Enhancing Identity Trust in Cryptographic Key Management Systems for Dynamic Environments

Kayem, Anne V.D.M. and Martin, Patrick and Akl, Selim G. (2011) Enhancing Identity Trust in Cryptographic Key Management Systems for Dynamic Environments, Wiley's Security and Communication Networks Journal, 4, 74-94, Wiley.

Full text not available from this repository. (Use alternate locations listed below)

Abstract

Cryptographic key management (CKM) schemes can be used to support identity management (IM) systems where linking users securely to data objects is important. CKM schemes enforce data security by encrypting data granting access only to authorized users and security compromises are prevented by updating any keys that are held by users from whom access rights have been revoked. Handling key updates efficiently and providing security against collusion attacks is challenging in dynamic environments like the Internet where manual Security management increases the likelihood of delayed responses. Delay increases the system’s vulnerability to security attacks and the potential of the system’s violating its service level agreements. Adaptive CKM has emerged as a possibility of addressing this problem but needs to be designed in a way that justifies the cost/benefit tradeoff. In this paper, we show that the key update and collusion avoidance problems are NP-complete and need heuristic algorithms to prevent performance degradations in comparison to standard CKM schemes. As an example of the benefits of a good heuristic, we present a collusion detection and resolution algorithm whose running time is polynomial in the number of keys. The algorithm operates by mapping the generated key set onto a key graph whose independent set is computed. In the key graph, the vertices represent the keys and the edges the probability that their endpoints can be combined to provoke a collusion attack. Collusion possibilities are resolved by applying a heuristic that resets the probability to zero. The performance of our algorithm is analyzed in comparison to the Akl and Taylor scheme that is secure against collusion attack, and the experimental results indicate that collusion prevention can be done dynamically without affecting performance.

Item Type: Journal article (paginated)
Uncontrolled Keywords: Cryptographic key management; collusion attack; identity trust; autonomic computing; NP-complete
Subjects: Computer systems organization
Theory of computation > Design and analysis of algorithms
Information systems > Data management systems > Data structures > Data layout > Data encryption
Computer systems organization > Dependable and fault-tolerant systems and networks
Computer systems organization > Architectures > Distributed architectures
Alternate Locations: http://onlinelibrary.wiley.com/doi/10.1002/sec.164/pdf, http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122
Date Deposited: 09 Dec 2011
Last Modified: 10 Oct 2019 15:33
URI: http://pubs.cs.uct.ac.za/id/eprint/739

Actions (login required)

View Item View Item