Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Bernd Prünster*, Gerald Palfinger, Dominik Ziegler

*Korrespondierende/r Autor/in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.

Originalspracheenglisch
TitelNetwork and System Security - 14th International Conference, NSS 2020, Proceedings
Untertitel14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings
Redakteure/-innenMirosław Kutyłowski, Jun Zhang, Chao Chen
Herausgeber (Verlag)Springer
Seiten311-326
Seitenumfang16
ISBN (Print)978-3-030-65744-4
DOIs
PublikationsstatusVeröffentlicht - 1 Jan 2020
Veranstaltung14th International Conference on Network and System Security - Virtual, Melbourne, Australien
Dauer: 25 Nov 202027 Nov 2020

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band12570 LNCS
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz14th International Conference on Network and System Security
KurztitelNSS 2020
LandAustralien
OrtVirtual, Melbourne
Zeitraum25/11/2027/11/20

ASJC Scopus subject areas

  • !!Theoretical Computer Science
  • !!Computer Science(all)

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Untersuchen Sie die Forschungsthemen von „Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren