@MASTERSTHESIS\{IMM2006-04447, author = "S. Thyregod", title = "Key Management in Cryptographic Access Control", year = "2006", keywords = "Cryptography, Key Management, Cryptographic Access Control, Distributed Systems, CryptOS, Cryptographic Key Rings, Distribution of Cryptographic Keys.", school = "Informatics and Mathematical Modelling, Technical University of Denmark, {DTU}", address = "Richard Petersens Plads, Building 321, {DK-}2800 Kgs. Lyngby", type = "", note = "Supervised by Assoc. Prof. Christian D. Jensen, {IMM}.", url = "http://www2.compute.dtu.dk/pubdb/pubs/4447-full.html", abstract = "This thesis project is a part of the CryptoOS project, where cryptographic access control methods are used to replace traditional access control mechanisms. This provides a truly decentralised design, where access is not related to users, but to the possession of cryptographic keys. By using a combination of symmetric and asymmetric encryption it is possible to differentiate access to three levels: Full{-,} read- and ”integrity check” authorisation. The ”integrity check” authorisation provides the possibility to verify the integrity of data, without knowing its actual contents. This makes it possible to store confidential data on less trustworthy file servers, which only can verify the integrity of the data, and not learn its contents. Each file has a key, which is used to gain access to the file. These keys are collected in key rings, which provide the possibility to form different access control models. To handle the key rings and demonstrate the proposed design a key managing application and different types of servers has been implemented and evaluated. The implementation proofs that it is possible to use cryptographic access control to replace existing access control mechanisms. The performance is a bit slower than traditional models, but the overall security is increased and the design is completely decentralised and scalable, which usually requires a lot more computations." }