Results 1 - 10
of
37
Provably-secure time-bound hierarchical key assignment schemes
- In ACM Conference on Computer and Communications Security (CCS’06
, 2006
"... Abstract A time-bound hierarchical key assignment scheme is a method to assign time-dependentencryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, according to temporalconstraints. In this ..."
Abstract
-
Cited by 37 (4 self)
- Add to MetaCart
(Show Context)
Abstract A time-bound hierarchical key assignment scheme is a method to assign time-dependentencryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, according to temporalconstraints. In this paper we design and analyze time-bound hierarchical key assignment schemes whichare provably-secure and efficient. We consider both the unconditionally secure and the computationally secure settings and distinguish between two different goals: security with respect tokey indistinguishability and against key recovery. * We first present definitions of security with respect to both goals in the unconditionallysecure setting and we show tight lower bounds on the size of the private information distributed to each class. * Then, we consider the computational setting and we further distinguish security againststatic and adaptive adversarial behaviors. We explore the relations between all possible combinations of security goals and adversarial behaviors and, in particular, we prove thatsecurity against adaptive adversaries is (polynomially) equivalent to security against static adversaries. * Afterwards, we prove that a recently proposed scheme is insecure against key recovery. * Finally, we propose two different constructions for time-bound key assignment schemes.The first one is based on symmetric encryption schemes, whereas, the second one makes
A Data Outsourcing Architecture Combining Cryptography and Access Control
, 2007
"... Data outsourcing is becoming today a successful solution that allows users and organizations to exploit external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a ..."
Abstract
-
Cited by 27 (4 self)
- Add to MetaCart
Data outsourcing is becoming today a successful solution that allows users and organizations to exploit external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a common approach for protecting the outsourced data consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination of access control with cryptography. This idea is in itself not new, but the problem of applying it in an outsourced architecture introduces several challenges. In this paper, we first illustrate the basic principles on which an architecture for combining access control and cryptography can be built. We then illustrate an approach for enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at a limited cost in terms of bandwidth and computational power.
Encryption Policies for Regulating Access to Outsourced Data
"... Current access control models typically assume that resources are under the strict custody of a trusted party, which monitors each access request to verify if it is compliant with the specified access control policy. There are many scenarios where this approach is becoming no longer adequate. Many c ..."
Abstract
-
Cited by 24 (17 self)
- Add to MetaCart
Current access control models typically assume that resources are under the strict custody of a trusted party, which monitors each access request to verify if it is compliant with the specified access control policy. There are many scenarios where this approach is becoming no longer adequate. Many clear trends in Web technology are creating a need for owners of sensitive information to manage access to it by legitimate users using the services of honest but curious third parties, that is, parties trusted with providing the required service but not authorized to read the actual data content. In this scenario, the data owner encrypts the data before outsourcing and stores them at the server. Only the data owner and users with knowledge of the key will be able to decrypt the data. Possible access authorizations are to be enforced by the owner. In this paper, we address the problem of enforcing selective access on outsourced data without need of involving the owner in the access control process. The solution puts forward a novel approach that combines cryptography with authorizations, thus enforcing access control via selective encryption. The paper presents a formal model for access control management and illustrates how an authorization policy can be translated into an equivalent encryption policy while minimizing the amount of keys and cryptographic tokens to be managed. The paper also introduces a two-layer encryption
Incorporating temporal capabilities in existing key management schemes
- In European Symposium on Research in Computer Security (ESORICS’07
, 2007
"... Abstract. The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical st ..."
Abstract
-
Cited by 12 (3 self)
- Add to MetaCart
(Show Context)
Abstract. The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical structure. If user privileges additionally are time-based, the key(s) a user receives should permit access to the resources only at the appropriate times. This paper presents a new, provably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds: (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic operations; and (iv) if the total number of time intervals in the system is n, then the server needs to maintain public storage larger than n by only a small asymptotic factor, e.g., O(log ∗ nlog log n) with a small constant. 1
Efficient techniques for realizing geo-spatial access control
, 2007
"... The problem of key management for access control systems has been well-studied, and the literature contains several schemes for hierarchy-based and temporal-based access control. The problem of key management in such systems is how to assign keys to users such that each user is able to compute and h ..."
