Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Bernd Prünster; Gerald Palfinger; Dominik Ziegler

doi:10.1007/978-3-030-65745-1_18

Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Bernd Prünster^*, Gerald Palfinger, Dominik Ziegler

^*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.

Originalsprache	englisch
Titel	Network and System Security - 14th International Conference, NSS 2020, Proceedings
Untertitel	14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings
Redakteure/-innen	Mirosław Kutyłowski, Jun Zhang, Chao Chen
Herausgeber (Verlag)	Springer
Seiten	311-326
Seitenumfang	16
ISBN (Print)	978-3-030-65744-4
DOIs	https://doi.org/10.1007/978-3-030-65745-1_18
Publikationsstatus	Veröffentlicht - 1 Jan. 2020
Veranstaltung	14th International Conference on Network and System Security - Virtual, Melbourne, Australien Dauer: 25 Nov. 2020 → 27 Nov. 2020

Publikationsreihe

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band	12570 LNCS
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Konferenz

Konferenz	14th International Conference on Network and System Security
Kurztitel	NSS 2020
Land/Gebiet	Australien
Ort	Virtual, Melbourne
Zeitraum	25/11/20 → 27/11/20

ASJC Scopus subject areas

Theoretische Informatik
Informatik (insg.)

Fields of Expertise

Information, Communication & Computing

Zugriff auf Dokument

10.1007/978-3-030-65745-1_18

accapted-manuscriptAkzeptiertes Autorenmanuskript, 386 KB

Andere Dateien und Links

http://www.scopus.com/inward/record.url?scp=85098257041&partnerID=8YFLogxK

A-SIT - Zentrum für sichere Informationstechnologie Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Projekt: Arbeitsgebiet

Dieses zitieren

Prünster, B., Palfinger, G., & Ziegler, D. (2020). Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality. in M. Kutyłowski, J. Zhang, & C. Chen (Hrsg.), Network and System Security - 14th International Conference, NSS 2020, Proceedings: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings (S. 311-326). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 12570 LNCS). Springer. https://doi.org/10.1007/978-3-030-65745-1_18

Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality. / Prünster, Bernd; Palfinger, Gerald; Ziegler, Dominik.
Network and System Security - 14th International Conference, NSS 2020, Proceedings: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings. Hrsg. / Mirosław Kutyłowski; Jun Zhang; Chao Chen. Springer, 2020. S. 311-326 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 12570 LNCS).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Prünster, B, Palfinger, G & Ziegler, D 2020, Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality. in M Kutyłowski, J Zhang & C Chen (Hrsg.), Network and System Security - 14th International Conference, NSS 2020, Proceedings: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 12570 LNCS, Springer, S. 311-326, 14th International Conference on Network and System Security, Virtual, Melbourne, Australien, 25/11/20. https://doi.org/10.1007/978-3-030-65745-1_18

Prünster B, Palfinger G, Ziegler D. Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality. in Kutyłowski M, Zhang J, Chen C, Hrsg., Network and System Security - 14th International Conference, NSS 2020, Proceedings: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings. Springer. 2020. S. 311-326. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-65745-1_18

Prünster, Bernd ; Palfinger, Gerald ; Ziegler, Dominik. / Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality. Network and System Security - 14th International Conference, NSS 2020, Proceedings: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings. Hrsg. / Mirosław Kutyłowski ; Jun Zhang ; Chao Chen. Springer, 2020. S. 311-326 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{fb80822bf901429e87416401d4d9b843,

title = "Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality",

abstract = "This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.",

keywords = "Decentralised Access Control, Trusted Computing, Peer-to-Peer, Trusted computing, Peer-to-peer, Decentralised access control",

author = "Bernd Pr{\"u}nster and Gerald Palfinger and Dominik Ziegler",

year = "2020",

month = jan,

day = "1",

doi = "10.1007/978-3-030-65745-1_18",

language = "English",

isbn = "978-3-030-65744-4",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "311--326",

editor = "Miros{\l}aw Kuty{\l}owski and Jun Zhang and Chao Chen",

booktitle = "Network and System Security - 14th International Conference, NSS 2020, Proceedings",

note = "14th International Conference on Network and System Security, NSS 2020 ; Conference date: 25-11-2020 Through 27-11-2020",

}

TY - GEN

T1 - Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

AU - Prünster, Bernd

AU - Palfinger, Gerald

AU - Ziegler, Dominik

PY - 2020/1/1

Y1 - 2020/1/1

N2 - This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.

AB - This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.

KW - Decentralised Access Control

KW - Trusted Computing

KW - Peer-to-Peer

KW - Trusted computing

KW - Peer-to-peer

KW - Decentralised access control

UR - http://www.scopus.com/inward/record.url?scp=85098257041&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-65745-1_18

DO - 10.1007/978-3-030-65745-1_18

M3 - Conference paper

SN - 978-3-030-65744-4

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 311

EP - 326

BT - Network and System Security - 14th International Conference, NSS 2020, Proceedings

A2 - Kutyłowski, Mirosław

A2 - Zhang, Jun

A2 - Chen, Chao

PB - Springer

T2 - 14th International Conference on Network and System Security

Y2 - 25 November 2020 through 27 November 2020

ER -

Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Abstract

Publikationsreihe

Konferenz

ASJC Scopus subject areas

Fields of Expertise

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Projekte

A-SIT - Zentrum für sichere Informationstechnologie Austria

Dieses zitieren