Computers & Security, 9 (1990) 539-546 A Cryptographic Key Generation Scheme for Multilevel Data Security Lein Harn and Hung-Yu Lin Cornpuler Science Telecommunica~iotrs Program, University o/Mircouri-Kansas City, Kansas City, MO, U.S.A. In 1982, and Taylor proposed an elegant solution to rhe partially ordered multilevel key distribution problem, using a cryptographic approach. Since then, continuing research has been conducred to try to realize and simplify their scheme. Generally speaking, there are two problems associated with their scheme. First, a large value associated with each security class needs to be made public. Secondly, new security classes are not permitted co be added into the system once all the security keys have been issued. Our paper presents a very simi- lar approach. But, instead of using the top-down design approach as in their scheme, our scheme is using a bottom-up key generating procedure. The result is that the published values for most security classes can be much smaller than in rheir scheme. This property becomes more obvious for a broad and shallow hierarchical graph. In addition, our scheme can accommodate the changes of adding new security classes into the system. Keywords: Cryptographic scheme. Multilevel data security, Key distribution, Partially ordered hierarchy, RSA scheme. Introduction T he multilevel data security problem originally exists in military and govcrnmcnt departments as well as some private corporations where classi- fied data management is necessary. Now, because of the increase in computing resources, it is more frc- qucntly found in applications such as database management [l-3], computer networks [h-7], and operating systems [8,9]. The multilevel security problem exists in many organizations where a hierarchical structure of data sensitivity and user privilege coexists. Govcrnmcnt and military organizations arc the classic examples of such hicrarchics [IO]. Thcrc arc also cxamplcs in commercial environments. For instance, a cor- porate hierarchy may bc organized in a tree struc- ture, with top management at the root and sccuriry classes corresponding to divisions, departments, and projects at succcssivc levels of the tree. A manager of a division has clearance for the security class of that division and, thereby, is authorized to access information in all dcpartmcnts and projects within that division. Mcmbcrs of a project team, on the other hand, arc clcarcd only for that project and will be unable to access information conccrn- ing other projects, including those within the same department. A totally diffcrcnt application cnvi- ronment would bc a computer running in a mul- 0167-4048/90/$3.50 0 1990, Elsevier Science Publishers Ltd. 539