Naomi Farley scite author profile

Gutin

et al. 2015

The enforcement of access control policies using cryptographic primitives has been studied for over 30 years. When symmetric cryptographic primitives are used, each protected resource is encrypted and only authorized users are given the decryption key. Hence, users may require many keys. In most schemes in the literature, keys are derived from a single key explicitly assigned to the user and publicly available information. Recent work has challenged this design by developing schemes that do not require public information, the trade-off being that a user may require more than one key. However, these new schemes, which require a chain partition of the partially ordered set on which the access control policy is based, generally require more keys than necessary. Moreover, no algorithm is known for determining the best chain partition to use. In this paper we define the notion of a tree-based cryptographic enforcement scheme, which, like chain-based schemes, requires no public information but simultaneously has lower storage requirements. We formally establish that the strong security properties of recent chain-based schemes are preserved by tree-based schemes, and provide an efficient construction for deriving a tree-based enforcement scheme from a given policy that minimizes the number of keys required.

show abstract

Tree-Based Cryptographic Access Control

Alderman

2017

Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies

Gutin

et al. 2015

The simple security property in an information flow policy can be enforced by encrypting data objects and distributing an appropriate secret to each user. A user derives a suitable decryption key from the secret and publicly available information. A chain-based enforcement scheme provides an alternative method of cryptographic enforcement that does not require any public information, the trade-off being that a user may require more than one secret. For a given information flow policy, there will be many different possible chain-based enforcement schemes. In this paper, we provide a polynomial-time algorithm for selecting a chain-based scheme which uses the minimum possible number of secrets. We also compute the number of secrets that will be required and establish an upper bound on the number of secrets required by any user.

show abstract

Cryptographic enforcement of information flow policies without public information via tree partitions1

Gutin

et al. 2017

JCS

We may enforce an information flow policy by encrypting a protected resource and ensuring that only users authorized by the policy are able to decrypt the resource. In most schemes in the literature that use symmetric cryptographic primitives, each user is assigned a single secret and derives decryption keys using this secret and publicly available information. Recent work has challenged this approach by developing schemes, based on a chain partition of the information flow policy, that do not require public information for key derivation, the trade-off being that a user may need to be assigned more than one secret. In general, many different chain partitions exist for the same policy and, until now, it was not known how to compute an appropriate one.In this paper, we introduce the notion of a tree partition, of which chain partitions are a special case. We show how a tree partition may be used to define a cryptographic enforcement scheme and prove that such schemes can be instantiated in such a way as to preserve the strongest security properties known for cryptographic enforcement schemes. We establish a number of results linking the amount of secret material that needs to be distributed to users with a weighted acyclic graph derived from the tree partition. These results enable us to develop efficient algorithms for deriving tree and chain partitions that minimize the amount of secret material that needs to be distributed.

show abstract

A Framework for the Cryptographic Enforcement of Information Flow Policies

Alderman

2017