On Key Assignment Schemes and Cryptographic Enforcement Mechanisms for Information Flow Policies. / Farley, Naomi.

2018. 187 p.

Research output: ThesisDoctoral Thesis

Forthcoming

Standard

Harvard

APA

Vancouver

Author

BibTeX

@phdthesis{9d010b235cd4472bbebcdbf05cd0eb57,
title = "On Key Assignment Schemes and Cryptographic Enforcement Mechanisms for Information Flow Policies",
abstract = "In this thesis, we consider the cryptographic enforcement of (read-only) information ow policies, which model hierarchies of security labels. For example, a symmetric key can be associated with each security label and used to encrypt associated objects. Users authorised for many labels may need to be issued many keys, which may be undesirable, particularly when user storage is limited. A key assignment scheme (KAS) allows a trusted entity to generate a `small' secret for each user, from which all required keys can be derived. Key derivation may also rely on additional public information, which can be large and expensive to maintain.In this thesis, we propose three symmetric KASs that eliminate public derivation information. Our first KAS is based on partitioning the policy hierarchy into chains, which permits very efficient key derivation. We show how to construct a chain partition that minimises the cryptographic material required both in total and by any one user. We then show that working with trees, rather than chains, further reduces the material distributed to users and that tree partitions are quicker to find than chain partitions. We then design a space-efficient KAS that imposes a logarithmic bound on derivation cost. In the worst case, user material may be larger than in prior schemes; we therefore design heuristic approaches and provide experimental evidence that the resulting schemes compare favourably to existing schemes.Finally, we provide a definitional framework for CESs for read-only information ow policies, using which CESs can be proven correct and secure, and which helps identify limitations of primitives in CESs.",
keywords = "Cryptography, Access Control, key management",
author = "Naomi Farley",
year = "2018",
month = nov,
day = "12",
language = "English",
school = "Royal Holloway, University of London",

}

RIS

TY - THES

T1 - On Key Assignment Schemes and Cryptographic Enforcement Mechanisms for Information Flow Policies

AU - Farley, Naomi

PY - 2018/11/12

Y1 - 2018/11/12

N2 - In this thesis, we consider the cryptographic enforcement of (read-only) information ow policies, which model hierarchies of security labels. For example, a symmetric key can be associated with each security label and used to encrypt associated objects. Users authorised for many labels may need to be issued many keys, which may be undesirable, particularly when user storage is limited. A key assignment scheme (KAS) allows a trusted entity to generate a `small' secret for each user, from which all required keys can be derived. Key derivation may also rely on additional public information, which can be large and expensive to maintain.In this thesis, we propose three symmetric KASs that eliminate public derivation information. Our first KAS is based on partitioning the policy hierarchy into chains, which permits very efficient key derivation. We show how to construct a chain partition that minimises the cryptographic material required both in total and by any one user. We then show that working with trees, rather than chains, further reduces the material distributed to users and that tree partitions are quicker to find than chain partitions. We then design a space-efficient KAS that imposes a logarithmic bound on derivation cost. In the worst case, user material may be larger than in prior schemes; we therefore design heuristic approaches and provide experimental evidence that the resulting schemes compare favourably to existing schemes.Finally, we provide a definitional framework for CESs for read-only information ow policies, using which CESs can be proven correct and secure, and which helps identify limitations of primitives in CESs.

AB - In this thesis, we consider the cryptographic enforcement of (read-only) information ow policies, which model hierarchies of security labels. For example, a symmetric key can be associated with each security label and used to encrypt associated objects. Users authorised for many labels may need to be issued many keys, which may be undesirable, particularly when user storage is limited. A key assignment scheme (KAS) allows a trusted entity to generate a `small' secret for each user, from which all required keys can be derived. Key derivation may also rely on additional public information, which can be large and expensive to maintain.In this thesis, we propose three symmetric KASs that eliminate public derivation information. Our first KAS is based on partitioning the policy hierarchy into chains, which permits very efficient key derivation. We show how to construct a chain partition that minimises the cryptographic material required both in total and by any one user. We then show that working with trees, rather than chains, further reduces the material distributed to users and that tree partitions are quicker to find than chain partitions. We then design a space-efficient KAS that imposes a logarithmic bound on derivation cost. In the worst case, user material may be larger than in prior schemes; we therefore design heuristic approaches and provide experimental evidence that the resulting schemes compare favourably to existing schemes.Finally, we provide a definitional framework for CESs for read-only information ow policies, using which CESs can be proven correct and secure, and which helps identify limitations of primitives in CESs.

KW - Cryptography

KW - Access Control

KW - key management

M3 - Doctoral Thesis

ER -