A Diffie-Hellman based key management scheme for hierarchical access control

All organizations share data in a carefully managed fashion\ud by using access control mechanisms. We focus on enforcing access control by encrypting the data and managing the encryption keys. We make the realistic assumption that the structure of any organization is a hierarchy of security classes. Data from a certain security class can only be accessed by another security class, if it is higher or at the same level in the hierarchy. Otherwise access is denied. Our solution is based on the Die-Hellman key exchange protocol. We show, that the theoretical worst case performance of our solution is slightly better than that of all other existing solutions. We also show, that our performance in practical cases is linear in the size of the hierarchy, whereas the best results from the literature are quadratic

Lazy updates in key assignment schemes for hierarchical access control

Hierarchical access control policies are used to restrict access to objects by users based on their respective security labels. There are many key assignment schemes in the literature for implementing such policies using cryptographic mechanisms. Updating keys in such schemes has always been problematic, not least because many objects may be encrypted with the same key. We propose a number of techniques by which this process can be improved, making use of the idea of lazy key updates, which have been studied in the context of cryptographic file systems. We demonstrate in passing that schemes for lazy key updates can be regarded as simple instances of key assignment schemes. Finally, we illustrate the utility of our techniques by applying them to hierarchical file systems and to temporal access control policies

Key Indistinguishability vs. Strong Key Indistinguishability for Hierarchical Key Assignment Schemes

A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. In this paper we analyze the security of hierarchical key assignment schemes according to different notions: security with respect to key indistinguishability and against key recovery, as well as the two recently proposed notions of security with respect to strong key indistinguishability and against strong key recovery. We first explore the relations between all security notions and, in particular, we prove that security with respect to strong key indistinguishability is not stronger than the one with respect to key indistinguishability. Afterwards, we propose a general construction yielding a hierarchical key assignment scheme offering security against strong key recovery, given any hierarchical key assignment scheme which guarantees security against key recovery

Access and information flow control to secure mobile web service compositions in resource constrained environments

The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environments¹. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field