using encryption to enforce an information flow policy
play

Using Encryption to Enforce an Information Flow Policy Research - PowerPoint PPT Presentation

Feb 21, 2024 •106 likes •472 views

Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Information Security Group Royal Holloway, University

  1. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Information Security Group Royal Holloway, University of London DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  2. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The problem Given a poset X , find a method of assigning keys to elements of X with the following properties: • For each x ∈ X , there is a single key k ( x ) • For each key k ( x ), it is possible to derive k ( y ) for all y � x We must consider the following issues: • Key generation • Key derivation • Security - resistance to collaborative attacks by keyholders • Computational and key storage overheads DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  3. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Introduction – Generic solution Associate certain public information with each element x ∈ X Compute secret key k ( x ) for each element x ∈ X using one-way function Publish information for each element of X such that • Given k ( x ) and y � x it is possible to use public information to derive secret key k ( y ) • Given k ( x ) and y � � x it is not possible to derive secret key k ( y ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  4. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Outline of talk • Review of yesterday’s talk • A hybrid scheme • Embedding a poset into a lattice of divisors • Policies and schemes based on directed graphs • Future work DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  5. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a distinct prime e ( x ) (4) For each x ∈ X , define and publish e ( x ) = � y � � x e ( y ) (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  6. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Akl-Taylor scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 3 � ❅ 2 . 5 . 13 � ❅ r 5 r 2 . 3 . 7 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 7 11 13 2 . 3 . 5 . 11 . 13 2 . 3 . 5 . 7 . 13 2 . 3 . 5 . 7 . 11 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  7. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MacKinnon-Taylor-Meijer-Akl scheme We assume that there exists a partition of X into w disjoint chains (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Assign a prime e i to the i th chain and, starting with the maximal element of each chain, define e ( x ) = e j i , where x is the j th element of the i th chain (4) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � � x } (5) For each x ∈ X , compute secret key k ( x ) = κ e ( x ) mod n Key derivation is similar to Akl-Taylor scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  8. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The MTMA scheme – A simple example 2 1 r r � ❅ � ❅ � ❅ � ❅ 2 2 � ❅ 2 1 3 1 5 1 � ❅ r 2 3 r 3 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r 5 2 3 3 2 2 2 3 2 5 2 3 3 1 5 1 2 3 3 2 e ( x ) e ( x ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  9. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) For each x ∈ X , choose a prime e ( x ) and compute d ( x ), where e ( x ) · d ( x ) = 1 mod φ ( n ) (4) For each x ∈ X , define � � e ( x ) = e ( y ) and d ( x ) = d ( y ) mod φ ( n ) y � x y � x (5) For each x ∈ X , compute secret key k ( x ) = κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  10. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton The Harn-Lin scheme – A simple example e 6 e 1 e 2 e 3 e 4 e 5 e 6 r r � ❅ � ❅ � ❅ � ❅ e 4 � ❅ e 1 e 2 e 4 � ❅ r e 5 r e 2 e 3 e 5 r r � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) Each e ( x ) includes a factor that is not included in e ( y ) for any y � x DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  11. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A hybrid scheme (Crampton) Combine elements of the MTMA and the Harn-Lin schemes • Reduce the number of primes required in the Harn-Lin scheme • Reduce the difficulty of updates in the MTMA scheme DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  12. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Key generation (1) Choose large primes p and q and publish n = pq (2) Choose κ ∈ [2 , n − 1] such that ( κ, n ) = 1 (3) Choose primes e 1 , . . . , e w and compute d i , where e i · d i = 1 mod φ ( n ) (4) Assign e i to the the i th chain and, starting with the minimal element of each chain, define e ( x ) = e j i , where x is the j th element in the i th chain (5) For each x ∈ X , define e ( x ) = lcm { e ( y ) : y � x } and d ( x ) = lcm { d ( y ) : y � x } mod φ ( n ) (6) For each x ∈ X , compute secret key κ d ( x ) mod n DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  13. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton A simple example e 3 e 3 1 e 2 2 e 3 1 r r � ❅ � ❅ � ❅ � ❅ 1 � ❅ 1 e 2 � ❅ e 2 r e 2 e 2 r e 2 r r 2 e 3 � ❅ � ❅ � ❅ � ❅ 2 � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ r r r r r r e 1 e 2 e 3 e 1 e 2 e 3 e ( x ) e ( x ) If the holders of keys κ d 1 and κ d 2 wish to compute κ d 2 1 d 2 (say) then they must solve the equation e 1 d 1 = 1 mod φ ( n ) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  14. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Security considerations Claim: Security of hybrid scheme is equivalent to that of Harn-Lin scheme Question: Is the Harn-Lin scheme secure against all collaborative attacks? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  15. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes The Akl-Taylor and Harn-Lin schemes require n primes (where n = | X | ) The MTMA and hybrid schemes require w primes (where w is the width of X ) Can we do better? DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  16. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes (2 , 2) r � ❅ Let m be the maximal out- � ❅ (2 , 1) � ❅ degree or in-degree of a node in r (1 , 2) r � ❅ � ❅ the Hasse diagram of X � ❅ � ❅ (2 , 0) � ❅ � ❅ r (0 , 2) r r (1 , 1) X can be embedded Claim: in a fragment of the poset (1 , 0) r (0 , 1) r S ( a 1 , . . . , a m ) for suitable val- ues of a i r (0 , 0) S (2 , 2) DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

