Abstract
We focus on the problem of symmetric key distribution for securing shared resources among large groups of users in distributed applications like cloud storage, shared databases, and collaborative editing, among others. In such applications, resources such as data, are sensitive in nature and it is necessary that only authorized users are allowed access without the presence of on-line monitoring system. The de-facto approach is to encrypt a shared resource and deploy a key distribution mechanism, which enables only authorized users to generate the respective decryption key for the resource. The key distribution approach has two major challenges: first, the applications are dynamic i.e., users might join and leave arbitrarily, and second, for a large number of users, it is required that the cryptographic technique be scalable and efficient. In this work, we describe an approach that overcomes these challenges by using two key techniques: first, flattening the access structure and applying efficient symmetric key distribution techniques. By flattening the access structure, we reduce the problem to that of key distribution of a resource among all the users sharing that resource. We consider this smaller flattened access structure and devise a unified key distribution technique that is sufficient for key distribution across all such structures. Our key distribution techniques have an important feature of a public secret and a private secret, which allows the group controller to publish updates to the keying material using the public secret and therefore, does not necessitate the users to be in constant communication with the group controller. Using this model we describe two efficient key distribution techniques that scale logarithmically with the group size and also handle group additions and removals. Furthermore, a user can be off-line for any amount of time and need not be aware of the dynamics of the system, which is important as it overcomes the problems posed by lossy channels. We have performed an experimental evaluation of our scheme against a popular existing scheme and show that they perform better for this scheme with the same security guarantees. As our approaches are easy to implement they are especially suitable for practical applications where security is viewed as an overhead rather than as a necessity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akl, S.G., Taylor, P.D.: Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3), 239–248 (1983)
Atallah, M.J., Blanton, M., Frikken, K.B.: Key management for non-tree access hierarchies. In: Proceedings of ACM SACMAT, pp. 11–18 (2006)
Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of ACM CCS, pp. 190–202 (2005)
Castiglione, A., Santis, A.D., Masucci, B., Palmieri, F., Huang, X., Castiglione, A.: Supporting dynamic updates in storage clouds with the AKL–Taylor scheme. Inf. Sci. 387, 56–74 (2017)
Chang, C.C., Buehrer, D.J.: Access control in a hierarchy using a one-way trap door function. Comput. Math. Appl. 26(5), 71–76 (1993)
Chen, T.S., Chen, H.J.: How-Rernlina: a novel access control scheme based on discrete logarithms and polynomial interpolation. J. Ya-Deh Univ. 8(1), 49–56 (1999)
Chu, C.K., Chow, S.S., Tzeng, W.G., Zhou, J., Deng, R.H.: Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(2), 468–477 (2014)
Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms, 2nd edn. McGraw Hill, New York (2001)
Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of the 19th IEEE workshop on Computer Security Foundations, pp. 98–111 (2006)
Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. Electron. Notes Theor. Comput. Sci. 168, 127–142 (2007)
Das, M., Saxena, A., Gulati, V., Pathak, D.: Hierarchical key management schemes using polynomial interpolation. SIGOPS Oper. Syst. Rev. 39(1), 40–47 (2005)
Gouda, M.G., Kulkarni, S.S., Elmallah, E.S.: Logarithmic keying of communication networks. In: Datta, A.K., Gradinariu, M. (eds.) SSS 2006. LNCS, vol. 4280, pp. 314–323. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-540-49823-0_22
Hacigümüs, H., Mehrotra, S., Iyer, B.R.: Providing database as a service. In: ICDE, pp. 29–38 (2002)
Jend, F.G., Wang, C.M.: A practical and dynamic key management for a user hierarchy. J. Zhejiang Univ. Sci. A 7(3), 296–301 (2006)
Liaw, H., Wang, S., Lei, C.: A dynamic cryptographic key assignment scheme in a tree structure. Comput. Math. Appl. 25(6), 109–114 (1993)
Lin, C.H., Lee, W., Ho, Y.K.: An efficient hierarchical key management scheme using symmetric encryptions. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), vol. 2, pp. 399–402 (2005)
MacKinnon, S.J., Taylor, P.D., Meijer, H., Akl, S.G.: An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Trans. Comput. 34(9), 797–802 (1985)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_3
Ray, I., Ray, I., Narasimhamurthi, N.: A cryptographic solution to implement access control in a hierarchy and more. In: Proceedings of ACM SACMAT, pp. 65–73 (2002)
Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)
Santis, A.D., Ferrara, A.L., Masucci, B.: Cryptographic key assignment schemes for any access control policy. Inf. Process. Lett. 92(4), 199–205 (2004)
Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)
Tang, S., Li, X., Huang, X., Xiang, Y., Xu, L.: Achieving simple, secure and efficient hierarchical access control in cloud computing. IEEE Trans. Comput. 65(7), 2325–2331 (2016)
di Vimercati, S.D.C., Samarati, P.: Data privacy problems and solutions. In: Proceedings of the Third International Conference on Information Systems Security (ICISS), pp. 180–192 (2007)
Waldvogel, M., Caronni, G., Sun, D., Weiler, N., Plattner, B.: The versakey framework: versatile group key management. IEEE JSAC 17, 1614–1631 (1999)
Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8, 16–30 (2000)
Yang, C., Li, C.: Access control in a hierarchy using one-way functions. Elseveir Comput. Secur. 23, 659–664 (2004)
Zou, Z., Karandikar, Y., Bertino, E.: A dynamic key managment solution to acces hierarchy. Int. J. Netw. Manag. 17, 437–450 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Bezawada, B., Kothapalli, K., Raman, D., Li, R. (2017). Symmetric Key Based Secure Resource Sharing. In: Thampi, S., MartÃnez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_15
Download citation
DOI: https://doi.org/10.1007/978-981-10-6898-0_15
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6897-3
Online ISBN: 978-981-10-6898-0
eBook Packages: Computer ScienceComputer Science (R0)