Cryptographic Role-Based Access Control, Reconsidered

A significant shortcoming of traditional access control mechanisms is their heavy reliance on reference monitors. Being single points of failure, monitors need to run in protected mode and have permanent online presence in order to handle all access requests. Cryptographic access control offers an alternative solution that provides better scalability and deployability. It relies on security guarantees of the underlying cryptographic primitives and the appropriate key distribution/management in the system. In order to rigorously study security guarantees that a cryptographic access control system can achieve, providing formal security definitions for the system is of great importance, since the security guarantee of the underlying cryptographic primitives cannot be directly translated into those of the system. In this paper, we follow the line of the existing studies on the cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study focusing on the relation between the existing security definitions for such systems, we identify two types of attacks not described in the existing works. Therefore, we propose two new security definitions with the goal of appropriately modeling cryptographic enforcement of Role-Based Access Control policies and studying the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy updates is inherently expensive by presenting two lower bounds for such systems that guarantee correctness and secure access

Anonymous attestation with user-controlled linkability

This paper is motivated by the observation that existing security models for direct anonymous attestation (DAA) have problems to the extent that insecure protocols may be deemed secure when analysed under these models. This is particularly disturbing as DAA is one of the few complex cryptographic protocols resulting from recent theoretical advances actually deployed in real life. Moreover, standardization bodies are currently looking into designing the next generation of such protocols. Our first contribution is to identify issues in existing models for DAA and explain how these errors allow for proving security of insecure protocols. These issues are exhibited in all deployed and proposed DAA protocols (although they can often be easily fixed). Our second contribution is a new security model for a class of "pre-DAA scheme", that is, DAA schemes where the computation on the user side takes place entirely on the trusted platform. Our model captures more accurately than any previous model the security properties demanded from DAA by the trusted computing group (TCG), the group that maintains the DAA standard. Extending the model from pre-DAA to full DAA is only a matter of refining the trust models on the parties involved. Finally, we present a generic construction of a DAA protocol from new building blocks tailored for anonymous attestation. Some of them are new variations on established ideas and may be of independent interest. We give instantiations for these building blocks that yield a DAA scheme more efficient than the one currently deployed, and as efficient as the one about to be standardized by the TCG which has no valid security proof. © 2013 Springer-Verlag Berlin Heidelberg

On Necessary and Sufficient Conditions for Private Ballot Submission

We exhibit the precise security guarantees that a public key encryption scheme needs to satisfy to guarantee ballot privacy when used in a large class of voting systems. We also identify new security notions for public key encryption that characterize the number of times that a public key can be used in different elections, and show that the most common ballot preparation approach that consists in encrypting the vote and adding a NIZK proof of its validity is sound, even without hardwiring the voter identity in the proof. Our results provide important steps towards proving the privacy of the ballot submission procedure in the widely deployed Helios voting system

Policy privacy in cryptographic access control

Cryptographic access control offers selective accessto encrypted data via a combination of key management andfunctionality-rich cryptographic schemes, such as attribute-basedencryption. Using this approach, publicly available meta-datamay inadvertently leak information on the access policy that isenforced by cryptography, which renders cryptographic accesscontrol unusable in settings where this information is highlysensitive.We begin to address this problem by presenting rigorousdefinitions for policy privacy in cryptographic access control.For concreteness we set our results in the model of Role-BasedAccess Control (RBAC), where we identify and formalize severaldifferent flavors of privacy; however, our framework should serveas inspiration for other models of access control. Based on ourinsights we propose a new system which significantly improves onthe privacy properties of state-of-the-art constructions. Our designis based on a novel type of privacy-preserving attribute-basedencryption, which we introduce and show how to instantiate.We present our results in the context of a cryptographicRBAC system by Ferrara et al. (CSF’13), which uses cryptographyto control read access to files, while write access isstill delegated to trusted monitors. We give an extension of theconstruction that permits cryptographic control over write access.Our construction assumes that key management uses out-of-bandchannels between the policy enforcer and the users but eliminatescompletely the need for monitoring read/write access to the data