idea of CRT is simple and can be used in building an access control scheme that provides high security. The security of cryptographic techniques mostly relies on the complexity of the encryption algorithm. Most solutions are due to public key cryptography (5) that offers to encrypt and decrypt operations. However, CRT is commonly implemented in computer science. (6)

Previous Work
The encryption algorithm has been widely used for secure data exchange. In order to prevent unauthorized attacks, it is necessary to provide measures for ensuring data security. CRT has been used for key management; one of its primary applications is data sequence encryption and decryption, and it can be used to generate the key pool and chain for predistribution. CRT has also been used for key generation in a variety of security protocols.
In 2004, Lin et al. (7) proposed a hierarchical key management scheme to filter out the demands of repeatedly storing cryptographic keys in a mobile agent. Compared with Volker and Mehrdad's scheme, Lin et al.'s scheme offers fewer public key computations. However, modular exponentiation is required during key generation and derivation. (8) In addition to being very expensive, it might also cause some problems with the bottleneck while serving several agents and visiting hosts at the same time.
According to Chen et al. (9) in 2009, only lightweight operations with one-way hash function and bitwise XOR operators were embedded. Since the number of public variables γ →j was more strongly related to the parental nodes and descendent nodes, a larger storage space was required. We set ω to be the total number of nodes involved in the hierarchy and γ →j the number of parents of the descendent node j. Let α be the number of descendent nodes that are larger than one parent, 0 ≤ α < ω, and the size stored in the mobile agent be [256(ω − 1 + α)].
The aforementioned schemes require an excessive computation time. We propose a modified scheme that provides users with a better way of key accessing based on the mobile agent. Our improved scheme became more efficient and flexible since we extracted the advantages of CRT.

Proposed Work
We employ the hierarchical structure shown in Fig. 1. The bottom nodes represent the encrypted confidential files. The internal nodes represent the servers or users of the system. The confidential files are accessed by the authorized server when users attempt to connect to the server. In order to compute the superkey and a generating function for each server and encrypted confidential file, mobile agents are used to accomplish these tasks.
Since mobile agents are able to change their tasks, they can efficiently finish the computations and reduce the load of the system. The mobile agents can also work with different communication protocols within heterogeneous networks and overcome the incompatibility issue. In favor of CRT, a hierarchical access structure is built using the mobile agents. Each server can only access the protected confidential files based on their access level. The security of our scheme can prevent unauthorized access using the characteristics of CRT and one-way hash function.
Here, we introduce the logic and algorithm for the construction of our proposed scheme. For 1 ≤ j ≤ m, DK j is the secret symmetric key for encrypting and decrypting the jth confidential file, and a secret parameter r j is also assigned to the jth confidential file. We identify DK j with the jth confidential file in order to reduce the complexity of our presentation. The mobile agents compute a (secret) superkey SK i for the ith server (0 ≤ i ≤ k) using public and secret parameters, such as t. CRT is utilized in the construction of superkey SK i . Because of CRT mathematical properties, the constructed superkeys meet the requirements of a hierarchical structure. (10)(11)(12)(13) Thus, if server SC i has a higher access authorization than server SC j (denoted by SC j ≤ SC i ), then server SC i can derive the superkey SK j of server SC j using the knowledge of its superkey SK i and other public parameters. Moreover, each server can access only the confidential files in accordance with its position in the hierarchical structure.
The parameters are defined as follows (Table 1) before the proposed method is discussed in detail.
Defining key property of "≤": Assuming that SC i ≠ SC j , we cannot have both SC j ≤ SC i and SC i ≤ SC j . If we set both SC j ≤ SC i and SC i ≤ SC j , then SC 1 →SC i →SC j exists and so does path SC 1 →SC j →SC i . Then, we can obtain the path SC 1 →SC i →SC j →SC i →SC 1 . This contradicts the definition of a tree (= a connected graph with no loop). This follows that the relation "≤" defines a partial order on the set {SC 1 , …, SC k }, that is, ≤ satisfies the following properties.
(1) Reflexive: (3) Anti-symmetric: In the hierarchical structure, the decryption key DK u , (1 ≤ u ≤ m) in the bottommost layer is associated with encryption and decryption of the uth confidential file and the intermediate nodes represent the servers. The set J i = {u: SC i is authorized to access decryption key DK u } denotes the set of subscripts of the confidential files to which server SC i has accessed.

Key generation phase
Step 1 The mobile agent owner selects nonrepeated random integers {DK 1 , DK 2, …, DK m } as the symmetric encryption and decryption keys of confidential files and pairwise relative primes n u for each DK u , ∀u ∈ {1, 2, …, m}. DK u is kept secretly and n u is a public parameter.
Step 2 The mobile agent constructs N i for the internal node SC i .
Step 3 The mobile agent owner randomly selects distinct r u for DK u , which is kept secretly.
Step 4 The mobile agent owner calculates separately a unique primitive multiplicative inverse Thus, W i,u satisfies the following equation: Step 5 The mobile agent owner calculates the superkey of SK i of server SC i as Table 1 Parameters for constructing the system.

DK u
DKu is the secret symmetric key for encrypting and decrypting the uth confidential file, 1 ≤ u ≤ k. SC i SC i is the ith server, 1 ≤ i ≤ k. J i J i is the collection of the subscripts of the confidential files to which server SC i has accessed. n u n u is a large prime for each DK u , ∀u = 1, 2, …, m. N i N i = u∈J i n u and note that gcd (N i /n u , n u ) = 1.
E is the encryption function for the confidential files. D D is the decryption function for the confidential files.
SK i is the unique primitive solution to the following system of congruence based on CRT.
y ≡ r u (mod n u ), ∀u ∈ J i .
As a result, we obtain SK i ≡ r u (mod n u ), ∀u ∈ J i .
Step 6 Define and publish the one-way hash function h( . ). Define the generating function The expanded form of Eq. (4), other than Eq. (4) itself, is published. We note that DK u is embedded in the constant term of the expanded form of Eq. (4); this prevents the extraction of DK u .

Key derivation phase
When server SC i corresponding to an internal node attempts to access the leaf node DK u , the following steps are performed: Step 1 Server SC i uses Superkey SK i and the public parameter n u to determine the secret parameter r u . The formula is Step 2 SC i uses r u and Superkey SK i to compute h(r u || SK i ), and then obtains DK u using the public formula as follows:

Analysis of Security
Our research has developed a scheme secured against potential attacks. The scheme is introduced in this section.

Reverse attack
Let SC i and SC j be two servers in the hierarchical structure with SC j ≤ SC i . By reverse attack, SC j can use its superkey SK j and other public parameters to compute the superkey SK i of server SC i .
Assuming server SC j (≤ SC i ), using its superkey SK j and other public parameters, it attempts to obtain the superkey SK i of user SC i . To avoid triviality, we assume that J j is a strict subset of J i . User SC j can use his superkey SK j to retrieve the secret parameter r u for the uth confidential file for u ∈ J j . However, SC j is not able to obtain r u for u ∈ J i − J j . SC j without full knowledge of r u for all u ∈ J j values is not also able to obtain the superkey SK i of server SC i . In this case, we propose that the scheme is protected against the reversal attack.

Collusion attacks
A collusion attack takes place if a group of servers SC j 1 , SC j 2 , ..., SC j t each of whom satisfies the relation SC j i ≤ SC i , using the pooled knowledge of their private keys SK j and other public parameters, manage to obtain the superkey SK i of user SC i . Since each J j l , 1 ≤ l ≤ t, is a set subset of J i , the union J j 1 ∪ J j 2 ∪ ... ∪ J j l is still a strict subset of J i , and without a full knowledge of all r u ∈ J i values, the superkey SK i cannot be obtained. Thus, our proposed scheme is secure against collusion attack.

