Attribute based group key management

Mohamed Nabeel, Elisa Bertino

Research output: Contribution to journalArticle

12 Citations (Scopus)

Abstract

Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this paper, we propose novel key management schemes that allow users whose attributes satisfy a certain access control policy to derive the group key. Our schemes efficiently support rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our schemes are expressive; they are able to support any monotonic access control policy over a set of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually. Experimental results show that our underlying constructs are efficient and practical.

Original languageEnglish
Pages (from-to)309-336
Number of pages28
JournalTransactions on Data Privacy
Volume7
Issue number3
Publication statusPublished - 1 Dec 2014
Externally publishedYes

Fingerprint

Key Management
Access control
Attribute
Access Control
Control Policy
Collusion Attack
Private Information
Monotonic
Join

Keywords

  • Attribute based policies
  • Broadcast group key management
  • Secret sharing

ASJC Scopus subject areas

  • Software
  • Statistics and Probability

Cite this

Attribute based group key management. / Nabeel, Mohamed; Bertino, Elisa.

In: Transactions on Data Privacy, Vol. 7, No. 3, 01.12.2014, p. 309-336.

Research output: Contribution to journalArticle

Nabeel, M & Bertino, E 2014, 'Attribute based group key management', Transactions on Data Privacy, vol. 7, no. 3, pp. 309-336.
Nabeel, Mohamed ; Bertino, Elisa. / Attribute based group key management. In: Transactions on Data Privacy. 2014 ; Vol. 7, No. 3. pp. 309-336.
@article{0d86a2023ded4fb4badaeda65f8d74d8,
title = "Attribute based group key management",
abstract = "Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this paper, we propose novel key management schemes that allow users whose attributes satisfy a certain access control policy to derive the group key. Our schemes efficiently support rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our schemes are expressive; they are able to support any monotonic access control policy over a set of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually. Experimental results show that our underlying constructs are efficient and practical.",
keywords = "Attribute based policies, Broadcast group key management, Secret sharing",
author = "Mohamed Nabeel and Elisa Bertino",
year = "2014",
month = "12",
day = "1",
language = "English",
volume = "7",
pages = "309--336",
journal = "Transactions on Data Privacy",
issn = "1888-5063",
publisher = "Institut d'Investigacio en Intel-ligencia Artificial - Consejo Superior Investigaciones Cientificas (IIIA-CSIC)",
number = "3",

}

TY - JOUR

T1 - Attribute based group key management

AU - Nabeel, Mohamed

AU - Bertino, Elisa

PY - 2014/12/1

Y1 - 2014/12/1

N2 - Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this paper, we propose novel key management schemes that allow users whose attributes satisfy a certain access control policy to derive the group key. Our schemes efficiently support rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our schemes are expressive; they are able to support any monotonic access control policy over a set of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually. Experimental results show that our underlying constructs are efficient and practical.

AB - Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this paper, we propose novel key management schemes that allow users whose attributes satisfy a certain access control policy to derive the group key. Our schemes efficiently support rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our schemes are expressive; they are able to support any monotonic access control policy over a set of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually. Experimental results show that our underlying constructs are efficient and practical.

KW - Attribute based policies

KW - Broadcast group key management

KW - Secret sharing

UR - http://www.scopus.com/inward/record.url?scp=84912021204&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84912021204&partnerID=8YFLogxK

M3 - Article

VL - 7

SP - 309

EP - 336

JO - Transactions on Data Privacy

JF - Transactions on Data Privacy

SN - 1888-5063

IS - 3

ER -