Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: The Third IEEE International Symposium on Security in Networks and Distributed Systems
Article type: Research Article
Authors: Kayem, Anne V.D.M.; * | Akl, Selim G. | Martin, Patrick
Affiliations: School of Computing, Queen's University, Kingston, ON, K7L 3N6 Canada. E-mails: [email protected], [email protected], [email protected]
Correspondence: [*] Corresponding author.
Abstract: Shared data access maximizes resource utilization on the Internet but raises the issue of data security. We consider a method of shared data access control whereby the data is sub-divided into categories and each encrypted with a unique cryptographic key that is distributed to the user group requiring access. Key management can be simplified by classifying every user into exactly one of a number of disjoint groups that are partially ordered such that lower level keys are mathematically derivable from higher level keys, but not the reverse. The drawback in this approach is that changes in group membership imply updating both the affected group key and those that are derivable from it. Moreover, the data encrypted with the affected keys must be re-encrypted with the new keys to preserve data security. In the worst case, when the affected group is at the highest level of the hierarchy, the entire hierarchy is affected. This paper presents an algorithm that minimizes the cost of key replacement (rekeying) by associating a timestamp to each key. The timestamp and key are used to compute a verification signature that is used to authenticate users before data access is granted. Thus, whenever group membership changes, instead of rekeying and re-encrypting the affected data, only the timestamp is updated and a new verification signature computed. The new scheme is analyzed using both a time complexity and experimental analysis.
Keywords: Cryptography, access control, data sharing, group communication, authentication
DOI: 10.3233/JCS-2008-16303
Journal: Journal of Computer Security, vol. 16, no. 3, pp. 289-309, 2008
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]