Paper 2007/245

Incorporating Temporal Capabilities in Existing Key Management Schemes

Mikhail J. Atallah, Marina Blanton, and Keith B. Frikken


The problem of key management in access hierarchies is how to assign keys to users and classes such that each user, after receiving her secret key(s), is able to {\em independently} compute access keys for (and thus obtain access to) the resources at her class and all descendant classes in the hierarchy. If user privileges additionally are time-based (which is likely to be the case for all of the applications listed above), the key(s) a user receives should permit access to the resources only at the appropriate times. This paper present a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is $n$, then the increase of the public storage space at the server due to our solution is only by a small asymptotic factor, e.g., $O(\log^* n \log\log n)$ with a small constant.

Note: Minor corrections

Available format(s)
Publication info
Published elsewhere. Full version of an extended abstract which is to appear at ESORICS 2007.
Access controltime-based key assignmentefficient key derivation
Contact author(s)
mbykova @ cs purdue edu
2007-06-26: revised
2007-06-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mikhail J.  Atallah and Marina Blanton and Keith B.  Frikken},
      title = {Incorporating Temporal Capabilities in Existing Key Management Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2007/245},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.