Abstract
Attribute based systems enable fine-grained access control among a group of users each identified
by a set of attributes. Secure collaborative applications need such flexible attribute based systems for
managing and distributing group keys. However, current group key management schemes are not well
designed to manage group keys based on the attributes of the group members. In this paper, we propose
novel key management schemes that allow users whose attributes satisfy a certain access control policy
to derive the group key. Our schemes efficiently support rekeying operations when the group changes
due to joins or leaves of group members. During a rekey operation, the private information issued to
existing members remains unaffected and only the public information is updated to change the group
key. Our schemes are expressive; are able to support any monotonic access control policy over a set
of attributes. Our schemes are resistant to collusion attacks; group members are unable to pool their
attributes and derive the group key which they cannot derive individually.