Avoiding Key Redistribution in Key Assignment Schemes

  • Harry Rowe
  • Jason Crampton
Part of the Communications in Computer and Information Science book series (CCIS, volume 1)


A key assignment scheme is a model for enforcing an information flow policy using cryptographic techniques. Such schemes have been widely studied in recent years. Each security label is associated with a symmetric encryption key: data objects are encrypted and authorised users are supplied with the appropriate key(s). However, updates to encryption keys pose a significant problem, as the new keys have to be issued to all authorised users. In this paper, we propose three generic approaches to key assignment schemes that remove the problem of key redistribution following key updates. We analyse the overheads incurred by these approaches and conclude that these overheads are negligible in practical applications.


key assignment schemes key redistribution hierarchical access control 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Fu, K., Kamara, S., Kohno, Y.: Key regression: Enabling efficient key distribution for secure distributed storage. In: Proceedings of the Network and Distributed System Security (NDSS 2006) (2006)Google Scholar
  2. 2.
    Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)Google Scholar
  3. 3.
    Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Davey, B., Priestley, H.: Introduction to Lattices and Order. Cambridge University Press, Cambridge, United Kingdom (1990)zbMATHGoogle Scholar
  5. 5.
    Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of 12th ACM Conference on Computer and Communications Security, pp. 190–202. ACM Press, New York (2005)CrossRefGoogle Scholar
  6. 6.
    US Department of Defense: Trusted computer system evaluation criteria. Technical Report 5200.28-STD, DoD (1985)Google Scholar
  7. 7.
    Atallah, M.J., Blanton, M., Frikken, K.B.: Key management for non-tree access hierarchies. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 11–18. ACM Press, New York (2006)Google Scholar
  8. 8.
    Backes, M., Cachin, C., Oprea, A.: Secure key-updating for lazy revocation. In: Proceedings of 11th European Symposium on Research in Computer Security, pp. 327–346 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Harry Rowe
    • 1
  • Jason Crampton
    • 1
  1. 1.Royal HollowayUniversity of LondonLondon

Personalised recommendations