Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Bernd Prünster*, Gerald Palfinger, Dominik Ziegler

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper tackles the issue of access control in fully decentralised
systems. Previously, access control always fell back to some degree of
centralisation. Our work approaches this problem by outsourcing access
policy evaluation to the millions of trusted computing bases already deployed
in the form of Android devices. This assures correct policy evaluation to
both data owners and those seeking data access. In essence, our solution
encrypts to-be-shared data, splits and wraps the encryption key, and
cryptographically binds it to an access policy. Policies are evaluated by
freely selectable evaluators, that do not need to be enrolled beforehand,
which then interface with attribute providers during policy evaluation. Each
evaluator independently reaches a conclusion about whether or not to grant
access, leading to a decision by majority vote. We designed this system with
practicality and real-world applicability in mind, meaning that it can be
deployed and used today. We achieve this by relying on efficient primitives
and foregoing expensive cryptographic constructions, making it possible to
define even highly complex access policies. Overall, this presents a clear
advantage over previous concepts.
Original languageEnglish
Title of host publication14th International Conference on Network and System Security
PublisherSpringer
Publication statusAccepted/In press - 2020
Event14th International Conference on Network and System Security - Virtuell, Australia
Duration: 25 Nov 202027 Nov 2020

Conference

Conference14th International Conference on Network and System Security
Abbreviated titleNSS 2020
CountryAustralia
CityVirtuell
Period25/11/2027/11/20

Keywords

  • Decentralised Access Control
  • Trusted Computing
  • Peer-to-Peer

Fields of Expertise

  • Information, Communication & Computing

Fingerprint Dive into the research topics of 'Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality'. Together they form a unique fingerprint.

  • Cite this

    Prünster, B., Palfinger, G., & Ziegler, D. (Accepted/In press). Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality. In 14th International Conference on Network and System Security Springer.