Access Control and Signatures via Quorum Secret Sharing

We suggest a method of controlling the access to a secure database via quorum systems. A quorum system is a collection of sets (quorums) every two of which have a nonempty intersection. Quorum systems have been used for a number of applications in the area of distributed systems. We propose a separation between access servers, which are protected and trustworthy, but may be outdated, and the data servers, which may all be compromised. The main paradigm is that only the servers in a complete quorum can collectively grant (or revoke) access permission. The method we suggest ensures that, after authorization is revoked, a cheating user Alice will not be able to access the data even if many access servers still consider her authorized and even if the complete raw database is available to her. The method has a low overhead in terms of communication and computation. It can also be converted into a distributed system for issuing secure signatures. An important building block in our method is the use of secret sharing schemes that realize the access structures of quorum systems. We provide several efficient constructions of such schemes which may be of interest in their own right.

[1]  Alfredo De Santis,et al.  On the Information Rate of Secret Sharing Schemes (Extended Abstract) , 1992, CRYPTO.

[2]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[3]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[4]  Sushil Jajodia,et al.  Dynamic voting algorithms for maintaining the consistency of a replicated database , 1990, TODS.

[5]  Maurice Herlihy,et al.  How to Make Replicated Data Secure , 1987, CRYPTO.

[6]  Hector Garcia-Molina,et al.  Distributed selective dissemination of information , 1994, Proceedings of 3rd International Conference on Parallel and Distributed Information Systems.

[7]  Amos Beimel,et al.  Universally Ideal Secret Sharing Schemes (Preliminary Version) , 1992, CRYPTO.

[8]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[9]  Moni Naor,et al.  The Load, Capacity, and Availability of Quorum Systems , 1998, SIAM J. Comput..

[10]  Michael K. Reiter,et al.  How to securely replicate services , 1992, TOPL.

[11]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[12]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[13]  Ernest F. Brickell,et al.  On the Classification of Idea Secret Sharing Schemes , 1989, CRYPTO.

[14]  Akhil Kumar,et al.  Hierarchical Quorum Consensus: A New Algorithm for Managing Replicated Data , 1991, IEEE Trans. Computers.

[15]  M. Herlihy A quorum-consensus replication method for abstract data types , 1986, TOCS.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Robert H. Thomas,et al.  A Majority consensus approach to concurrency control for multiple copy databases , 1979, ACM Trans. Database Syst..

[18]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .

[19]  Michel Raynal,et al.  Algorithms for mutual exclusion , 1986 .

[20]  Mostafa H. Ammar,et al.  The Grid Protocol: A High Performance Scheme for Maintaining Replicated Data , 1992, IEEE Trans. Knowl. Data Eng..

[21]  Divyakant Agrawal,et al.  An efficient and fault-tolerant solution for distributed mutual exclusion , 1991, TOCS.

[22]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[23]  Mamoru Maekawa,et al.  A N algorithm for mutual exclusion in decentralized systems , 1985, TOCS.

[24]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[25]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[26]  The Fundamental Theorem of Voting Schemes , 1996, J. Comb. Theory, Ser. A.

[27]  Fred B. Schneider What good are models and what models are good , 1993 .

[28]  David Peleg,et al.  Crumbling walls: a class of practical and efficient quorum systems , 1995, PODC '95.

[29]  Silvio Micali,et al.  A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Escrow Systems , 1995, CRYPTO.

[30]  Leslie G. Valiant,et al.  Short Monotone Formulae for the Majority Function , 1984, J. Algorithms.

[31]  M. P. Herlihy REPLICATION METHODS FOR ABSTRACT DATA TYPES , 1984 .

[32]  Li Gong,et al.  Increasing Availability and Security of an Authentication Service , 1993, IEEE J. Sel. Areas Commun..

[33]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[34]  Nancy A. Lynch,et al.  An Overview of Clock Synchronization , 1986, Fault-Tolerant Distributed Computing.

[35]  Oded Goldreich,et al.  Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme , 1986, CRYPTO.

[36]  Moni Naor,et al.  An Efficient Existentially Unforgeable Signature Scheme and its Applications , 1994, CRYPTO.

[37]  Toshihide Ibaraki,et al.  A Theory of Coteries: Mutual Exclusion in Distributed Systems , 1993, IEEE Trans. Parallel Distributed Syst..

[38]  David Peleg,et al.  The Availability of Crumbling Wall Quorum Systems , 1997, Discret. Appl. Math..

[39]  Hector Garcia-Molina,et al.  Consistency in a partitioned network: a survey , 1985, CSUR.

[40]  David Peleg,et al.  The Availability of Quorum Systems , 1995, Inf. Comput..

[41]  Wai Chee Ada Fu,et al.  Enhancing concurrency and availability for database systems , 1992 .

[42]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[43]  Donald Beaver,et al.  Quorum-Based Secure Multi-party Computation , 1998, EUROCRYPT.

[44]  Hector Garcia-Molina,et al.  How to assign votes in a distributed system , 1985, JACM.

[45]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.