Symmetric Key Based Secure Resource Sharing

  • Bruhadeshwar BezawadaEmail author
  • Kishore Kothapalli
  • Dugyala Raman
  • Rui Li
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 746)


We focus on the problem of symmetric key distribution for securing shared resources among large groups of users in distributed applications like cloud storage, shared databases, and collaborative editing, among others. In such applications, resources such as data, are sensitive in nature and it is necessary that only authorized users are allowed access without the presence of on-line monitoring system. The de-facto approach is to encrypt a shared resource and deploy a key distribution mechanism, which enables only authorized users to generate the respective decryption key for the resource. The key distribution approach has two major challenges: first, the applications are dynamic i.e., users might join and leave arbitrarily, and second, for a large number of users, it is required that the cryptographic technique be scalable and efficient. In this work, we describe an approach that overcomes these challenges by using two key techniques: first, flattening the access structure and applying efficient symmetric key distribution techniques. By flattening the access structure, we reduce the problem to that of key distribution of a resource among all the users sharing that resource. We consider this smaller flattened access structure and devise a unified key distribution technique that is sufficient for key distribution across all such structures. Our key distribution techniques have an important feature of a public secret and a private secret, which allows the group controller to publish updates to the keying material using the public secret and therefore, does not necessitate the users to be in constant communication with the group controller. Using this model we describe two efficient key distribution techniques that scale logarithmically with the group size and also handle group additions and removals. Furthermore, a user can be off-line for any amount of time and need not be aware of the dynamics of the system, which is important as it overcomes the problems posed by lossy channels. We have performed an experimental evaluation of our scheme against a popular existing scheme and show that they perform better for this scheme with the same security guarantees. As our approaches are easy to implement they are especially suitable for practical applications where security is viewed as an overhead rather than as a necessity.


  1. 1.
    Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)CrossRefGoogle Scholar
  2. 2.
    Atallah, M.J., Blanton, M., Frikken, K.B.: Key management for non-tree access hierarchies. In: Proceedings of ACM SACMAT, pp. 11–18 (2006)Google Scholar
  3. 3.
    Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of ACM CCS, pp. 190–202 (2005)Google Scholar
  4. 4.
    Castiglione, A., Santis, A.D., Masucci, B., Palmieri, F., Huang, X., Castiglione, A.: Supporting dynamic updates in storage clouds with the AKL–Taylor scheme. Inf. Sci. 387, 56–74 (2017)CrossRefGoogle Scholar
  5. 5.
    Chang, C.C., Buehrer, D.J.: Access control in a hierarchy using a one-way trap door function. Comput. Math. Appl. 26(5), 71–76 (1993)CrossRefzbMATHGoogle Scholar
  6. 6.
    Chen, T.S., Chen, H.J.: How-Rernlina: a novel access control scheme based on discrete logarithms and polynomial interpolation. J. Ya-Deh Univ. 8(1), 49–56 (1999)Google Scholar
  7. 7.
    Chu, C.K., Chow, S.S., Tzeng, W.G., Zhou, J., Deng, R.H.: Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(2), 468–477 (2014)CrossRefGoogle Scholar
  8. 8.
    Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms, 2nd edn. McGraw Hill, New York (2001)zbMATHGoogle Scholar
  9. 9.
    Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of the 19th IEEE workshop on Computer Security Foundations, pp. 98–111 (2006)Google Scholar
  10. 10.
    Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. Electron. Notes Theor. Comput. Sci. 168, 127–142 (2007)CrossRefGoogle Scholar
  11. 11.
    Das, M., Saxena, A., Gulati, V., Pathak, D.: Hierarchical key management schemes using polynomial interpolation. SIGOPS Oper. Syst. Rev. 39(1), 40–47 (2005)CrossRefGoogle Scholar
  12. 12.
    Gouda, M.G., Kulkarni, S.S., Elmallah, E.S.: Logarithmic keying of communication networks. In: Datta, A.K., Gradinariu, M. (eds.) SSS 2006. LNCS, vol. 4280, pp. 314–323. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  13. 13.
    Hacigümüs, H., Mehrotra, S., Iyer, B.R.: Providing database as a service. In: ICDE, pp. 29–38 (2002)Google Scholar
  14. 14.
    Jend, F.G., Wang, C.M.: A practical and dynamic key management for a user hierarchy. J. Zhejiang Univ. Sci. A 7(3), 296–301 (2006)CrossRefGoogle Scholar
  15. 15.
    Liaw, H., Wang, S., Lei, C.: A dynamic cryptographic key assignment scheme in a tree structure. Comput. Math. Appl. 25(6), 109–114 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Lin, C.H., Lee, W., Ho, Y.K.: An efficient hierarchical key management scheme using symmetric encryptions. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), vol. 2, pp. 399–402 (2005)Google Scholar
  17. 17.
    MacKinnon, S.J., Taylor, P.D., Meijer, H., Akl, S.G.: An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Trans. Comput. 34(9), 797–802 (1985)CrossRefGoogle Scholar
  18. 18.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  19. 19.
    Ray, I., Ray, I., Narasimhamurthi, N.: A cryptographic solution to implement access control in a hierarchy and more. In: Proceedings of ACM SACMAT, pp. 65–73 (2002)Google Scholar
  20. 20.
    Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)CrossRefGoogle Scholar
  21. 21.
    Santis, A.D., Ferrara, A.L., Masucci, B.: Cryptographic key assignment schemes for any access control policy. Inf. Process. Lett. 92(4), 199–205 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  22. 22.
    Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Tang, S., Li, X., Huang, X., Xiang, Y., Xu, L.: Achieving simple, secure and efficient hierarchical access control in cloud computing. IEEE Trans. Comput. 65(7), 2325–2331 (2016)CrossRefzbMATHMathSciNetGoogle Scholar
  24. 24.
    di Vimercati, S.D.C., Samarati, P.: Data privacy problems and solutions. In: Proceedings of the Third International Conference on Information Systems Security (ICISS), pp. 180–192 (2007)Google Scholar
  25. 25.
    Waldvogel, M., Caronni, G., Sun, D., Weiler, N., Plattner, B.: The versakey framework: versatile group key management. IEEE JSAC 17, 1614–1631 (1999)Google Scholar
  26. 26.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8, 16–30 (2000)CrossRefGoogle Scholar
  27. 27.
    Yang, C., Li, C.: Access control in a hierarchy using one-way functions. Elseveir Comput. Secur. 23, 659–664 (2004)CrossRefGoogle Scholar
  28. 28.
    Zou, Z., Karandikar, Y., Bertino, E.: A dynamic key managment solution to acces hierarchy. Int. J. Netw. Manag. 17, 437–450 (2007)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  • Bruhadeshwar Bezawada
    • 1
    Email author
  • Kishore Kothapalli
    • 2
  • Dugyala Raman
    • 3
  • Rui Li
    • 4
  1. 1.Mahindra Ecole CentraleHyderabadIndia
  2. 2.International Institute of Information TechnologyHyderabadIndia
  3. 3.Vardhaman College of EngineeringHyderabadIndia
  4. 4.College of Computer Science and Networking SecurityDongguan University of Technology of Science and TechnologyDongguanChina

Personalised recommendations