Title :
Heuristics for Improving Cryptographic Key Assignment in a Hierarchy
Author :
Kayem, Anne V D M ; Martin, Patrick ; Akl, Selim G.
Author_Institution :
Sch. of Comput., Queen´´s Univ. Kingston, Kingston, ON
Abstract :
In hierarchical distributed systems, shared data access can be controlled by assigning user groups single cryptographic keys that allow high level users derive low level keys, but not the reverse. The drawback in this approach to key management is the requirement of replacing keys throughout the entire hierarchy whenever group membership changes, to preserve security. This paper presents two algorithms, based on a precedence tree graph model, that use a distance-based heuristic to minimize the cost of key assignment and replacement, respectively. In the average case, only the keys belonging to the group affected and its sub-tree are replaced. A complexity analysis and experimental results indicating performance improvements demonstrate the feasibility of the proposed algorithms.
Keywords :
cryptography; distributed processing; cryptographic key assignment; hierarchical distributed systems; key management; precedence tree graph; shared data access; Access control; Algorithm design and analysis; Control systems; Costs; Cryptography; Data security; Distributed computing; Information security; Performance analysis; Tree graphs;
Conference_Titel :
Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on
Conference_Location :
Niagara Falls, Ont.
Print_ISBN :
978-0-7695-2847-2
DOI :
10.1109/AINAW.2007.197
