Indirect key derivation schemes for key management of access hierarchies
Abstract
In this thesis, we study the problem of key management within an access
hierarchy. Our contribution to the key management problem is an indirect
key derivation approach we call the HMAC-method. It is called the
HMAC-method, because it is based on hashed message authentication codes
(HMACs) built from a fast, single, dedicated hash function (SHA-1). It is
intended to provide an efficient indirect key management method for large
access hierarchies resembling tree structures. We are able to achieve better
tree traversals using a technique we created called path addressing. Our
path addressing scheme allows us to efficiently calculate relationships between
security classes, determine traversal paths, and improve the performance of
indirect key derivation. We also present our cached key update scheme which
is meant to improve the indirect key derivation schemes on tree hierarchies by
delaying key updates when changes to the structure of the access hierarchy
are necessary, but the re-calculation and re-assignment of keys would either
be costly or inconvenient.
For access hierarchies represented as weakly/strongly connected directed
acyclic graphs, we suggest modifications to our path addressing and key
derivation scheme which could allow our HMAC-method to be appplied to
these types of hierarchies.
Along the way, we discuss various current key management methods and
discuss certain pragmatic issues that can arise which affect the applicability
and implementation of a key management method.
Collections
- Retrospective theses [1604]