A Key Management Method for Cryptographically Enforced Access Control

Anna Zych, Milan Petković, Willem Jonker

Abstract

Cryptographic enforcement of access control mechanisms relies on encrypting protected data with the keys stored by authorized users. This approach poses the problem of the distribution of secret keys. In this paper, a key management scheme is presented where each user stores a single key and is capable of efficiently calculating appropriate keys needed to access requested data. The proposed scheme does not require to encrypt the same data (key) multiple times with the keys of different users or groups of users. It is designed especially for the purpose of access control. Thanks to that, the space needed for storing public parameters is significantly reduced. Furthermore, the proposed method supports flexible updates when user’s access rights change.

References

  1. Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1 (1983) 239-248
  2. Harn, L., Lin, H.Y.: A cryptographic key generation scheme for multilevel data security. Comput. Secur. 9 (1990) 539-546
  3. Lin, C.H.: Dynamic key management schemes for access control in a hierarchy. Computer Communications 20 (15 December 1997) 1381-1385(5)
  4. Fiat, A., Naor, M.: Broadcast encryption. In: CRYPTO 7893: Proceedings of the 13th annual international cryptology conference on Advances in cryptology, New York, NY, USA, Springer-Verlag New York, Inc. (1994) 480-491
  5. Naor, D., Naor, M., Lotspiech, J.B.: Revocation and tracing schemes for stateless receivers. In: CRYPTO 7801: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, London, UK, Springer-Verlag (2001) 41-62
  6. Asano, T.: A revocation scheme with minimal storage at receivers. In: ASIACRYPT 7802: Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security, London, UK, Springer-Verlag (2002) 433-450
  7. Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for secure broadcasting of xml documents. In: CCS 7802: Proceedings of the 9th ACM conference on Computer and communications security, New York, NY, USA, ACM Press (2002) 31-40
  8. TS Chen, Y.C.: Hierarchical access control based on chinese remainder theorem and symmetric algorithm. Computers & Security 21 (2002) 565-570
  9. Kuo, F.H., Shen, V.R.L., Chen, T.S., Lai, F.: Cryptographic key assignment scheme for dynamic access control in a user hierarchy. Volume 146., Dept. of Electr. Eng., Nat. Taiwan Univ., Taipei, IEE (September 1999) 235 - 240
  10. Hwang, M.S., Yang, W.P.: Controlling access in large partially ordered hierarchies using cryptographic keys. J. Syst. Softw. 67 (2003) 99-107
  11. Lin, I.C., Hwang, M.S., Chang, C.C.: A new key assignment scheme for enforcing complicated access control policies in hierarchy. Future Gener. Comput. Syst. 19 (2003) 457-462
  12. Chien, H-Y; Jan, J.K.: New hierarchical assignment without public key cryptography. Computers & Security 22 (2003) 523-526
  13. Lin, C.H.: Hierarchical key assignment without public-key cryptography. Computers & Security 20 (2001) 612-619
  14. Lee, N.Y., Hwang, T.: Comments on dynamic key management schemes for access control in a hierarchy'. Computer Communications 22 (1999) 87-89
  15. Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: CSFW 7806: Proceedings of the 19th IEEE Workshop on Computer Security Foundations, Washington, DC, USA, IEEE Computer Society (2006) 98-111
Download


Paper Citation


in Harvard Style

Zych A., Petković M. and Jonker W. (2007). A Key Management Method for Cryptographically Enforced Access Control . In Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007) ISBN 978-972-8865-96-2, pages 9-22. DOI: 10.5220/0002432300090022


in Bibtex Style

@conference{wosis07,
author={Anna Zych and Milan Petković and Willem Jonker},
title={A Key Management Method for Cryptographically Enforced Access Control},
booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},
year={2007},
pages={9-22},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002432300090022},
isbn={978-972-8865-96-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)
TI - A Key Management Method for Cryptographically Enforced Access Control
SN - 978-972-8865-96-2
AU - Zych A.
AU - Petković M.
AU - Jonker W.
PY - 2007
SP - 9
EP - 22
DO - 10.5220/0002432300090022