Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes

Freire, Eduarda S. V.; Paterson, Kenneth G.; Poettering, Bertram

doi:10.1007/978-3-642-36095-4_7

Cited by 31 publications

(58 citation statements)

References 27 publications

(59 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many schemes in the literature provide each user with a single secret [3,11], the trade-off being that the amount of public information and derivation time may be substantial. In contrast, chain-based schemes require no public information but each user may require more than one secret [9,14,15]. In addition, chain-based schemes can achieve very strong security properties [15].…”

Section: Introductionmentioning

confidence: 99%

“…In contrast, chain-based schemes require no public information but each user may require more than one secret [9,14,15]. In addition, chain-based schemes can achieve very strong security properties [15]. There are many different ways to instantiate a chain-based scheme for a given policy, each instantiation being defined by a chain partition of the partially ordered set that defines the policy.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies

Crampton

Farley

Gutin

et al. 2015

Data and Applications Security and Privacy XXIX

View full text Add to dashboard Cite

The simple security property in an information flow policy can be enforced by encrypting data objects and distributing an appropriate secret to each user. A user derives a suitable decryption key from the secret and publicly available information. A chain-based enforcement scheme provides an alternative method of cryptographic enforcement that does not require any public information, the trade-off being that a user may require more than one secret. For a given information flow policy, there will be many different possible chain-based enforcement schemes. In this paper, we provide a polynomial-time algorithm for selecting a chain-based scheme which uses the minimum possible number of secrets. We also compute the number of secrets that will be required and establish an upper bound on the number of secrets required by any user.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies

Crampton

Farley

Gutin

et al. 2015

Data and Applications Security and Privacy XXIX

View full text Add to dashboard Cite

show abstract

“…Our first set of contributions is associated with the novel concept of a tree partition of an information flow policy, from which we define the notion of a forest-based cryptographic enforcement scheme for information flow policies. We prove results establishing how the total number of secrets to be issued to users varies with the structure of the forest and demonstrate that an instantiation of our scheme retains the security property of strong key indistinguishability introduced by Freire, Paterson and Poettering [21]. We design and analyze an efficient algorithm for computing a forest that minimizes the total number of issued secrets.…”

Section: Introductionmentioning

confidence: 84%

“…The trade-off with such schemes is that some users may require more than one secret in order to be able to derive all the required encryption keys. Subsequent work established that secure instantiations of such schemes are possible [20,21].…”

Section: Related Workmentioning

confidence: 99%

Cryptographic enforcement of information flow policies without public information via tree partitions1

Crampton

Farley

Gutin

et al. 2017

JCS

Self Cite

View full text Add to dashboard Cite

We may enforce an information flow policy by encrypting a protected resource and ensuring that only users authorized by the policy are able to decrypt the resource. In most schemes in the literature that use symmetric cryptographic primitives, each user is assigned a single secret and derives decryption keys using this secret and publicly available information. Recent work has challenged this approach by developing schemes, based on a chain partition of the information flow policy, that do not require public information for key derivation, the trade-off being that a user may need to be assigned more than one secret. In general, many different chain partitions exist for the same policy and, until now, it was not known how to compute an appropriate one.In this paper, we introduce the notion of a tree partition, of which chain partitions are a special case. We show how a tree partition may be used to define a cryptographic enforcement scheme and prove that such schemes can be instantiated in such a way as to preserve the strongest security properties known for cryptographic enforcement schemes. We establish a number of results linking the amount of secret material that needs to be distributed to users with a weighted acyclic graph derived from the tree partition. These results enable us to develop efficient algorithms for deriving tree and chain partitions that minimize the amount of secret material that needs to be distributed.

show abstract

“…, κ xn , an adversary should not be able to distinguish between the key for a challenge node x (not a descendent of any x i ) and a randomly chosen key. Recently, Freire et al [15] suggested a new…”

Section: Key Assignment Schemesmentioning

confidence: 99%

Access Control in Publicly Verifiable Outsourced Computation

Alderman

Janson

Cid

et al. 2015

Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

Publicly Verifiable Outsourced Computation (PVC) allows devices with restricted resources to delegate expensive computations to more powerful external servers, and to verify the correctness of results. Whilst highlybeneficial in many situations, this increases the visibility and availability of potentially sensitive data, so we may wish to limit the sets of entities that can view input data and results. Additionally, it is highly unlikely that all users have identical and uncontrolled access to all functionality within an organization. Thus there is a need for access control mechanisms in PVC environments.In this work, we define a new framework for Publicly Verifiable Outsourced Computation with Access Control (PVC-AC). We formally define algorithms to provide different PVC functionality for each entity within a large outsourced computation environment, and discuss the forms of access control policies that are applicable, and necessary, in such environments, as well as formally modelling the resulting security properties. Finally, we give an example instantiation that (in a black-box and generic fashion) combines existing PVC schemes with symmetric Key Assignment Schemes to cryptographically enforce the policies of interest.

show abstract

Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes

Cited by 31 publications

References 27 publications

Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies

Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies

Cryptographic enforcement of information flow policies without public information via tree partitions1

Access Control in Publicly Verifiable Outsourced Computation

Contact Info

Product

Resources

About