TY - GEN
T1 - Incorporating temporal capabilities in existing key management schemes
AU - Atallah, Mikhail J.
AU - Blanton, Marina
AU - Frikken, Keith B.
PY - 2007
Y1 - 2007
N2 - The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical structure. If user privileges additionally are time-based, the key(s) a user receives should permit access to the resources only at the appropriate times. This paper presents a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is n, then the server needs to maintain public storage larger than n by only a small asymptotic factor, e.g., O(log* n log log n) with a small constant.
AB - The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical structure. If user privileges additionally are time-based, the key(s) a user receives should permit access to the resources only at the appropriate times. This paper presents a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is n, then the server needs to maintain public storage larger than n by only a small asymptotic factor, e.g., O(log* n log log n) with a small constant.
UR - https://www.scopus.com/pages/publications/38049016958
U2 - 10.1007/978-3-540-74835-9_34
DO - 10.1007/978-3-540-74835-9_34
M3 - Conference contribution
AN - SCOPUS:38049016958
SN - 9783540748342
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 515
EP - 530
BT - Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings
PB - Springer Verlag
T2 - 12th European Symposium on Research in Computer Security, ESORICS 2007
Y2 - 24 September 2007 through 26 September 2007
ER -