A Framework for Self-Protecting Cryptographic Key Management

Demands to match security with performance in Web applications where access to shared data needs to be controlled dynamically make self-protecting security schemes attractive. Yet, standard schemes focus primarily on correctness as opposed to adaptability and so need to be extended to handle these new scenarios. One of the approaches to enforcing cryptographically controlled access to shared data is to encrypt it with a single secret key that is then distributed to the users requiring access. Data security is ensured by replacing the group key and re-encrypting the affected data whenever group membership changes. Thus, key management (KM) is expensive when changes in group membership occur frequently and involve large amounts of data. This paper presents a framework, based on the autonomic computing paradigm, that allows a KM scheme to continually monitor the rate at which changes in group membership occur and generate keys as well as encrypted replicas to anticipate future changes. Since the keys and encrypted data are generated by anticipation rather than on demand, the long-term cost of KM is minimized. A prototype implementation and experiments showing performance improvements demonstrate the effectiveness of the proposed framework.