CryptoDB
Incorporating Temporal Capabilities in Existing Key Management Schemes
Authors: | |
---|---|
Download: | |
Abstract: | The problem of key management in access hierarchies is how to assign keys to users and classes such that each user, after receiving her secret key(s), is able to {\em independently} compute access keys for (and thus obtain access to) the resources at her class and all descendant classes in the hierarchy. If user privileges additionally are time-based (which is likely to be the case for all of the applications listed above), the key(s) a user receives should permit access to the resources only at the appropriate times. This paper present a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is $n$, then the increase of the public storage space at the server due to our solution is only by a small asymptotic factor, e.g., $O(\log^* n \log\log n)$ with a small constant. |
BibTeX
@misc{eprint-2007-13526, title={Incorporating Temporal Capabilities in Existing Key Management Schemes}, booktitle={IACR Eprint archive}, keywords={applications / Access control, time-based key assignment, efficient key derivation}, url={http://eprint.iacr.org/2007/245}, note={Full version of an extended abstract which is to appear at ESORICS 2007. mbykova@cs.purdue.edu 13690 received 19 Jun 2007, last revised 26 Jun 2007}, author={Mikhail J. Atallah and Marina Blanton and Keith B. Frikken}, year=2007 }