Jason Crampton (2006) Lazy updates in key assignment schemes for hierarchical access control .
Full text access: Open
Hierarchical access control policies are used to restrict access to objects by users based on their respective security labels. There are many key assignment schemes in the literature for implementing such policies using cryptographic mechanisms. Updating keys in such schemes has always been problematic, not least because many objects may be encrypted with the same key. We propose a number of techniques by which this process can be improved, making use of the idea of lazy key updates, which have been studied in the context of cryptographic file systems. We demonstrate in passing that schemes for lazy key updates can be regarded as simple instances of key assignment schemes. Finally, we illustrate the utility of our techniques by applying them to hierarchical file systems and to temporal access control policies.
This is a Published version This version's date is: 05/12/2006 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/2b1300ab-bf91-86e1-3c70-d30a449c406d/1/
Deposited by () on 13-Jul-2010 in Royal Holloway Research Online.Last modified on 13-Dec-2010
[1] S.G. Akl and P.D. Taylor. Cryptographic solution to a problem of access control ina hierarchy. ACM Transactions on Computer Systems, 1(3):239–248, 1983.
[2] M.J. Atallah, K.B. Frikken, and M. Blanton. Dynamic and efficient key managementfor access hierarchies. In Proceedings of 12th ACM Conference on Computer andCommunications Security, pages 190–202, 2005.
[3] G. Ateniese, A. De Santis, A.L. Ferrara, and B. Masucci. Provably-secure time-boundhierarchical key assignment schemes. Cryptology ePrint Archive, Report 2006/225,2006. http://eprint.iacr.org/2006/225.pdf.
[4] M. Backes, C. Cachin, and A. Oprea. Secure key-updating for lazy revocation. InProceedings of 11th European Symposium on Research in Computer Security, pages327–346, 2006.
[5] D.E. Bell and L. LaPadula. Secure computer systems: Unified exposition and Multicsinterpretation. Technical Report MTR-2997, Mitre Corporation, Bedford, Massachusetts,1976.
[6] E. Bertino, P.A. Bonatti, and E. Ferrari. TRBAC: A temporal role-based accesscontrol model. ACM Transactions on Information and System Security, 4(3):191–233, 2001.
[7] E. Bertino, B. Carminati, and E. Ferrari. A temporal key management scheme forsecure broadcasting of XML documents. In Proceedings of the 8th ACM Conferenceon Computer and Communications Security, pages 31–40, 2002.
[8] T.-S. Chen and J.-Y. Huang. A novel key management scheme for dynamic accesscontrol in a user hierarchy. Applied Mathematics and Computation, 162:339–351,2005.
[9] H.-Y. Chien. Efficient time-bound hierarchical key assignment scheme. IEEE Transactionson Knowledge and Data Engineering, 16(10):1301–1304, 2004.
[10] H.-Y. Chien and J.-K. Jan. New hierarchical assignment without public key cryptography.Computers & Security, 22(6):523–526, 2003.
[11] J. Crampton, K. Martin, and P. Wild. On key assignment for hierarchical accesscontrol. In Proceedings of 19th Computer Security Foundations Workshop, pages98–111, 2006.
[12] K. Fu. Group sharing and random access in cryptographic storage file systems.Master’s thesis, Massachusetts Institute of Technology, 1999. http://prisms.cs.umass.edu/~kevinfu/papers/fu-masters.pdf.
[13] K. Fu, S. Kamara, and T. Kohno. Key regression: Enabling efficient key distributionfor secure distributed storage. Cryptology ePrint Archive, Report 2005/303, 2005.http://eprint.iacr.org/2005/303.pdf.
[14] N.M. Haller. The S/KEY one-time password system. In Proceedings of the 1994Symposium on Network and Distributed System Security, pages 151–157, 1994.
[15] L. Harn and H.Y. Lin. A cryptographic key generation scheme for multilevel datasecurity. Computers and Security, 9(6):539–546, 1990.
[16] C.-L. Hsu and T.-S. Wu. Cryptanalyses and improvements of two cryptographic keyassignment schemes for dynamic access control in a user hierarchy. Computers &Security, 22(5):453–456, 2003.
[17] H.-F. Huang and C.-C. Chang. A new cryptographic key assignment scheme withtime-constraint access control in a hierarchy. Computer Standards & Interfaces,26:159–166, 2004.
[18] J. Katz and M. Yung. Characterization of security notions for probabilistic privatekeyencryption. Journal of Cryptology, 19:67–95, 2006.
[19] C.-H. Lin. Dynamic key management schemes for access control in a hierarchy.Computer Communications, 20:1381–1385, 1997.
[20] C.-H. Lin. Hierarchical key assignment without public key cryptography. Computers& Security, 20(7):612–619, 2001.
[21] OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0, 2005.OASIS Committee Specification (T. Moses, editor): http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
[22] A. De Santis, A.L. Ferrara, and B. Masucci. Cryptographic key assignment schemesfor any access control policy. Information Processing Letters, 92:199–2005, 2004.
[23] W.-G. Tzeng. A time-bound cryptographic key assignment scheme for access controlin a hierarchy. IEEE Transactions on Knowledge and Data Engineering, 14(1):182–188, 2002.
[24] X. Yi. Security of chien’s efficient time-bound hierarchical key assignment scheme.IEEE Transactions on Knowledge and Data Engineering, 17(9):1298–1299, 2005.
[25] X. Yi and Y. Ye. Security of Tzeng’s time-bound key assignment scheme for accesscontrol in a hierarchy. IEEE Transactions on Knowledge and Data Engineering,15(4):1054–1055, 2003.
[26] Y. Zheng, T. Hardjono, and J. Seberry. New solutions to the problem of accesscontrol in a hierarchy. Technical Report 93-2, Department of Computer Science,University of Wollongong, 1993.
[27] S. Zhong. A practical key management scheme for access control in a user hierarchy.Computers & Security, 21(8):750–759, 2002.