Heuristics for Improving Cryptographic Key Assignment in a Hierarchy

Author

Kayem, Anne V D M ; Martin, Patrick ; Akl, Selim G.

Author_Institution

Sch. of Comput., Queen´´s Univ. Kingston, Kingston, ON

Volume

1

fYear

2007

fDate

21-23 May 2007

Firstpage

531

Lastpage

536

Abstract

In hierarchical distributed systems, shared data access can be controlled by assigning user groups single cryptographic keys that allow high level users derive low level keys, but not the reverse. The drawback in this approach to key management is the requirement of replacing keys throughout the entire hierarchy whenever group membership changes, to preserve security. This paper presents two algorithms, based on a precedence tree graph model, that use a distance-based heuristic to minimize the cost of key assignment and replacement, respectively. In the average case, only the keys belonging to the group affected and its sub-tree are replaced. A complexity analysis and experimental results indicating performance improvements demonstrate the feasibility of the proposed algorithms.

Keywords

cryptography; distributed processing; cryptographic key assignment; hierarchical distributed systems; key management; precedence tree graph; shared data access; Access control; Algorithm design and analysis; Control systems; Costs; Cryptography; Data security; Distributed computing; Information security; Performance analysis; Tree graphs;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on

Conference_Location

Niagara Falls, Ont.

Print_ISBN

978-0-7695-2847-2

Type

conf

DOI

10.1109/AINAW.2007.197

Filename

4221112