Time-Storage Trade-Offs for Cryptographically-Enforced Access Control

  • Jason Crampton
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)


Certain classes of authorization policies can be represented as a directed graph and enforced using cryptographic techniques. Such techniques typically rely on the authorized user deriving a suitable decryption key using a secret value and public information. Hence, it is important to find enforcement schemes for which little public information is required and key derivation is efficient. These parameters are related to the number of edges and the distance between nodes in the graph associated with the authorization policy. In this paper we consider ways in which two particular types of authorization graph can be rewritten so that the number of edges and the greatest distance between any two nodes are reduced, thereby providing the basis for more efficient cryptographic enforcement.


Access Control Leaf Node Hasse Diagram Authorization Policy Median Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akl, S., Taylor, P.: Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems 1(3), 239–248 (1983)CrossRefGoogle Scholar
  2. 2.
    Atallah, M., Blanton, M., Fazio, N., Frikken, K.: Dynamic and efficient key management for access hierarchies. ACM Transactions on Information and System Security 12(3), 1–43 (2009)CrossRefGoogle Scholar
  3. 3.
    Atallah, M., Blanton, M., Frikken, K.: Key management for non-tree access hierarchies. In: Proceedings of 11th ACM Symposium on Access Control Models and Technologies, pp. 11–18 (2006)Google Scholar
  4. 4.
    Atallah, M., Blanton, M., Frikken, K.: Efficient techniques for realizing geo-spatial access control. In: Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security, pp. 82–92 (2007)Google Scholar
  5. 5.
    Atallah, M., Blanton, M., Frikken, K.: Incorporating temporal capabilities in existing key management schemes. In: Proceedings of the 12th European Symposium on Research in Computer Security, pp. 515–530 (2007)Google Scholar
  6. 6.
    Ateniese, G., De Santis, A., Ferrara, A., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. Cryptology ePrint Archive, Report 2006/225 (2006),
  7. 7.
    Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for secure broadcasting of XML documents. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 31–40 (2002)Google Scholar
  8. 8.
    Bodlaender, H., Tel, G., Santoro, N.: Trade-offs in non-reversing diameter. Nordic Journal of Computing 1(1), 111–134 (1994)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Christopoulos, C., Skodras, A., Ebrahimi, T.: The JPEG2000 still image coding system: An overview. IEEE Transactions on Consumer Electronics 46(4), 1103–1127 (2000)CrossRefGoogle Scholar
  10. 10.
    Crampton, J.: Practical constructions for the efficient cryptographic enforcement of interval-based access control policies. To appear in ACM Transactions on Information and System Security (2011),
  11. 11.
    Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)Google Scholar
  12. 12.
    Davey, B., Priestley, H.: Introduction to Lattices and Order, 2nd edn. Cambridge University Press, Cambridge (2002)CrossRefzbMATHGoogle Scholar
  13. 13.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems 35(2) (2010)Google Scholar
  14. 14.
    De Santis, A., Ferrara, A., Masucci, B.: New constructions for provably-secure time-bound hierarchical key assignment schemes. Theoretical Computer Science 407(1-3), 213–230 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Dushnik, B., Miller, E.: Partially ordered sets. American Journal of Mathematics 63, 600–610 (1941)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Li, W.: Overview of fine granularity scalability in MPEG-4 video standard. IEEE Transactions on Circuits and Systems for Video Technology 11(3), 301–317 (2001)CrossRefGoogle Scholar
  18. 18.
    Thorup, M.: Shortcutting planar digraphs. Combinatorics, Probability & Computing 4, 287–315 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Yao, A.C.: Space-time tradeoff for answering range queries (extended abstract). In: Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, pp. 128–136 (1982)Google Scholar
  20. 20.
    Zhu, B., Feng, S., Li, S.: An efficient key scheme for layered access control of MPEG-4 FGS video. In: Proceedings of the 2004 IEEE International Conference on Multimedia and Expo., vol. 1, pp. 443–446 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jason Crampton
    • 1
  1. 1.Royal HollowayUniversity of LondonUK

Personalised recommendations