using encryption to enforce an information flow policy
play

Using Encryption to Enforce an Information Flow Policy Research - PowerPoint PPT Presentation

Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Information Security Group Royal Holloway, University


  1. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Information Security Group Royal Holloway, University of London DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  2. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The problem Given a poset X , find a method of assigning keys to elements of X with the following properties: • For each x ∈ X , there is a single key k ( x ) • For each key k ( x ), it is possible to derive k ( y ) for all y � x We must consider the following issues: • Key generation • Key derivation • Security - resistance to collaborative attacks by keyholders • Computational and key storage overheads DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  3. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Introduction – Generic solution Associate certain public information with each element x ∈ X Compute secret key k ( x ) for each element x ∈ X using one-way function Publish information for each element of X such that • Given k ( x ) and y � x it is possible to use public information to derive secret key k ( y ) • Given k ( x ) and y � � x it is not possible to derive secret key k ( y ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  4. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Outline of talk • Review of yesterday’s talk • A hybrid scheme • Embedding a poset into a lattice of divisors • Policies and schemes based on directed graphs • Future work DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  5. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a distinct prime e ( x ) (4) For each x ∈ X , define and publish e ( x ) = � y � � x e ( y ) (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  6. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 3 � ❅ 2 . 5 . 13 � ❅ r 5 r 2 . 3 . 7 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 7 11 13 2 . 3 . 5 . 11 . 13 2 . 3 . 5 . 7 . 13 2 . 3 . 5 . 7 . 11 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  7. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MacKinnon-Taylor-Meijer-Akl scheme We assume that there exists a partition of X into w disjoint chains (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Assign a prime e i to the i th chain and, starting with the maximal element of each chain, define e ( x ) = e j i , where x is the j th element of the i th chain (4) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � � x } (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n Key derivation is similar to Akl-Taylor scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  8. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MTMA scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 2 2 � ❅ 2 1 3 1 5 1 � ❅ r 2 3 r 3 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 5 2 3 3 2 2 2 3 2 5 2 3 3 1 5 1 2 3 3 2 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  9. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a prime e ( x ) and compute d ( x ), where e ( x ) · d ( x ) = 1 mod φ ( n ) (4) For each x ∈ X , define � � e ( x ) = e ( y ) and d ( x ) = d ( y ) mod φ ( n ) y � x y � x (5) For each x ∈ X , compute secret key k ( x ) = κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  10. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – A simple example e 6 e 1 e 2 e 3 e 4 e 5 e 6 r r � ❅ � ❅ � ❅ � ❅ e 4 � ❅ e 1 e 2 e 4 � ❅ r e 5 r e 2 e 3 e 5 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) Each e ( x ) includes a factor that is not included in e ( y ) for any y � x DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  11. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A hybrid scheme (Crampton) Combine elements of the MTMA and the Harn-Lin schemes • Reduce the number of primes required in the Harn-Lin scheme • Reduce the difficulty of updates in the MTMA scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  12. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Choose primes e 1 , . . . , e w and compute d i , where e i · d i = 1 mod φ ( n ) (4) Assign e i to the the i th chain and, starting with the minimal element of each chain, define e ( x ) = e j i , where x is the j th element in the i th chain (5) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � x } and d ( x ) = lcm { d ( y ) : y � x } mod φ ( n ) (6) For each x ∈ X , compute secret key κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  13. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A simple example e 3 e 3 1 e 2 2 e 3 1 r r � ❅ � ❅ � ❅ � ❅ 1 � ❅ 1 e 2 � ❅ e 2 r e 2 e 2 r e 2 r r 2 e 3 � ❅ � ❅ � ❅ � ❅ 2 � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) If the holders of keys κ d 1 and κ d 2 wish to compute κ d 2 1 d 2 (say) then they must solve the equation e 1 d 1 = 1 mod φ ( n ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  14. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Security considerations Claim: Security of hybrid scheme is equivalent to that of Harn-Lin scheme Question: Is the Harn-Lin scheme secure against all collaborative attacks? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  15. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes The Akl-Taylor and Harn-Lin schemes require n primes (where n = | X | ) The MTMA and hybrid schemes require w primes (where w is the width of X ) Can we do better? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  16. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes (2 , 2) r � ❅ Let m be the maximal out- � ❅ (2 , 1) � ❅ degree or in-degree of a node in r (1 , 2) r � ❅ � ❅ the Hasse diagram of X � ❅ � ❅ (2 , 0) � ❅ � ❅ r (0 , 2) r r (1 , 1) X can be embedded Claim: in a fragment of the poset (1 , 0) r (0 , 1) r S ( a 1 , . . . , a m ) for suitable val- ues of a i r (0 , 0) S (2 , 2) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  17. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes Note that S ( a 1 , . . . , a m ) is or- e 2 1 e 2 2 r � ❅ der isomorphic to the lattice of � ❅ divisors of � m i =1 e a i for suitable 1 e 2 � ❅ i e 2 r e 1 e 2 r � ❅ � ❅ 2 choices of primes e i � ❅ � ❅ 1 � ❅ � ❅ ( b 1 , . . . , b m ) �→ e b 1 1 . . . e b m e 2 r e 2 r r 2 m e 1 e 2 However, keyholders can col- r r laborate to derive keys r DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

Recommend


More recommend