Lazy revocation in cryptographic file systems

Author

Backes, Michael ; Cachin, Christian ; Oprea, Alina

Author_Institution

Zurich Res. Lab., IBM Res., Ruschlikon

fYear

2005

fDate

13-13 Dec. 2005

Lastpage

11

Abstract

A crucial element of distributed cryptographic file systems are key management solutions that allow for flexible but secure data sharing. We consider efficient key management schemes for cryptographic file systems using lazy revocation. We give rigorous security definitions for three cryptographic schemes used in such systems, namely symmetric encryption, message-authentication codes and signature schemes. Additionally, we provide generic constructions for symmetric encryption and message-authentication codes with lazy revocation using key-updating schemes for lazy revocation, which have been introduced recently. We also give a construction of signature schemes with lazy revocation from identity-based signatures. Finally, we describe how our constructions improve the key rotation mechanism in the Plutus file system

Keywords

cryptography; message authentication; network operating systems; Plutus file system; distributed cryptographic file system; identity-based signature; key management scheme; key-updating scheme; lazy revocation; message-authentication code; secure data sharing; symmetric encryption; Access control; Cryptography; Data security; File systems; Identity-based encryption; Laboratories; Permission; Protection; Secure storage; Storage area networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Security in Storage Workshop, 2005. SISW '05. Third IEEE International

Conference_Location

San Francisco, CA

Print_ISBN

0-7695-2537-7

Type

conf

DOI

10.1109/SISW.2005.7

Filename

1628477