Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems Read chapter Read first chapter

2015 | OriginalPaper | Chapter

Cryptographic Enforcement of Information Flow Policies Without Public Information

Authors : Jason Crampton, Naomi Farley, Gregory Gutin, Mark Jones, Bertram Poettering

Published in: Applied Cryptography and Network Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The enforcement of access control policies using cryptographic primitives has been studied for over 30 years. When symmetric cryptographic primitives are used, each protected resource is encrypted and only authorized users are given the decryption key. Hence, users may require many keys. In most schemes in the literature, keys are derived from a single key explicitly assigned to the user and publicly available information. Recent work has challenged this design by developing schemes that do not require public information, the trade-off being that a user may require more than one key. However, these new schemes, which require a chain partition of the partially ordered set on which the access control policy is based, generally require more keys than necessary. Moreover, no algorithm is known for determining the best chain partition to use. In this paper we define the notion of a tree-based cryptographic enforcement scheme, which, like chain-based schemes, requires no public information but simultaneously has lower storage requirements. We formally establish that the strong security properties of recent chain-based schemes are preserved by tree-based schemes, and provide an efficient construction for deriving a tree-based enforcement scheme from a given policy that minimizes the number of keys required.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher
next chapter A Fully Decentralized Data Usage Control Enforcement Infrastructure
Appendix
Available only for authorised users
Footnotes
1
There exists a large body of work on the enforcement of attribute-based policies using asymmetric cryptographic primitives, notably attribute-based encryption [6, 13].
 
2
It is assumed that the structure of the poset \((X,\leqslant )\) is known to all participants of a cryptographic enforcement scheme.
 
3
This method is not appropriate for arbitrary posets because we may have \(y \lessdot x\) and \(y \lessdot z\) [10].
 
4
In some schemes, it may be the case that \(\kappa (y) = \sigma (y)\) for all \(y \in X\); and in some schemes, it may be that the set of public information is empty.
 
5
In the special case of a total order, we obtain the scheme of Freire et al., modulo some differences in the choice of the second input to the PRF.
 
6
A variant of Definition 5 would consider dynamic adversaries: such an adversary is able to choose the challenge label x during the experiment, rather than having it fixed as one of the experiment’s parameters. However, it has been shown that static and dynamic definitions of key indistinguishability are polynomially equivalent [12]. To simplify the exposition, therefore, we restrict our attention to the static case.
 
7
That is, if \(x \leqslant y\) (in X) then \(x \preccurlyeq y\) (in the linear extension). Every (finite) partial order has at least one linear extension, which may be computed, in linear time, by representing the partial order as a directed acyclic graph and using a topological sort [7, §22.3].
 
Literature
1.
Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur. 12(3), 18 (2009)CrossRef
2.
Frikken, K.B., Atallah, M.J., Blanton, M.: Incorporating temporal capabilities in existing key management schemes. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 515–530. Springer, Heidelberg (2007)CrossRef
3.
Ateniese, G., De Santis, A., Ferrara, A.L., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. In: Juels et al. [15], pp. 288–297
4.
Bang-Jensen, J., Gutin, G.: Digraphs: Theory, Algorithms and Applications, 2nd edn. Springer, London (2009)CrossRef
5.
Bell, D., LaPadula, L.: Secure computer systems: Unified exposition and Multicsinterpretation. Technical report MTR-2997, Mitre Corporation, Bedford, Massachusetts (1976)
6.
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society (2007)
7.
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. MIT Press (2009)
8.
Crampton, J.: Practical and efficient cryptographic enforcement of interval-based access control policies. ACM Trans. Inf. Syst. Secur. 14(1), 14 (2011)CrossRef
9.
Martin, K.M., Crampton, J., Daud, R.: Constructing key assignment schemes from chain partitions. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy XXIV. LNCS, vol. 6166, pp. 130–145. Springer, Heidelberg (2010)CrossRef
10.
Crampton, J., Martin, K.M., Wild, P.R.: On key assignment for hierarchical access control. In: CSFW, pp. 98–111. IEEE Computer Society (2006)
11.
De Santis, A., Ferrara, A.L., Masucci, B.: New constructions for provably-secure time-bound hierarchical key assignment schemes. Theor. Comput. Sci. 407(1–3), 213–230 (2008)CrossRefMATH
12.
Freire, E.S.V., Poettering, B., Paterson, K.G.: Simple, efficient and strongly ki-secure hierarchical key assignment schemes. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 101–114. Springer, Heidelberg (2013)CrossRef
13.
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Juels et al. [15], pp. 89–98
14.
15.
Juels, A., Wright, R.N., di Vimercati, S.D.C., (eds.) Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, October 30 - November 3, 2006. ACM (2006)
16.
Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Inf. Process. Lett. 27(2), 95–98 (1988)CrossRef
Metadata
Title
Cryptographic Enforcement of Information Flow Policies Without Public Information
Authors
Jason Crampton
Naomi Farley
Gregory Gutin
Mark Jones
Bertram Poettering
Copyright Year
2015
Book
Applied Cryptography and Network Security

Print ISBN: 978-3-319-28165-0

Electronic ISBN: 978-3-319-28166-7

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-28166-7_19

Premium Partner

    Image Credits