  17. Using Encryption to Enforce an Information Flow Policy – Research Directions Jason Crampton Minimizing the number of primes Note that S ( a 1 , . . . , a m ) is or- e 2 1 e 2 2 r � ❅ der isomorphic to the lattice of � ❅ divisors of � m i =1 e a i for suitable 1 e 2 � ❅ i e 2 r e 1 e 2 r � ❅ � ❅ 2 choices of primes e i � ❅ � ❅ 1 � ❅ � ❅ ( b 1 , . . . , b m ) �→ e b 1 1 . . . e b m e 2 r e 2 r r 2 m e 1 e 2 However, keyholders can col- r r laborate to derive keys r DIMACS Working Group on Applications of Order Theory to Homeland Defense & Computer Security 30 Sept 2004

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site

Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks Matthew Van Gundy and Hao Chen University of California, Davis 16th Annual Network & Distributed System Security Symposium

1.08k views • 80 slides
Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption Changhyun Lee, Yeonju Choi, Hyeongmin Park, Kangbin Yim, and Sun-Young Lee Soonchunhyang University IMIS 2019 Presenter: Brandon Falk (

645 views • 21 slides
Information flow and policy In five minutes, you learn what the average college graduate

Information flow and policy In five minutes, you learn what the average college graduate

Information flow and policy In five minutes, you learn what the average college graduate remembers five years after he or she is out of school. If you want to know more about something... Ask me Man pages, manuals, papers, books

451 views • 18 slides
HOW TO IMPLEMENT AND ENFORCE THE WEST VIRGINIA PUPPY MILL LAW Tara Loller Policy

HOW TO IMPLEMENT AND ENFORCE THE WEST VIRGINIA PUPPY MILL LAW Tara Loller Policy

HOW TO IMPLEMENT AND ENFORCE THE WEST VIRGINIA PUPPY MILL LAW Tara Loller Policy Implementation Manager, Puppy Mills Campaign Puppy Mills Campaign Establish relationships Work with agencies to partner on effective enforcement

739 views • 35 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce

HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce

HOMEOWNER INFORMATION MEETING PROPERTY MANAGEMENT Manage common elements Enforce Declaration, By-Laws and Rules as directed by Board of Directors Provide financial, administration, customer service and 24-hour emergency service

808 views • 36 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

649 views • 60 slides
Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption, and accounting/tax services Nigel Cory Associate Director, Trade Policy, ITIF August 23, 2019 @Nigelcory ncory@itif.org @ITIFdc The

