In 1997, Lin proposed a new dynamic access control scheme with a central authority for users organized in a hierarchy. The author claimed that the new scheme has many advantages, e.g. any class can change its group key for security reasons without affecting the others. However, this paper will show that once the old group key of a class is exposed, the newly chosen group key can be easily derived by the old key. Moreover, we shall show that if the identity of a class has a few bits different from those of the other classes, a user in the class can easily derive the group keys of these classes to which he/she is not entitled.
All Science Journal Classification (ASJC) codes