Abstract
The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical structure. If user privileges additionally are time-based, the key(s) a user receives should permit access to the resources only at the appropriate times. This paper presents a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is n, then the server needs to maintain public storage larger than n by only a small asymptotic factor, e.g., O( log* n loglogn ) with a small constant.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Atallah, M., Blanton, M., Fazio, N., Frikken, K.: Dynamic and efficient key management for access hierarchies. In: ACM Conference on Computer and Communications Security (CCS’05) (preliminary version), Full version is available as Technical Report TR 2006-09, CERIAS, Purdue University (2006)
Atallah, M., Blanton, M., Frikken, K.: Key management for non-tree access hierarchies. In: ACM Symposium on Access Control Models and Technologies (SACMAT’06), pp. 11–18 (2006) (Full version is available as Technical Report TR 2007-30, CERIAS, Purdue University)
Atallah, M., Blanton, M., Frikken, K.: Efficient techniques for realizing geo-spatial access control. In: ASIACCS 2007. ACM Symposium on Information, Computer and Communications Security, pp. 82–92. ACM Press, New York (2007)
Atallah, M., Blanton, M., Frikken, K.: Incorporating temporal capabilities in existing key management schemes. Full version, available as Cryptology ePrint Archive Report 2007/245 (2007), http://eprint.iacr.org/2007/245
Ateniese, G., De Santis, A., Ferrara, A., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. In: CCS 2006. ACM Conference on Computer and Communications Security, ACM Press, New York (2006)
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, Springer, Heidelberg (1996)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems (TODS) 23(3), 231–285 (1998)
Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: A temporal role-based access control model. In: SACMAT 2000. ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM Press, New York (2000)
Briscoe, B.: MARKS: Zero side effect multicast key management using arbitrarily revealed key sequences. In: Rizzo, L., Fdida, S. (eds.) Networked Group Communication. LNCS, vol. 1736, pp. 301–320. Springer, Heidelberg (1999)
Chien, H.: Efficient time-bound hierarchical key assignment scheme. IEEE Transactions of Knowledge and Data Engineering (TKDE) 16(10), 1301–1304 (2004)
Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: CSFW 2006. IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Los Alamitos (2006)
Huang, H., Chang, C.: A new cryptographic key assignment scheme with time-constraint access control in a hierarchy. Computer Standards & Interfaces 26, 159–166 (2004)
Katz, J., Yung, M.: Characterization of security notions for probabilistic private-key encryption. Journal of Cryptology 19, 67–95 (2006)
De Santis, A., Ferrara, A., Masucci, B.: Enforcing the security of a time-bound hierarchical key assignment scheme. Information Sciences 176(12), 1684–1694 (2006)
De Santis, A., Ferrara, A., Masucci, B.: New constructions for provably-secure time-bound hierarchical key assignment schemes. In: SACMAT 2007. ACM Symposium on Access Control Models and Technologies, ACM Press, New York (2007)
Tang, Q., Mitchell, C.: Comments on a cryptographic key assignment scheme for access control in a hierarchy. Computer Standards & Interfaces 27, 323–326 (2005)
Tzeng, W.: A time-bound cryptographic key assignment scheme for access control in a hierarchy. IEEE Transactions on Knowledge and Data Engineering (TKDE) 14(1), 182–188 (2002)
Tzeng, W.: A secure system for data access based on anonymous authentication and time-dependent hierarchical keys. In: ASIACCS 2006. ACM Symposium on Information, Computer and Communications Security, pp. 223–230. ACM Press, New York (2006)
Wang, S.-Y., Laih, C.-S.: Merging: an efficient solution for a time-bound hierarchical key assignment scheme. IEEE Transactions on Dependable and Secure Computing 3(1), 91–100 (2006)
Yeh, J.: An RSA-based time-bound hierarchical key assignment scheme for electronic article subscription. In: CIKM 2005. ACM International Conference on Information and Knowledge Management, pp. 285–286. ACM Press, New York (2005)
Yi, X.: Security of Chien’s efficient time-bound hierarchical key assignment scheme. IEEE Transactions of Knowledge and Data Engineering (TKDE) 17(9), 1298–1299 (2005)
Yi, X., Ye, Y.: Security of Tzeng’s time-bound key assignment scheme for access control in a hierarchy. IEEE Transactions on Knowledge and Data Engineering (TKDE) 15(4), 1054–1055 (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Atallah, M.J., Blanton, M., Frikken, K.B. (2007). Incorporating Temporal Capabilities in Existing Key Management Schemes. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)