Cryptographic Enforcement of Access Control while Mitigating Key Sharing

Keith B. Frikken

2012

Abstract

In this paper, we consider the well-studied problem of cryptographic enforcement of hierarchical-based access control. While this problem is well-studied, a significant drawback to prior approaches is that if a corrupt user shares his key, then any user can access the content of the corrupt user. This is particularly damaging since it is not possible to determine the identity of the corrupt user, and almost all previous schemes require some rekeying in order to revoke a key. To mitigate this key sharing attack, we propose a new model for cryptographic enforcement: Identity-based key management (IBKM). In this framework, each key is associated with an identity and this identity is required to access content. This allows the system to trace the source of key leakage and to revoke users without rekeying. The main disadvantage of this framework is the scheme does not have the ability to provide anonymous access, but it can be used to provide pseudonymous access. The main contributions of this paper are formal definitions for IBKM and schemes for achieving IBKM.

References

  1. Akl, S. and Taylor, P. (1983). Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems, 1(3):239-248.
  2. Atallah, M., Blanton, M., and Frikken, K. (2007). Incorporating temporal capabilities in existing key management schemes. In Biskup, J. and Lopez, J., editors, Computer Security (ESORICS 2007), volume 4734 of Lecture Notes in Computer Science, pages 515-530. Springer Berlin / Heidelberg.
  3. Atallah, M. J., Blanton, M., Fazio, N., and Frikken, K. B. (2009). Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur., 12:18:1-18:43.
  4. Ateniese, G., De Santis, A., Ferrara, A. L., and Masucci, B. (2006). Provably-secure time-bound hierarchical key assignment schemes. In Proceedings of the 13th ACM conference on Computer and communications security, CCS 7806, pages 288-297, New York, NY, USA. ACM.
  5. Baric, N. and Pfitzmann, B. (1997). Collision-free accumulators and fail-stop signature schemes without trees. In Fumy, W., editor, Advances in Cryptology (EUROCRYPT 1997), volume 1233 of Lecture Notes in Computer Science, pages 480-494. Springer Berlin / Heidelberg.
  6. Boneh, D. and Franklin, M. (1999). An efficient public key traitor tracing scheme. In Wiener, M., editor, Advances in Cryptology (CRYPTO 1999), volume 1666 of Lecture Notes in Computer Science, pages 783- 783. Springer Berlin / Heidelberg.
  7. Crampton, J., Martin, K., and Wild, P. (2006). On key assignment for hierarchical access control. In Computer Security Foundations Workshop, 2006. 19th IEEE.
  8. di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2007). Over-encryption: management of access control evolution on outsourced data. In Proceedings of the 33rd international conference on Very large data bases, VLDB 7807, pages 123-134. VLDB Endowment.
  9. Fiat, A. and Naor, M. (1994). Broadcast encryption. In Stinson, D., editor, Advances in Cryptology CRYPTO 93, volume 773 of Lecture Notes in Computer Science, pages 480-491. Springer Berlin / Heidelberg.
  10. Sandhu, R. (1987). On some cryptographic solutions for access control in a tree hierarchy. In Fall Joint Computer Conference on Exploring technology: today and tomorrow, pages 405-410.
  11. Sandhu, R. (1988). Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters, 27(2):95-98.
  12. Santis, A. D., Ferrara, A. L., and Masucci, B. (2008). New constructions for provably-secure time-bound hierarchical key assignment schemes. Theoretical Computer Science, 407(1-3):213 - 230.
  13. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Blakley, G. and Chaum, D., editors, Advances in Cryptology, volume 196 of Lecture Notes in Computer Science, pages 47-53. Springer Berlin / Heidelberg.
Download


Paper Citation


in Harvard Style

B. Frikken K. (2012). Cryptographic Enforcement of Access Control while Mitigating Key Sharing . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 245-250. DOI: 10.5220/0004042602450250


in Bibtex Style

@conference{secrypt12,
author={Keith B. Frikken},
title={Cryptographic Enforcement of Access Control while Mitigating Key Sharing},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={245-250},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004042602450250},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Cryptographic Enforcement of Access Control while Mitigating Key Sharing
SN - 978-989-8565-24-2
AU - B. Frikken K.
PY - 2012
SP - 245
EP - 250
DO - 10.5220/0004042602450250