3 research outputs found
Cryptographic enforcement of information flow policies without public information via tree partitions
We may enforce an information flow policy by encrypting a protected resource
and ensuring that only users authorized by the policy are able to decrypt the
resource. In most schemes in the literature that use symmetric cryptographic
primitives, each user is assigned a single secret and derives decryption keys
using this secret and publicly available information. Recent work has
challenged this approach by developing schemes, based on a chain partition of
the information flow policy, that do not require public information for key
derivation, the trade-off being that a user may need to be assigned more than
one secret. In general, many different chain partitions exist for the same
policy and, until now, it was not known how to compute an appropriate one.
In this paper, we introduce the notion of a tree partition, of which chain
partitions are a special case. We show how a tree partition may be used to
define a cryptographic enforcement scheme and prove that such schemes can be
instantiated in such a way as to preserve the strongest security properties
known for cryptographic enforcement schemes. We establish a number of results
linking the amount of secret material that needs to be distributed to users
with a weighted acyclic graph derived from the tree partition. These results
enable us to develop efficient algorithms for deriving tree and chain
partitions that minimize the amount of secret material that needs to be
distributed.Comment: Extended version of conference papers from ACNS 2015 and DBSec 201
Constructing Key Assignment Schemes from Chain Partitions
Abstract. In considering a problem in access control for scalable multimedia formats, we have developed new methods for constructing a key assignment scheme. Our first contribution is to improve an existing cryptographic access control mechanism for scalable multimedia formats. We then show how our methods can be applied to a chain partition to develop alternative mechanisms for scalable multimedia formats and how these methods can themselves be extended to create a new type of key assignment scheme.
Constructing Key Assignment Schemes from Chain Partitions
In considering a problem in access control for scalable multimedia formats, we have developed new methods for constructing a key assignment scheme. Our first contribution is to improve an existing cryptographic access control mechanism for scalable multimedia formats. We then show how our methods can be applied to a chain partition to develop alternative mechanisms for scalable multimedia formats and how these methods can themselves be extended to create a new type of key assignment scheme