Abstract
A key assignment scheme is a model for enforcing an information flow policy using cryptographic techniques. Such schemes have been widely studied in recent years. Each security label is associated with a symmetric encryption key: data objects are encrypted and authorised users are supplied with the appropriate key(s). However, updates to encryption keys pose a significant problem, as the new keys have to be issued to all authorised users. In this paper, we propose three generic approaches to key assignment schemes that remove the problem of key redistribution following key updates. We analyse the overheads incurred by these approaches and conclude that these overheads are negligible in practical applications.
The research of Harry Rowe is supported by Microsoft Research through its PhD Scholarship programme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Fu, K., Kamara, S., Kohno, Y.: Key regression: Enabling efficient key distribution for secure distributed storage. In: Proceedings of the Network and Distributed System Security (NDSS 2006) (2006)
Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)
Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)
Davey, B., Priestley, H.: Introduction to Lattices and Order. Cambridge University Press, Cambridge, United Kingdom (1990)
Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of 12th ACM Conference on Computer and Communications Security, pp. 190–202. ACM Press, New York (2005)
US Department of Defense: Trusted computer system evaluation criteria. Technical Report 5200.28-STD, DoD (1985)
Atallah, M.J., Blanton, M., Frikken, K.B.: Key management for non-tree access hierarchies. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 11–18. ACM Press, New York (2006)
Backes, M., Cachin, C., Oprea, A.: Secure key-updating for lazy revocation. In: Proceedings of 11th European Symposium on Research in Computer Security, pp. 327–346 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rowe, H., Crampton, J. (2007). Avoiding Key Redistribution in Key Assignment Schemes. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)