On replacing cryptographic keys in hierarchical key management systems

Anne V.D.M. Kayem, Selim G. Akl, Patrick Martin
2008 Journal of Computer Security  
Distributed systems, characterized by their ability to ensure the execution of multiple transactions across a myriad of applications, constitute a prime platform for building Web applications. However, Web application interactions raise issues pertaining to security and performance that make manual security management both time-consuming and challenging. This thesis is a testimony to the security and performance enhancements afforded by using the autonomic computing paradigm to design an
more » ... e cryptographic access control framework for dynamic data sharing environments. One of the methods of enforcing cryptographic access control in these environments is to classify users into one of several groups interconnected in the form of a partially ordered set. Each group is assigned a single cryptographic key that is used for encryption/decryption. Access to data is granted only if a user holds the "correct" key, or can derive the required key from the one in their possession. This approach to access control is a good example of one that provides good security but has the drawback of reacting to changes in group membership by replacing keys, and reencrypting the associated data, throughout the entire hierarchy. Data re-encryption is time-consuming, so, rekeying creates delays that impede performance. In order to support our argument in favor of adaptive security, we begin by presenting two cryptographic key management (CKM) schemes in which key updates affect only the class concerned or those in its sub-poset. These extensions enhance performance, but handling scenarios that require adaptability remain a challenge. Our framework addresses this issue by allowing the CKM scheme to monitor the rate at which key updates occur and to adjust resource (keys and encrypted replicas) allocations to handle future changes by anticipation rather than on demand. Therefore, in comparison to quasi-static approaches, the adaptive CKM scheme minimizes the long-term cost of key updates. Finally, since self-protecting CKM requires a lesser degree of physical intervention by a human security administrator, we consider the case of "collusion attacks" and propose two algorithms to detect as well as prevent such attacks. A complexity and security analysis show the theoretical improvements our schemes offer. Each algorithm presented is supported by a proof of concept implementation, and experimental results to show the performance improvements. i Co-Authors 1.
doi:10.3233/jcs-2008-16303 fatcat:3usm2iiw5bevngv6sdhlem5tyq