Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Information Security Group Royal Holloway, University of London DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The problem Given a poset X , find a method of assigning keys to elements of X with the following properties: • For each x ∈ X , there is a single key k ( x ) • For each key k ( x ), it is possible to derive k ( y ) for all y � x We must consider the following issues: • Key generation • Key derivation • Security - resistance to collaborative attacks by keyholders • Computational and key storage overheads DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Introduction – Generic solution Associate certain public information with each element x ∈ X Compute secret key k ( x ) for each element x ∈ X using one-way function Publish information for each element of X such that • Given k ( x ) and y � x it is possible to use public information to derive secret key k ( y ) • Given k ( x ) and y � � x it is not possible to derive secret key k ( y ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Outline of talk • Review of yesterday’s talk • A hybrid scheme • Embedding a poset into a lattice of divisors • Policies and schemes based on directed graphs • Future work DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a distinct prime e ( x ) (4) For each x ∈ X , define and publish e ( x ) = � y � � x e ( y ) (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 3 � ❅ 2 . 5 . 13 � ❅ r 5 r 2 . 3 . 7 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 7 11 13 2 . 3 . 5 . 11 . 13 2 . 3 . 5 . 7 . 13 2 . 3 . 5 . 7 . 11 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MacKinnon-Taylor-Meijer-Akl scheme We assume that there exists a partition of X into w disjoint chains (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Assign a prime e i to the i th chain and, starting with the maximal element of each chain, define e ( x ) = e j i , where x is the j th element of the i th chain (4) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � � x } (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n Key derivation is similar to Akl-Taylor scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MTMA scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 2 2 � ❅ 2 1 3 1 5 1 � ❅ r 2 3 r 3 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 5 2 3 3 2 2 2 3 2 5 2 3 3 1 5 1 2 3 3 2 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a prime e ( x ) and compute d ( x ), where e ( x ) · d ( x ) = 1 mod φ ( n ) (4) For each x ∈ X , define � � e ( x ) = e ( y ) and d ( x ) = d ( y ) mod φ ( n ) y � x y � x (5) For each x ∈ X , compute secret key k ( x ) = κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – A simple example e 6 e 1 e 2 e 3 e 4 e 5 e 6 r r � ❅ � ❅ � ❅ � ❅ e 4 � ❅ e 1 e 2 e 4 � ❅ r e 5 r e 2 e 3 e 5 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) Each e ( x ) includes a factor that is not included in e ( y ) for any y � x DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A hybrid scheme (Crampton) Combine elements of the MTMA and the Harn-Lin schemes • Reduce the number of primes required in the Harn-Lin scheme • Reduce the difficulty of updates in the MTMA scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Choose primes e 1 , . . . , e w and compute d i , where e i · d i = 1 mod φ ( n ) (4) Assign e i to the the i th chain and, starting with the minimal element of each chain, define e ( x ) = e j i , where x is the j th element in the i th chain (5) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � x } and d ( x ) = lcm { d ( y ) : y � x } mod φ ( n ) (6) For each x ∈ X , compute secret key κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A simple example e 3 e 3 1 e 2 2 e 3 1 r r � ❅ � ❅ � ❅ � ❅ 1 � ❅ 1 e 2 � ❅ e 2 r e 2 e 2 r e 2 r r 2 e 3 � ❅ � ❅ � ❅ � ❅ 2 � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) If the holders of keys κ d 1 and κ d 2 wish to compute κ d 2 1 d 2 (say) then they must solve the equation e 1 d 1 = 1 mod φ ( n ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Security considerations Claim: Security of hybrid scheme is equivalent to that of Harn-Lin scheme Question: Is the Harn-Lin scheme secure against all collaborative attacks? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes The Akl-Taylor and Harn-Lin schemes require n primes (where n = | X | ) The MTMA and hybrid schemes require w primes (where w is the width of X ) Can we do better? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes (2 , 2) r � ❅ Let m be the maximal out- � ❅ (2 , 1) � ❅ degree or in-degree of a node in r (1 , 2) r � ❅ � ❅ the Hasse diagram of X � ❅ � ❅ (2 , 0) � ❅ � ❅ r (0 , 2) r r (1 , 1) X can be embedded Claim: in a fragment of the poset (1 , 0) r (0 , 1) r S ( a 1 , . . . , a m ) for suitable val- ues of a i r (0 , 0) S (2 , 2) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes Note that S ( a 1 , . . . , a m ) is or- e 2 1 e 2 2 r � ❅ der isomorphic to the lattice of � ❅ divisors of � m i =1 e a i for suitable 1 e 2 � ❅ i e 2 r e 1 e 2 r � ❅ � ❅ 2 choices of primes e i � ❅ � ❅ 1 � ❅ � ❅ ( b 1 , . . . , b m ) �→ e b 1 1 . . . e b m e 2 r e 2 r r 2 m e 1 e 2 However, keyholders can col- r r laborate to derive keys r DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004
Recommend
More recommend