377 views • 20 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Provable Security Meets the Real World Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH Binary Packet Protocol IPsec MAC-then-Encrypt Lessons learned? 2 Outline RSA encryption in PKCS#1

948 views • 61 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
NZIX AGM 2020 Agenda Meeting Open & Chairs Report, Chris Browning Technical

NZIX AGM 2020 Agenda Meeting Open & Chairs Report, Chris Browning Technical

NZIX AGM 2020 Agenda Meeting Open & Chairs Report, Chris Browning Technical Report, Chris Browning Treasurers Report, Dave Mill Secretarys Report, Nathan Brookfield Election of Committee positions, Nathan

592 views • 35 slides
CSCE 471/871 Lecture 3: Markov Chains Markov Chains and and Hidden Markov Models Hidden

CSCE 471/871 Lecture 3: Markov Chains Markov Chains and and Hidden Markov Models Hidden

CSCE 471/871 Lecture 3: CSCE 471/871 Lecture 3: Markov Chains Markov Chains and and Hidden Markov Models Hidden Markov Models Stephen Scott Markov Chains Stephen Scott Hidden Markov Models Specifying an HMM sscott@cse.unl.edu 1

439 views • 26 slides
15-780 - graduate artificial intelligence ai and education iii . Shayan Doroudi May 1, 2017 1

15-780 - graduate artificial intelligence ai and education iii . Shayan Doroudi May 1, 2017 1

15-780 - graduate artificial intelligence ai and education iii . Shayan Doroudi May 1, 2017 1 series overview Lecture Application AI Topics 5/01/17 Instruction Multi-Armed Bandits Series on applications of AI to education. 4/24/17

610 views • 42 slides
From Data to Effects Dependence Graphs: Source-to-Source Transformations for C SCAM 2016 Nelson

From Data to Effects Dependence Graphs: Source-to-Source Transformations for C SCAM 2016 Nelson

From Data to Effects Dependence Graphs: Source-to-Source Transformations for C SCAM 2016 Nelson Lossing Pierre Guillou Franois Irigoin firstname.lastname@mines-paristech.fr MINES ParisTech, PSL Research University October 3, 2016 -

421 views • 28 slides
Fractional Linear What We Do Dependence under Interval Main Idea Main Idea (cont-d)

Fractional Linear What We Do Dependence under Interval Main Idea Main Idea (cont-d)

Fractional Linear . . . Fractional Linear . . . Need to Find . . . Need to Take Interval . . . Fractional Linear What We Do Dependence under Interval Main Idea Main Idea (cont-d) Uncertainty: Main Idea (cont-d) How Good Are the . . .

486 views • 10 slides
Amenability, unique ergodicity and random orderings Alexander S. Kechris Warsaw, July 10, 2012

Amenability, unique ergodicity and random orderings Alexander S. Kechris Warsaw, July 10, 2012

Amenability, unique ergodicity and random orderings Alexander S. Kechris Warsaw, July 10, 2012 Amenability, unique ergodicity and random orderings Introduction I will discuss some aspects of the ergodic theory of automorphism groups of

1.33k views • 97 slides
Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro

Robust Secret Sharing Schemes Against Local Adversaries Allison Bishop Lewko Valerio Pastro Columbia University April 2, 2015 Lewko, Pastro (Columbia) RSSS & Loc Advs April 2, 2015 1 / 22 Secret Sharing (Informal) (Share , Rec) pair of

505 views • 47 slides
13.860 patients 6.523 surgical AVR 3.462 surgical 2.694 transvascular 1.181 transapical

13.860 patients 6.523 surgical AVR 3.462 surgical 2.694 transvascular 1.181 transapical

German Aortic valve RegistrY first follow up data and 5 year plan Inclusion from 01/01/2011 to 31/12/2011 53 cardiac surgery units 69 cardiology units 13.860 patients 6.523 surgical AVR 3.462 surgical 2.694 transvascular 1.181

88 views • 5 slides

More recommend