External attacks
As shown below, we compare the performance of the proposed scheme with those of other schemes. We investigate the computational complexity and storage requirement of each case. The variables are defined and listed in Table 2.
We assume that an agent will visit k hosts and carry m confidential files. Let v i be the number of files from the visited host that i can access, where 1 ≤ i ≤ k.
The scheme proposed by Lin et al. (7) requires the storage of k private keys under/static/sctx/ acl/. According to the Rivest-Shamir-Adleman (RSA) algorithm, the scheme proposed by Lin et al. requires storage with 1024k b for all private keys. One-way hash indicates the relationship between a specific node and an associated sole parent node. (9) A hash function, such as the 256 b SHA-256, takes an arbitrary-length input and returns a fixed-length output. Thus, 256k b storage is required for the private keys generated by the scheme of Chen et al. In our proposed scheme also utilizing a hash function in the construction of the function f u (x), a storage space of 256 b is required for the private keys. Now, we consider the storage spaces for public parameters. The storage spaces for public parameters required by the schemes proposed by Lin et al., Chen et al., (9) and our proposed scheme are 512(m + 1), 256(2k − 1), and 256m b, respectively. It is reasonable to assume that the number of security classes, k, is larger than that of confidential files, m, in a hierarchical structure. The storage space required by the scheme proposed by Chen et al. is larger than that required by our proposed scheme.
Then, we should calculate the computation time required by the key generation and derivation phases for the three schemes being comparied. The scheme of Chen et al. (9) requires a computation time of k − 1 + 1≤i≤k v i T mod + k − 1 + 2 1≤i≤k v i T hash . We should also establish the relationship among the user superkeys SK i , 1 ≤ i ≤ k, and require a computation time of (k − 1)T hash to derive all the symmetric encryption and decryption keys DK u , 1 ≤ u ≤ m. The scheme of Lin et al. (7) requires one modular exponentiation. For the scheme of Lin et al., (7) a computation time of 1≤i≤n v i T hash is required for both the key generation and derivation phases. Our proposed scheme demands a computation time of (k) T mod + 1≤i≤m v i T hash to generate all and a computation time of (k) T mod + 1≤i≤m v i T hash to derive all keys. Table 3 shows the computation complexities and storage requirements of these three schemes. It is seen that the storage requirements of the private keys and public parameters for our proposed scheme are less than those for required by the other two schemes. The computation complexity of our proposed scheme is also smaller than those of the other two schemes. We note that the key operation used in the schemes of Chen et al. and Lin et al. is modular exponentiation and that used in our proposed scheme is the evaluation of a hash function. Both the schemes of Chen et al. and Lin et al. have a computation complexity of O(k 2 ) in modular exponentiation. Our proposed scheme has a smaller computation complexity than the other two schemes because it takes less time to evaluate a hash function.

Analysis of performance
A numerical experiment is conducted to calculate the run time required for the key generation phase for each scheme under a given configuration. From the obtained results, we compare the actual performance characteristics of the three schemes.
The proposed (2k)T mod + ( All the numerical calculations reveal that the mathematical package MATLAB (2011b version) on a personal computer with an Intel Core i7 2.67 GHz CPU and 8 GB memory is efficient. The operation system is Windows 7, 64 b version. According to the method proposed by N. Koblitz, (15) the calculation time of the parameters in the stage of generation and derivation is given. Each configuration is run twenty times and all the run times are recorded and plotted in order to obtain a higher numerical accuracy.
The numerical experiment is divided into two sections. In the first section, the run time for key generation is calculated. In the second section, the run time for key derivation is calculated. For the former, we access functions, and for the latter, we calculate the time it takes for server SC 1 to derive a symmetric encryption/decryption key. This is performed because SC 1 has the highest degree of authorization and will take more time to derive a symmetric encryption/ decryption key than any other users who perform the same task.
A plot of the run time (y-axis) required by the key generation phase vs the number of servers (x-axis) is given in Fig. 2. In Fig. 2, the run times required by the key generation phase for the schemes of Chen et al. and Lin et al., and our proposed scheme are represented by the blue, green, and red lines, respectively. It is seen from Fig. 2 that our proposed schemes perform better than the other two schemes. As the number of servers increases, the superiority of our proposed scheme becomes more pronounced (as the gap between the red line and the other two lines becomes wider). It is verified by the performance curves in Fig. 2 that our proposed scheme requires the least run time in the key generation phase.
In Fig. 3, we give the performance curve for the key derivation phase. For the hierarchy of 1200 servers, the times required for the key derivation phase are 3.04, 3.22, and 3.29 for our proposed scheme and the schemes of Chen et al. and Lin et al., respectively. It is seen from Fig. 3 that the performance of the key derivation phase of our scheme is higher than those of the other two schemes.

Conclusion
In this research, a hierarchy-base information system that is suitable for various conditions is developed. The system is rounded by the Internet. Otherwise, we use the characteristics of the mobile agents to adopt the heterogeneous networks and roam among servers. Data can be collected from a diverse array of monitoring devices and useful information is also derived after mobile agents have communicated among servers and by utilizing the scalability and openness properties. The basis of the control system is CRT. The security analysis indicates that the proposed system is secure against various types of attack. Our proposed system is flexible and efficient since the mobile agents are assigned to send the results of computation.