Abstract
Hierarchical structures are frequently used to manage access to sensitive data in various contexts, ranging from organizational settings to IoT networks. A Hierarchical Key Assignment Scheme (HKAS) is designed to cryptographically enforce access control in hierarchical structures. It operates by assigning secrets and encryption keys to a set of classes within a partially ordered hierarchy. This approach ensures that the secret of a higher-level class can be used to efficiently derive keys for all classes positioned at a lower level in the hierarchy. In this paper, we introduce a novel cryptographic primitive that we name HKAS with Key Rotation (KR-HKAS). This extension enhances the current HKAS framework by enabling a provably secure mechanism for periodically rotating both encryption keys and secrets, without necessitating a complete setup reset. This proactive approach effectively mitigates the risk of security breaches due to compromised cryptographic material, aligning with the best security practice.
