International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Incorporating Temporal Capabilities in Existing Key Management Schemes

Mikhail J. Atallah
Marina Blanton
Keith B. Frikken
Search ePrint
Search Google
Abstract: The problem of key management in access hierarchies is how to assign keys to users and classes such that each user, after receiving her secret key(s), is able to {\em independently} compute access keys for (and thus obtain access to) the resources at her class and all descendant classes in the hierarchy. If user privileges additionally are time-based (which is likely to be the case for all of the applications listed above), the key(s) a user receives should permit access to the resources only at the appropriate times. This paper present a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is $n$, then the increase of the public storage space at the server due to our solution is only by a small asymptotic factor, e.g., $O(\log^* n \log\log n)$ with a small constant.
  title={Incorporating Temporal Capabilities in Existing Key Management Schemes},
  booktitle={IACR Eprint archive},
  keywords={applications / Access control, time-based key assignment, efficient key derivation},
  note={Full version of an extended abstract which is to appear at ESORICS 2007. 13690 received 19 Jun 2007, last revised 26 Jun 2007},
  author={Mikhail J. Atallah and Marina Blanton and Keith B. Frikken},