The University of Southampton
University of Southampton Institutional Repository

Policy privacy in cryptographic access control

Policy privacy in cryptographic access control
Policy privacy in cryptographic access control
Cryptographic access control offers selective access
to encrypted data via a combination of key management and
functionality-rich cryptographic schemes, such as attribute-based
encryption. Using this approach, publicly available meta-data
may inadvertently leak information on the access policy that is
enforced by cryptography, which renders cryptographic access
control unusable in settings where this information is highly
sensitive.
We begin to address this problem by presenting rigorous
definitions for policy privacy in cryptographic access control.
For concreteness we set our results in the model of Role-Based
Access Control (RBAC), where we identify and formalize several
different flavors of privacy; however, our framework should serve
as inspiration for other models of access control. Based on our
insights we propose a new system which significantly improves on
the privacy properties of state-of-the-art constructions. Our design
is based on a novel type of privacy-preserving attribute-based
encryption, which we introduce and show how to instantiate.
We present our results in the context of a cryptographic
RBAC system by Ferrara et al. (CSF’13), which uses cryptography
to control read access to files, while write access is
still delegated to trusted monitors. We give an extension of the
construction that permits cryptographic control over write access.
Our construction assumes that key management uses out-of-band
channels between the policy enforcer and the users but eliminates
completely the need for monitoring read/write access to the data.
Ferrara, Anna
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Fuchsbauer, Georg
036dc7fc-7cad-48b9-9465-7444086bef8c
Liu, B.
c99d0f80-7480-4069-a77c-0e79c622e9e4
Warinschi, Bodgan
9ec453c4-d21a-474b-9ce3-270c87f87454
Ferrara, Anna
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Fuchsbauer, Georg
036dc7fc-7cad-48b9-9465-7444086bef8c
Liu, B.
c99d0f80-7480-4069-a77c-0e79c622e9e4
Warinschi, Bodgan
9ec453c4-d21a-474b-9ce3-270c87f87454

Ferrara, Anna, Fuchsbauer, Georg, Liu, B. and Warinschi, Bodgan (2015) Policy privacy in cryptographic access control. 2015 IEEE 28th Computer Security Foundations Symposium, Italy. 13 - 17 Jul 2015.

Record type: Conference or Workshop Item (Paper)

Abstract

Cryptographic access control offers selective access
to encrypted data via a combination of key management and
functionality-rich cryptographic schemes, such as attribute-based
encryption. Using this approach, publicly available meta-data
may inadvertently leak information on the access policy that is
enforced by cryptography, which renders cryptographic access
control unusable in settings where this information is highly
sensitive.
We begin to address this problem by presenting rigorous
definitions for policy privacy in cryptographic access control.
For concreteness we set our results in the model of Role-Based
Access Control (RBAC), where we identify and formalize several
different flavors of privacy; however, our framework should serve
as inspiration for other models of access control. Based on our
insights we propose a new system which significantly improves on
the privacy properties of state-of-the-art constructions. Our design
is based on a novel type of privacy-preserving attribute-based
encryption, which we introduce and show how to instantiate.
We present our results in the context of a cryptographic
RBAC system by Ferrara et al. (CSF’13), which uses cryptography
to control read access to files, while write access is
still delegated to trusted monitors. We give an extension of the
construction that permits cryptographic control over write access.
Our construction assumes that key management uses out-of-band
channels between the policy enforcer and the users but eliminates
completely the need for monitoring read/write access to the data.

Text
Policy Privacy in Cryptographic Access Control - Version of Record
Download (406kB)

More information

Accepted/In Press date: 6 April 2015
Published date: 13 July 2015
Additional Information: This is published copy, which is open access.
Venue - Dates: 2015 IEEE 28th Computer Security Foundations Symposium, Italy, 2015-07-13 - 2015-07-17

Identifiers

Local EPrints ID: 412976
URI: http://eprints.soton.ac.uk/id/eprint/412976
PURE UUID: af916102-535b-47ab-862d-e86f8fa3a129

Catalogue record

Date deposited: 10 Aug 2017 16:30
Last modified: 06 Oct 2020 23:51

Export record

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×