SYSTEM FOR ENABLING
RECURSIVE KEY GENERATION
RELATED APPLICATIONS 5
The following commonly assigned applications, filed concurrently, may contain some common disclosure and may relate to the present invention are hereby incorporated by reference: 10
U.S. patent application Ser. No. 09/984,928 entitled "SYSTEM FOR OPTIMIZED KEY MANAGEMENT WITH FILE GROUPS";
U.S. patent application Ser. No. 09/984,926 entitled "SYSTEM FOR ENSURING DATA PRIVACY AND 15 USER DIFFERENTIATION IN A DISTRIBUTED FILE SYSTEM"; and
U.S. patent application Ser. No. 09/984,936 entitled "SYSTEM FOR ENCRYPTED FILE STORAGE OPTIMIZATION VIA DIFFERENTIATED KEY SIZES". 20
FIELD OF THE INVENTION
This invention relates generally to cryptographic key management. In particular, the invention relates to enabling 25 lazy-revocation through recursive key generation in a cryptographic file system.
DESCRIPTION OF THE RELATED ART
In a conventional cryptographic file system, the data (or files) are stored encrypted. This is a convenient feature especially if an owner of the files cannot trust the administrator of the server to provide adequate security measures to ensure data privacy. To make the conventional cryptographic 35 file system more user-friendly, users typically try to minimize the number of cryptographic keys used to encrypt the files. Otherwise, the number of cryptographic keys may be equal to the number of files that the owner/user may have on the cryptographic keys, which may make managing the 40 cryptographic keys burdensome, and thereby making the cryptographic file system less user-friendly.
In one aspect, users share files in a cryptographic file system by having a copy of the encrypted file and an associated decryption key. In this manner, a user may utilize 45 the associated decryption key to decrypt the received encrypted file for access to the file. However, in some instances, an owner of a file may attempt to prevent a previously authorized user from future access to the file, i.e., revoke a user. 50
One method for revoking a user by an owner of the file is to re-encrypt all the files of the owner with a new cryptographic key. However, re-encrypting all the files is a timeconsuming and burdensome task, especially if the owner has encrypted a number of files with the same cryptographic key. 55
Another solution for revoking a user is described in "Group Sharing and Random Access in Cryptographic Storage File Systems," Master's Thesis, Department of EECS, MIT June 1999, written by Kevin Fu, which is hereby incorporated by reference in its entirety. This solution pro- 60 poses a technique called lazy revocation where files are to be re-encrypted with a different key only when the file is updated. Accordingly, a revoked user is unable to view any updates to the file. In particular, Fu proposes utilizing a 'lock-box'. The cryptographic key used to encrypt a file is 65 stored in the lockbox. The lockbox is also encrypted with another cryptographic key that is stored in a trusted group
server. In the event of a user revocation, all the lockboxes that the revoked user had access to are marked as 'dirty' and any subsequent updates to any dirty file causes that file to be re-encrypted.
In general, other conventional secure systems that provide revocation, such as in UNIX and WINDOWS NT, rely on the server checking for user's group membership before granting access. This particular trait requires the servers to store (or cache) information regarding users, which places a high trust requirement on the servers and requires all the servers to maintain this authentication information in a secure and consistent manner.
SUMMARY OF THE INVENTION
In accordance with the principles of the present invention, one aspect of the invention pertains to a method of enabling lazy-revocation in a cryptographic file system. The method includes revoking access of a user or a plurality of users to a file and generating a new version of a key based on a current version of the key. The method also includes encrypting the file with the new version of the key in response to an update of the file.
Another aspect of the present invention relates to a method of managing files in a file system. The method includes revoking access of a user from a plurality of user to a file and generating a new key from a current key of the file in response to the revocation. The method also includes encrypting the file with the new key.
Yet another aspect of the present invention pertains to a method of accessing files. The method includes determining a version of a file and determining a version of a key. The method further includes accessing the file in response to the version of the file and the version of the key matching.
Yet another aspect of the present invention relates to a method for accessing files. The method includes determining a version of a file and determining a version of a key. The method also includes recursively generating a previous version of the key from the key until the version of the key matches the version of the file.