Comprehensive evaluation of key management hierarchies for outsourced data

Key management is an essential component of a cryptographic access control system with a large number of resources. It manages the secret keys assigned to the system entities in such a way that only authorized users can access a resource. Read access control allows read access of a resource by the authorized users and disallows others. An important objective of a key management is to reduce the secret key storage with each authorized user. To this end, there exist two prominent types of key management hierarchy with single key storage per user used for read access control in data outsourcing scenario: user-based and resource-based. In this work, we analyze the two types of hierarchy with respect to static hierarchy characteristics and dynamic operations such as adding or revoking user authorization. Our analysis shows that the resource-based hierarchies can be a better candidate which is not given equal emphasis in the literature. A new heuristic for minimizing the key management hierarchy is introduced that makes it practical in use even for a large number of users and resources. The performance evaluation of dynamic operations such as adding or revoking a user’s read subscription is shown experimentally to support our analytical results.

[1]  Hani Ragab Hassen,et al.  A key management scheme evaluation using Markov processes , 2016, International Journal of Information Security.

[2]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[3]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[4]  Anish Mathuria,et al.  Comparing the Efficiency of Key Management Hierarchies for Access Control in Cloud , 2015, SSCC.

[5]  Peter C. Fishburn,et al.  Partial orders of dimension 2 , 1972, Networks.

[6]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[7]  Ondrej Suchý On Directed Steiner Trees with Multiple Roots , 2016, WG.

[8]  Sabrina De Capitani di Vimercati,et al.  Recent Advances in Access Control , 2008, Handbook of Database Security.

[9]  Dana S. Richards,et al.  Steiner tree problems , 1992, Networks.

[10]  Panos M. Pardalos,et al.  Steiner Tree Problems , 2009, Encyclopedia of Optimization.

[11]  Sushil Jajodia,et al.  Enforcing dynamic write privileges in data outsourcing , 2013, Comput. Secur..

[12]  Steven M. Bellovin,et al.  Privacy Enhanced Access Control for Outsourced Data Sharing , 2012, Financial Cryptography.

[13]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[14]  Thomas Rothvoß Directed Steiner Tree and the Lasserre Hierarchy , 2011, ArXiv.

[15]  H.G. Okuno,et al.  Privacy enhanced access control by SPKI , 2000, Proceedings Seventh International Conference on Parallel and Distributed Systems: Workshops.

[16]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[17]  Stelvio Cimato,et al.  Managing key hierarchies for access control enforcement: Heuristic approaches , 2010, Comput. Secur..

[18]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[19]  Pinar Heggernes Graph-Theoretic Concepts in Computer Science 42nd International Workshop, WG 2016, Istanbul, Turkey, June 22-24, 2016, Revised Selected Papers , 2016 .

[20]  Mark Ryan,et al.  Privacy-supporting cloud computing by in-browser key translation , 2013, J. Comput. Secur..

[21]  Alfred V. Aho,et al.  Rectilinear steiner trees: Efficient special-case algorithms , 1977, Networks.