Cryptographic access control in support of Object Level Protection

This paper presents the results of a high-level investigation into the application of cryptographic access control in support of Object Level Protection (OLP). The investigation focused on the concept of attribute-based encryption (ABE) applied to an architecture in which OLP is realized through Content-based Protection and Release (CPR). The choice of ABE is motivated by a natural correspondence that exists between ABE and CPR. We explain this correspondence and present a detailed step-by-step description of how the concept of ABE can be applied to a number of basic use cases for information sharing in a CPR-enabled environment. The paper assumes an appropriate ABE scheme and does not contain details on cryptographic operations.

[1]  Brent Waters,et al.  Functional encryption: a new vision for public-key cryptography , 2012, CACM.

[2]  Sander Oudkerk,et al.  Protected core networking: an architectural approach to secure and flexible communications , 2008, IEEE Communications Magazine.

[3]  Cédric Fournet,et al.  Information-flow types for homomorphic encryptions , 2011, CCS '11.

[4]  Anders Eggen,et al.  A Proposal for an XML Confidentiality Label and Related Binding of Metadata to Data Objects , 2010 .

[5]  Konrad Wrona,et al.  Designing medium assurance XML-labelling guards for NATO , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[6]  Hermann Wietgrefe,et al.  A NNEC-compliant approach for a Future Mission Network , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[7]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[8]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[9]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[11]  Mikko Kiviharju Towards Pervasive Cryptographic Access Control Models , 2012, SECRYPT.

[12]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[13]  K. Wrona,et al.  Development of high assurance guards for NATO , 2012, 2012 Military Communications and Information Systems Conference (MCC).

[14]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[15]  Steven J. Simske,et al.  Differential access for publicly-posted composite documents with multiple workflow participants , 2010, DocEng '10.