Abstract
-
Cited by 11 (4 self)
- Add to MetaCart
(Show Context)
The problem of key management for access control systems has been well-studied, and the literature contains several schemes for hierarchy-based and temporal-based access control. The problem of key management in such systems is how to assign keys to users such that each user is able to compute and have access to the appropriate resources while minimizing computation and storage requirements. In the current paper, we consider key management schemes for geo-spatial access control. That is, the access control policy assigns to a user a specific geographic area, and the user consequently obtains access to her area or information about it. In this work, the geography is modeled as an m×n grid of cells (let m ≥ n). Each cell has its own key associated with it, and a user who wants to access the content of a cell needs
An Auto-Delegation Mechanism for Access Control Systems
"... Abstract. Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by en ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
(Show Context)
Abstract. Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably and unpredictably over time require delegation mechanisms that can respond automatically to the absence of appropriately authorized users. To address this, we propose an auto-delegation mechanism and explore the way in which such a mechanism can be used to provide (i) controlled overriding of policy-based authorization decisions (ii) a novel type of access control mechanism based on subject-object relationships. 1
Access control enforcement on query-aware encrypted cloud databases
- In IEEE International Conference on Cloud Computing Technology and Science
, 2013
"... Abstract—The diffusion of cloud database services requires a lot of efforts to improve confidentiality of data stored in external infrastructures. We propose a novel scheme that integrates data encryption with users access control mechanisms. It can be used to guarantee confidentiality of data with ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Abstract—The diffusion of cloud database services requires a lot of efforts to improve confidentiality of data stored in external infrastructures. We propose a novel scheme that integrates data encryption with users access control mechanisms. It can be used to guarantee confidentiality of data with respect to a public cloud infrastructure, and to minimize the risks of internal data leakage even in the worst case of a legitimate user colluding with some cloud provider personnel. The correctness and feasibility of the proposal is demonstrated through formal models, while the integration in a cloud-based architecture is left to future work. I.
Recent Advances in Access Control
"... Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Traditional access control models and languages result limiting for emerging scenarios, whose open and dynamic nature requires the d ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Traditional access control models and languages result limiting for emerging scenarios, whose open and dynamic nature requires the development of new ways of enforcing access control. Access control is then evolving with the complex open environments that it supports, where the decision to grant an access may depend on the properties (attributes) of the requestor rather than her identity and where the access control restrictions to be enforced may come from different authorities. These issues pose several new challenges to the design and implementation of access control systems. In this chapter, we present the emerging trends in the access control field to address the new needs and desiderata of today’s systems.
Cryptographically-Enforced Hierarchical Access Control with Multiple Keys
"... Hierarchical access control policies, in which users and objects are associated with nodes in a hierarchy, can be enforced using cryptographic mechanisms. Protected data is encrypted and authorized users are given the appropriate keys. Lazy re-encryption techniques and temporal hierarchical access c ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Hierarchical access control policies, in which users and objects are associated with nodes in a hierarchy, can be enforced using cryptographic mechanisms. Protected data is encrypted and authorized users are given the appropriate keys. Lazy re-encryption techniques and temporal hierarchical access control policies require that multiple keys may be associated with a node in the hierarchy. In this paper, we introduce the notion of a multi-key assignment scheme to address this requirement. We define bounded, unbounded, synchronous, and asynchronous schemes. We demonstrate that bounded, synchronous schemes provide an alternative to temporal key assignment schemes in the literature, and that unbounded asynchronous schemes provide the desired support for lazy re-encryption. 1
Constructing Key Assignment Schemes from Chain Partitions
"... Abstract. In considering a problem in access control for scalable multimedia formats, we have developed new methods for constructing a key assignment scheme. Our first contribution is to improve an existing cryptographic access control mechanism for scalable multimedia formats. We then show how our ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract. In considering a problem in access control for scalable multimedia formats, we have developed new methods for constructing a key assignment scheme. Our first contribution is to improve an existing cryptographic access control mechanism for scalable multimedia formats. We then show how our methods can be applied to a chain partition to develop alternative mechanisms for scalable multimedia formats and how these methods can themselves be extended to create a new type of key assignment scheme. 1
