Cryptanalysis of Hwang-Yang scheme for controlling access in large partially ordered hierarchies

Recently, Hwang and Yang [J. Syst. Software 67 (2003) 99] proposed a cryptographic key assignment scheme for access control in large partially ordered hierarchies. In this paper, we show that their scheme is insecure against the collusion attack whereby some security classes conspire to derive the secret keys of other leaf security classes, which is not allowed according to the scheme.