University of Minnesota
University Relations

Minnesota Supercomputing Institute

Log out of MyMSI

Research Abstracts Online
January 2008 - March 2009

University of Minnesota Twin Cities
Institute of Technology
Department of Computer Science and Engineering

PI: David H. C. Du, Fellow

Long-term Key Management

These researchers are proposing a new hierarchical approach for transparently managing cryptographic keys that will provide flexible access control with guaranteed key recovery and that will automatically adapt to user revocations, organizational changes, and unforeseen compromises in cryptographic algorithms.

The key management scheme should handle revocation of users and groups efficiently. If a user is revoked from the group, all the keys accessible to that user should be changed and a new key should be used to re-encrypt the files belonging to that group. Considering the large amount of data in the system, it is not feasible to immediately re-encrypt all the data. The researchers are including the concept of lazy encryption—saying that only the updated data needs to be re-encrypted—which, however, creates multiple versions of group keys for the same group, causing an increase in the number of group keys in the system.

Previous ways to reduce the number of keys allowed a user with the current group key to roll back to any of the previous group keys. This approach does not meet real-world demand, which requires authorizing users with different time rollback constraints. In this scheme, the researchers propose a limited rollback scheme to handle such an issue.

Group Members

Guanlin Lu, Graduate Student
Sarah Sharafkandi, Graduate Student