Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage

Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage (2006)

Cached

Download Links

[eprint.iacr.org]
[www.isoc.org]

Other Repositories/Bibliography

DBLP

by Kevin Fu , Seny Kamara , Tadayoshi Kohno

Venue:	in Proc. Network and Distributed Systems Security Symposium (NDSS
Citations:	15 - 2 self

BibTeX

@INPROCEEDINGS{Fu06keyregression:,
    author = {Kevin Fu and Seny Kamara and Tadayoshi Kohno},
    title = {Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage},
    booktitle = {in Proc. Network and Distributed Systems Security Symposium (NDSS},
    year = {2006}
}

Bookmark

OpenURL

Abstract

The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation schemes cannot generically be used to key other cryptographic objects; in fact, keying an encryption scheme with the output of a key rotation scheme can yield a composite system that is insecure. To address these shortcomings, we introduce a new cryptographic object called a key regression scheme, and we propose three constructions that are provably secure under standard cryptographic assumptions. We implement key regression in a secure file system and empirically show that key regression can significantly reduce the bandwidth requirements of a content publisher under realistic workloads using lazy revocation. Our experiments also serve as the first empirical evaluation of either a key rotation or key

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
2292	New directions in cryptography - Diffie, Hellmen - 1976
1130	Random oracles are practical: A paradigm for designing efficient protocols - Bellare, Rogaway - 1993
1001	Probabilistic encryption - Goldwasser, Micali - 1984
808	The design and implementation of a log-structured file system - Rosenblum, Ousterhout - 1991
642	Incentives build robustness in BitTorrent - Cohen - 2003
533	How to generate cryptographically strong sequences of pseudorandom bits - Blum, Micali - 1984
453	Theory and applications of trapdoor functions - Yao - 1982
351	Dummynet: A Simple Approach to the Evaluation of Network Protocols - Rizzo - 1997
307	Password authentication with insecure communication - Lamport
296	A Concrete Security Treatment of Symmetric Encryption - Bellare, Desai, et al. - 1997
244	How to construct pseudorandom permutations from pseudorandom functions - Luby, Rackoff - 1988
242	Democratizing content publication with Coral - Freedman, Freudenthal, et al. - 2004
204	M.: Broadcast encryption - Fiat, Naor - 1994
172	The S/KEY One-Time Password System - Haller - 1994
163	The security of the cipher block chaining message authentication code - Bellare, Kilian, et al.
161	Fast and secure distributed read-only file system - Fu, Kaashoek, et al. - 2002
155	Practical techniques for searches on encrypted data - Song, Wagner, et al. - 2000
135	Revocation and tracing schemes for stateless receivers - Naor, Naor, et al. - 2001
128	Public key encryption with keyword search - Boneh, Crescenzo, et al. - 2004
123	H.: Finding collisions in the full SHA-1 - Wang, Yin, et al. - 2005
93	Plutus: Scalable secure file sharing on untrusted storage - Kallahalla, Riedel, et al.
78	Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 - Shoup - 2004
77	Collusion resistant broadcast encryption with short ciphertexts and private keys - Boneh, Gentry, et al. - 2005
75	Cryptographic solution to a problem of access control in a hierarchy - Akl, Taylor - 1983
75	Controlling access to published data using cryptography - Miklau, Suciu - 2003
73	Multicollisions in Iterated Hash Functions: Application to Cascaded Constructions - Joux
66	Netpipe: A network protocol independent performace evaluator - Snell, Mikler, et al. - 1996
51	Merkle-Damgård Revisited: How to Construct a Hash Function - Coron, Dodis, et al. - 2005
50	Building an encrypted and searchable audit log - Waters, Balfanz, et al. - 2004
48	Searchable encryption revisited: Consistency properties, relation to anonymous ibe, and extensions - Abdalla, Bellare, et al.
47	Group sharing and random access in cryptographic storage file systems - Fu - 1999
38	Swallow: a distributed data storage system for a local network - Reed, Svobodova - 1980
32	Selfhealing key distribution with revocation - Staddon, Miner, et al.
30	Secure indexes. Cryptology ePrint Archive - Goh - 2003
28	N.: Public key broadcast encryption for stateless receivers - Dodis, Fazio
28	Secure conjunctive keyword search over encrypted data - Golle, Staddon, et al. - 2004
22	Secure key-updating for lazy revocation - BACKES, CACHIN, et al. - 2006
16	Cryptographic Access Control in a Distributed File System - Harrington, Jensen - 2003
16	T.: Herding Hash Functions and the Nostradamus Attack - Kelsey, Kohno - 2006
14	Forward security in private key cryptography - Bellare, Yee - 2003
13	public-key cryptosystems - Fair - 1993
10	Cryptographic sealing for information secrecy and authentication - Gifford - 1982
9	Lazy Revocation in Cryptographic File Systems - Backes, Cachin, et al. - 2005
9	Integrity and Access Control in Untrusted Content Distribution Networks - Fu - 2005
8	Public key broadcast encryption secure against adaptive chosen ciphertext attack - Dodis, Fazio
8	Toward securing untrusted storage without public-key operations - Naor, Shenhav, et al. - 2005
7	Increasing the lifetime of a key: A comparitive analysis of the security of rekeying techniques - Abdalla, Bellare - 2000
5	The game-playing technique. Cryptology ePrint Archive: Report 2004/331 - Bellare, Rogaway - 2004
4	New Key Generation Algorithms for Multilevel Security - MacKinnon, Akl - 1983