3,889 research outputs found
Lazy updates in key assignment schemes for hierarchical access control
Hierarchical access control policies are used to restrict access to
objects by users based on their respective security labels. There are
many key assignment schemes in the literature for implementing
such policies using cryptographic mechanisms. Updating keys in such
schemes has always been problematic, not least because many objects
may be encrypted with the same key. We propose a number of techniques
by which this process can be improved, making use of the idea of
lazy key updates, which have been studied in the context of
cryptographic file systems. We demonstrate in passing that schemes
for lazy key updates can be regarded as simple instances of key
assignment schemes. Finally, we illustrate the utility of our
techniques by applying them to hierarchical file systems and to
temporal access control policies
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
On the Use of Key Assignment Schemes in Authentication Protocols
Key Assignment Schemes (KASs) have been extensively studied in the context of
cryptographically-enforced access control, where derived keys are used to
decrypt protected resources. In this paper, we explore the use of KASs in
entity authentication protocols, where we use derived keys to encrypt
challenges. This novel use of KASs permits the efficient authentication of an
entity in accordance with an authentication policy by associating entities with
security labels representing specific services. Cryptographic keys are
associated with each security label and demonstrating knowledge of an
appropriate key is used as the basis for authentication. Thus, by controlling
the distribution of such keys, restrictions may be efficiently placed upon the
circumstances under which an entity may be authenticated and the services to
which they may gain access.
In this work, we explore how both standardized protocols and novel
constructions may be developed to authenticate entities as members of a group
associated to a particular security label, whilst protecting the long-term
secrets in the system. We also see that such constructions may allow for
authentication whilst preserving anonymity, and that by including a trusted
third party we can achieve the authentication of individual identities and
authentication based on timestamps without the need for synchronized clocks
- …