Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792874
Title: On key assignment schemes and cryptographic enforcement mechanisms for information flow policies
Author: Farley, Naomi
ISNI:       0000 0004 8500 5125
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Access control policies specify permissible interactions between users and system resources, and are typically enforced by trusted components. Third parties (e.g. cloud servers) may not be trusted to correctly enforce a policy, in which case cryptographic enforcement schemes (CESs) may be used. In this thesis, we consider the cryptographic enforcement of (read-only) information flow policies, which model hierarchies of security labels. For example, a symmetric key can be associated with each security label and used to encrypt associated objects. Users authorised for many labels may need to be issued many keys, which may be undesirable, particularly when user storage is limited. A key assignment scheme (KAS) allows a trusted entity to generate a 'small' secret for each user, from which all required keys can be derived. Key derivation may also rely on additional public information, which can be large and expensive to maintain. In this thesis, we propose three symmetric KASs that eliminate public derivation information. Our first KAS is based on partitioning the policy hierarchy into chains, which permits very efficient key derivation. We show how to construct a chain partition that minimises the cryptographic material required both in total and by any one user. We then show that working with trees, rather than chains, further reduces the material distributed to users and that tree partitions are quicker to find than chain partitions. We then design a space-efficient KAS that imposes a logarithmic bound on derivation cost. In the worst case, user material may be larger than in prior schemes; we therefore design heuristic approaches and provide experimental evidence that the resulting schemes compare favourably to existing schemes. Finally, we provide a definitional framework for CESs for read-only information flow policies, using which CESs can be proven correct and secure, and which helps identify limitations of primitives in CESs.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.792874  DOI: Not available
Keywords: Cryptography ; Access Control ; key management
Share: