using encryption to enforce an information flow policy
play

Using Encryption to Enforce an Information Flow Policy Research - PowerPoint PPT Presentation

Feb 21, 2024 •106 likes •472 views

Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Information Security Group Royal Holloway, University

  1. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Information Security Group Royal Holloway, University of London DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  2. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The problem Given a poset X , find a method of assigning keys to elements of X with the following properties: • For each x ∈ X , there is a single key k ( x ) • For each key k ( x ), it is possible to derive k ( y ) for all y � x We must consider the following issues: • Key generation • Key derivation • Security - resistance to collaborative attacks by keyholders • Computational and key storage overheads DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  3. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Introduction – Generic solution Associate certain public information with each element x ∈ X Compute secret key k ( x ) for each element x ∈ X using one-way function Publish information for each element of X such that • Given k ( x ) and y � x it is possible to use public information to derive secret key k ( y ) • Given k ( x ) and y � � x it is not possible to derive secret key k ( y ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  4. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Outline of talk • Review of yesterday’s talk • A hybrid scheme • Embedding a poset into a lattice of divisors • Policies and schemes based on directed graphs • Future work DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  5. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a distinct prime e ( x ) (4) For each x ∈ X , define and publish e ( x ) = � y � � x e ( y ) (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  6. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 3 � ❅ 2 . 5 . 13 � ❅ r 5 r 2 . 3 . 7 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 7 11 13 2 . 3 . 5 . 11 . 13 2 . 3 . 5 . 7 . 13 2 . 3 . 5 . 7 . 11 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  7. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MacKinnon-Taylor-Meijer-Akl scheme We assume that there exists a partition of X into w disjoint chains (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Assign a prime e i to the i th chain and, starting with the maximal element of each chain, define e ( x ) = e j i , where x is the j th element of the i th chain (4) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � � x } (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n Key derivation is similar to Akl-Taylor scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  8. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MTMA scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 2 2 � ❅ 2 1 3 1 5 1 � ❅ r 2 3 r 3 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 5 2 3 3 2 2 2 3 2 5 2 3 3 1 5 1 2 3 3 2 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  9. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a prime e ( x ) and compute d ( x ), where e ( x ) · d ( x ) = 1 mod φ ( n ) (4) For each x ∈ X , define � � e ( x ) = e ( y ) and d ( x ) = d ( y ) mod φ ( n ) y � x y � x (5) For each x ∈ X , compute secret key k ( x ) = κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  10. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – A simple example e 6 e 1 e 2 e 3 e 4 e 5 e 6 r r � ❅ � ❅ � ❅ � ❅ e 4 � ❅ e 1 e 2 e 4 � ❅ r e 5 r e 2 e 3 e 5 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) Each e ( x ) includes a factor that is not included in e ( y ) for any y � x DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  11. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A hybrid scheme (Crampton) Combine elements of the MTMA and the Harn-Lin schemes • Reduce the number of primes required in the Harn-Lin scheme • Reduce the difficulty of updates in the MTMA scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  12. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Choose primes e 1 , . . . , e w and compute d i , where e i · d i = 1 mod φ ( n ) (4) Assign e i to the the i th chain and, starting with the minimal element of each chain, define e ( x ) = e j i , where x is the j th element in the i th chain (5) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � x } and d ( x ) = lcm { d ( y ) : y � x } mod φ ( n ) (6) For each x ∈ X , compute secret key κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  13. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A simple example e 3 e 3 1 e 2 2 e 3 1 r r � ❅ � ❅ � ❅ � ❅ 1 � ❅ 1 e 2 � ❅ e 2 r e 2 e 2 r e 2 r r 2 e 3 � ❅ � ❅ � ❅ � ❅ 2 � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) If the holders of keys κ d 1 and κ d 2 wish to compute κ d 2 1 d 2 (say) then they must solve the equation e 1 d 1 = 1 mod φ ( n ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  14. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Security considerations Claim: Security of hybrid scheme is equivalent to that of Harn-Lin scheme Question: Is the Harn-Lin scheme secure against all collaborative attacks? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  15. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes The Akl-Taylor and Harn-Lin schemes require n primes (where n = | X | ) The MTMA and hybrid schemes require w primes (where w is the width of X ) Can we do better? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  16. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes (2 , 2) r � ❅ Let m be the maximal out- � ❅ (2 , 1) � ❅ degree or in-degree of a node in r (1 , 2) r � ❅ � ❅ the Hasse diagram of X � ❅ � ❅ (2 , 0) � ❅ � ❅ r (0 , 2) r r (1 , 1) X can be embedded Claim: in a fragment of the poset (1 , 0) r (0 , 1) r S ( a 1 , . . . , a m ) for suitable val- ues of a i r (0 , 0) S (2 , 2) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  17. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes Note that S ( a 1 , . . . , a m ) is or- e 2 1 e 2 2 r � ❅ der isomorphic to the lattice of � ❅ divisors of � m i =1 e a i for suitable 1 e 2 � ❅ i e 2 r e 1 e 2 r � ❅ � ❅ 2 choices of primes e i � ❅ � ❅ 1 � ❅ � ❅ ( b 1 , . . . , b m ) �→ e b 1 1 . . . e b m e 2 r e 2 r r 2 m e 1 e 2 However, keyholders can col- r r laborate to derive keys r DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

Recommend

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks Matthew Van Gundy and Hao Chen University of California, Davis 16th Annual Network & Distributed System Security Symposium

1.08k views • 80 slides
Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption Changhyun Lee, Yeonju Choi, Hyeongmin Park, Kangbin Yim, and Sun-Young Lee Soonchunhyang University IMIS 2019 Presenter: Brandon Falk (

645 views • 21 slides
Information flow and policy In five minutes, you learn what the average college graduate

Information flow and policy In five minutes, you learn what the average college graduate

Information flow and policy In five minutes, you learn what the average college graduate remembers five years after he or she is out of school. If you want to know more about something... Ask me Man pages, manuals, papers, books

451 views • 18 slides
HOW TO IMPLEMENT AND ENFORCE THE WEST VIRGINIA PUPPY MILL LAW Tara Loller Policy

HOW TO IMPLEMENT AND ENFORCE THE WEST VIRGINIA PUPPY MILL LAW Tara Loller Policy

HOW TO IMPLEMENT AND ENFORCE THE WEST VIRGINIA PUPPY MILL LAW Tara Loller Policy Implementation Manager, Puppy Mills Campaign Puppy Mills Campaign Establish relationships Work with agencies to partner on effective enforcement

739 views • 35 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce

HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce

HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce Declaration, By-Laws and Rules as directed by Board of Directors Provide financial, administration, customer service and 24-hour emergency service

808 views • 36 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

649 views • 60 slides
Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption, and accounting/tax services Nigel Cory Associate Director, Trade Policy, ITIF August 23, 2019 @Nigelcory ncory@itif.org @ITIFdc The

377 views • 20 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Provable Security Meets the Real World Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH Binary Packet Protocol IPsec MAC-then-Encrypt Lessons learned? 2 Outline RSA encryption in PKCS#1

948 views • 61 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Thoughts on Email Encryption Michael Kennedy Bar Counsel 1 8/29/2016 Rule 1.6 A lawyer shall

Thoughts on Email Encryption Michael Kennedy Bar Counsel 1 8/29/2016 Rule 1.6 A lawyer shall

8/29/2016 2016 National Federation of Paralegal Associations Annual Conference and Policy Meeting E Mail Encryption Tech Ethics Online Reputation Management Thoughts on Email Encryption Michael Kennedy Bar Counsel 1 8/29/2016 Rule 1.6 A

671 views • 28 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Facebook encryption approach Cecilia Zappal EU Policy Manager, Facebook 1.3 billion users

Facebook encryption approach Cecilia Zappal EU Policy Manager, Facebook 1.3 billion users

Facebook encryption approach Cecilia Zappal EU Policy Manager, Facebook 1.3 billion users 180 countries Give people the power to build community and bring the world closer together - securely I grew up in a society where everything you

403 views • 16 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides

More recommend