Results 1 - 10
of
18
Dynamic and efficient key management for access hierarchies
, 2009
"... Hierarchies arise in the context of access control whenever the user population can be modeled as a set of partially ordered classes (represented as a directed graph). A user with access privileges for a class obtains access to objects stored at that class and all descendant classes in the hierarchy ..."
Abstract
-
Cited by 125 (7 self)
- Add to MetaCart
Hierarchies arise in the context of access control whenever the user population can be modeled as a set of partially ordered classes (represented as a directed graph). A user with access privileges for a class obtains access to objects stored at that class and all descendant classes in the hierarchy. The problem of key management for such hierarchies then consists of assigning a key to each class in the hierarchy so that keys for descendant classes can be obtained via efficient key derivation. We propose a solution to this problem with the following properties: (1) the space complexity of the public information is the same as that of storing the hierarchy; (2) the private information at a class consists of a single key associated with that class; (3) updates (i.e., revocations and additions) are handled locally in the hierarchy; (4) the scheme is provably secure against collusion; and (5) each node can derive the key of any of its descendant with a number of symmetric-key operations bounded by the length of the path between the nodes. Whereas many previous schemes had some of these properties, ours is the first that satisfies all of them. The security of our scheme is based on pseudorandom functions, without reliance on the Random Oracle Model.
A Novel Key Management Scheme for Dynamic Access Control in a Hierarchy
, 2010
"... Shen and Chen proposed a novel key management scheme for dynamic access control in a hierarchy. In this article, the authors shall present an improved version of Shen and Chen’s scheme to reduce the computational time required for key generation and derivation. ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
(Show Context)
Shen and Chen proposed a novel key management scheme for dynamic access control in a hierarchy. In this article, the authors shall present an improved version of Shen and Chen’s scheme to reduce the computational time required for key generation and derivation.
Versatile key management for secure cloud storage,” Submitted at EuroSys
, 2012
"... Abstract Storing data on cloud-based infrastructures facilitates infinite scalability and all-time availability. Putting data in the cloud additionally offers a convenient way to share any information with user-defined third-parties. However, storing data on the infrastructure of commercial third p ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract Storing data on cloud-based infrastructures facilitates infinite scalability and all-time availability. Putting data in the cloud additionally offers a convenient way to share any information with user-defined third-parties. However, storing data on the infrastructure of commercial third party providers, demands trust and confidence. Often simple approaches, like merely encrypting the data by providing encryption keys, which at most consist of a shared secret supporting rudimentary data sharing, do not support evolving sets of accessing clients to common data. Based on wellestablished approaches regarding stream-encryption, we propose an adaption for enabling scalable and flexible key management within heterogeneous environments like cloud scenarios. Representing access-rights as a graph, we distinguish between the keys used for encrypting hierarchical data and the encrypted updates on the keys enabling flexible join-/leave-operations of clients. This distinction allows us to utilize the high availability of the cloud as updating mechanism without harming any confidentiality. Our graph-based key management results in a constant adaption of nodes related to the changed key. The updates on the keys generate a constant overhead related to the number of those updated nodes. The proposed scalable approach utilizes cloud-based infrastructures for confidential data and key sharing in collaborative workflows supporting variable client-sets.
Abstract Efficient group key management for multi-privileged groups
, 2007
"... Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MAN-ETs), the traditional Internet has been int ..."
Abstract
- Add to MetaCart
(Show Context)
Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MAN-ETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.
Key Aggregate Cryptosystem with Identity Based Encryption for Data Sharing in Cloud Storage
"... Using Cloud Storage, users can remotely store and can share their data and enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. Data sharing is one of the important functionality i ..."
Abstract
- Add to MetaCart
(Show Context)
Using Cloud Storage, users can remotely store and can share their data and enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. Data sharing is one of the important functionality in cloud storage. We show how to securely, efficiently, and flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts where one can aggregate any set of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in a smart card with very limited secure storage.
Flexible Secure Cloud Storage
"... Our life without Internet-based services is hard to imagine: We search for informa-tion with Google, share thoughts on Facebook, buy at Amazon and store our pictures on Flickr. Many of these Internet-based services focus on easy exchange of information, providing comfortable and ubiquitous storage a ..."
Abstract
- Add to MetaCart
(Show Context)
Our life without Internet-based services is hard to imagine: We search for informa-tion with Google, share thoughts on Facebook, buy at Amazon and store our pictures on Flickr. Many of these Internet-based services focus on easy exchange of information, providing comfortable and ubiquitous storage and sharing. Relieved from hardware pur-chases, software bug fixes and infrastructure maintenance, users as well as companies use these cloud-based stores either for free or at low-cost. The price is the implicit grant of full access to all their sensitive data. The stored data naturally represents a huge pool of easily accessible and alluring information for cloud providers. Customer questions like “Who accesses my informa-tion? ” (representing the aspect of confidentiality), “Who altered my data? ” (requiring accountability), “Is my data still intact? ” (focusing on integrity) or “What happens if the cloud is unavailable? ” can rarely be answered in an obligingly and honest way. An-swering these questions is challenging since security measures seldom cover all security aims at once. Furthermore, the cloud is used with all kinds of data, wishing their unique
KCSC Key Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage
"... Abstract—Data sharing is an important functionality in cloud storage. In this article, we show how to securely, efficiently, and flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts such that efficient delegation of decryp ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Data sharing is an important functionality in cloud storage. In this article, we show how to securely, efficiently, and flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts such that efficient delegation of decryption rights for any set of ciphertexts are possible. The novelty is that one can aggregate any set of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also describe other application of our schemes. In particular, our schemes give the first public-key patient-controlled encryption for flexible hierarchy, which was yet to be known.
