Title :
Attribute pooling for Cryptographic Access Control
Author :
Kiviharju, Mikko
Author_Institution :
Inf. Technol. Div., Finnish Defence Res. Agency, Riihimaki, Finland
Abstract :
The need to securely share classified information is a long-standing open problem, especially in large and dynamic environments. Multiple large scale approaches, such as NATO Object Level Protection (OLP) and Content-based Protection and Release (CPR) address parts of this problem. CPR contains an example for enforcement paradigm called Cryptographic Access Control (CAC), to enable combining protection and release policies with content, user and terminal properties (or attributes) cryptographically. The main element of CAC in this case is called attribute-based encryption, or ABE. With ABE it is possible to enforce very fine-grained policies, but combining attributes from users and terminals for general policies is cumbersome and not directly possible with existing schemes. We present in this paper a key-management encryption scheme on top of a multi-authority ABE solving the key pooling problem. Direct applications include a more efficient and general CAC approach for e.g. CPR to enable more secure handling of multi-level secure, encrypted content. Indirectly, the more general framework of CAC itself is completed with this functionality.
Keywords :
authorisation; cryptography; CAC; CPR; OLP; attribute pooling; attribute-based encryption; content-based protection and release; cryptographic access control; key pooling problem; key-management encryption scheme; multiauthority ABE; multilevel secure encrypted content; object level protection; release policies; terminal properties; Algorithm design and analysis; Cryptography; ABE; CAC; CPR; LW-ABE; MLS; OLP; key management; provable security;
Conference_Titel :
Military Communications and Information Systems (ICMCIS), 2015 International Conference on
Conference_Location :
Cracow
Print_ISBN :
978-8-3934-8485-0
DOI :
10.1109/ICMCIS.2015.7158677
