Cryptology ePrint Archive: Report 2007/245

Incorporating Temporal Capabilities in Existing Key Management Schemes

Mikhail J. Atallah and Marina Blanton and Keith B. Frikken

Abstract: The problem of key management in access hierarchies is how to assign keys to users and classes such that each user, after receiving her secret key(s), is able to {\em independently} compute access keys for (and thus obtain access to) the resources at her class and all descendant classes in the hierarchy. If user privileges additionally are time-based (which is likely to be the case for all of the applications listed above), the key(s) a user receives should permit access to the resources only at the appropriate times. This paper present a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is $n$, then the increase of the public storage space at the server due to our solution is only by a small asymptotic factor, e.g., $O(\log^* n \log\log n)$ with a small constant.

Category / Keywords: applications / Access control, time-based key assignment, efficient key derivation

Publication Info: Full version of an extended abstract which is to appear at ESORICS 2007.

Date: received 19 Jun 2007, last revised 26 Jun 2007

Contact author: mbykova at cs purdue edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Minor corrections

Version: 20070626:234519 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]