Research Abstracts Online
2008 - March 2009
University of Minnesota Twin Cities
Institute of Technology
Department of Computer Science and Engineering
PI: David H. C. Du, Fellow
Long-term Key Management
These researchers are proposing a new hierarchical approach for transparently managing cryptographic keys that will provide flexible access control with guaranteed key recovery and that will automatically adapt to user revocations, organizational changes, and unforeseen compromises in cryptographic algorithms.
The key management scheme should handle revocation of users and groups efficiently. If a user is revoked from the group, all the keys accessible to that user should be changed and a new key should be used to re-encrypt the files belonging to that group. Considering the large amount of data in the system, it is not feasible to immediately re-encrypt all the data. The researchers are including the concept of lazy encryption—saying that only the updated data needs to be re-encrypted—which, however, creates multiple versions of group keys for the same group, causing an increase in the number of group keys in the system.
Previous ways to reduce the number of keys allowed a user with the current group key to roll back to any of the previous group keys. This approach does not meet real-world demand, which requires authorizing users with different time rollback constraints. In this scheme, the researchers propose a limited rollback scheme to handle such an issue.
Guanlin Lu, Graduate Student
Sarah Sharafkandi, Graduate Student