Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage

Authors

Kevin Fu, University of Massachusetts - Amherst
Seny Kamara, Johns Hopkins University
Tadayoshi Kohno, University of California - San Diego

Publication Date

2006

Abstract

The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation schemes cannot generically be used to key other crypto- graphic objects; in fact, keying an encryption scheme with the output of a key rotation scheme can yield a composite system that is insecure. To address these shortcomings, we introduce a new cryptographic object called a key regression scheme, and we propose three constructions that are provably secure under standard cryptographic assumptions. We implement key regres- sion in a secure file system and empirically show that key regression can significantly reduce the bandwidth requirements of a content publisher under realistic workloads using lazy revoca- tion. Our experiments also serve as the first empirical evaluation of either a key rotation or key regression scheme.

Comments

This paper was harvested from CiteSeer

Recommended Citation

Fu, Kevin; Kamara, Seny; and Kohno, Tadayoshi, "Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage" (2006). Computer Science Department Faculty Publication Series. 149.
Retrieved from https://scholarworks.umass.edu/cs_faculty_pubs/149