UCT CS Research Document Archive

Enhancing Identity Trust in Cryptographic Key Management Systems for Dynamic Environments

Kayem, Anne V.D.M., Patrick Martin and Selim G. Akl (2011) Enhancing Identity Trust in Cryptographic Key Management Systems for Dynamic Environments. Wiley's Security and Communication Networks Journal 4(1):74-94.

Full text available as:


Cryptographic key management (CKM) schemes can be used to support identity management (IM) systems where linking users securely to data objects is important. CKM schemes enforce data security by encrypting data granting access only to authorized users and security compromises are prevented by updating any keys that are held by users from whom access rights have been revoked. Handling key updates efficiently and providing security against collusion attacks is challenging in dynamic environments like the Internet where manual Security management increases the likelihood of delayed responses. Delay increases the system’s vulnerability to security attacks and the potential of the system’s violating its service level agreements. Adaptive CKM has emerged as a possibility of addressing this problem but needs to be designed in a way that justifies the cost/benefit tradeoff. In this paper, we show that the key update and collusion avoidance problems are NP-complete and need heuristic algorithms to prevent performance degradations in comparison to standard CKM schemes. As an example of the benefits of a good heuristic, we present a collusion detection and resolution algorithm whose running time is polynomial in the number of keys. The algorithm operates by mapping the generated key set onto a key graph whose independent set is computed. In the key graph, the vertices represent the keys and the edges the probability that their endpoints can be combined to provoke a collusion attack. Collusion possibilities are resolved by applying a heuristic that resets the probability to zero. The performance of our algorithm is analyzed in comparison to the Akl and Taylor scheme that is secure against collusion attack, and the experimental results indicate that collusion prevention can be done dynamically
without affecting performance.

EPrint Type:Journal (Paginated)
Keywords:Cryptographic key management; collusion attack; identity trust; autonomic computing; NP-complete
Subjects:C Computer Systems Organization: C.5 COMPUTER SYSTEM IMPLEMENTATION
C Computer Systems Organization: C.4 PERFORMANCE OF SYSTEMS
C Computer Systems Organization: C.2 COMPUTER-COMMUNICATION NETWORKS
ID Code:739
Deposited By:Kayem, AVDM
Deposited On:09 December 2011
Alternative Locations:http://onlinelibrary.wiley.com/doi/10.1002/sec.164/pdf, http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122