Müller, Sascha (2011)
Data-Centric Security with Attribute-Based Encryption.
Technische Universität Darmstadt
Dissertation, Erstveröffentlichung
Kurzbeschreibung (Abstract)
In this thesis we examine several aspects of data-centric security. In particular, we take a look at Attribute-Based Encryption (ABE), a cryptographic primitive that allows to encrypt documents with policies over attributes and allows decryption only by parties possessing sets of attributes that satisfy the encryption policies. Our primary goal is to show the applicability of data-centric security to practical scenarios. We first extend ABE to dynamic and distributed settings, introducing what we call Distributed Attribute-Based Encryption (DABE). DABE not only allows parties to claim their attributes incrementally throughout the lifetime of a system (unlike conventional ABE where all attributes must be claimed at once), but also supports these attributes to be managed by an arbitrary number of independent attribute authorities, each of them having control over its own universe of attributes. We give two constructions of DABE schemes, one of which is also more efficient than any ABE scheme known today. Our second contribution is a novel concept that improves privacy in ABE by hiding the encryption policy. To this end, we introduce, define and discuss \emph{policy anonymity}. Using an idea from graph theory we then show how a high degree of policy anonymity can be achieved by extending a known ABE construction. The complete construction along with security proofs is given. We also discuss how ABE can be utilized in practical settings. We develop a new DRM framework using ABE that offers a simplified license creation process while requiring less trust. We then describe an extraction tool that is able to determine cryptographically enforceable components of policies in the Open Digital Rights Language (ODRL). Finally, we demonstrate how ABE can be integrated into Service Oriented Architectures (SOA), showing how common Web Service standards can be used to support ABE encrypted SOAP messages and describing implementations of web services to build a complete DABE framework. This resulting framework can be used to extend existing SOAs in order to support the improved security guarantees offered by data-centric security technology.
Typ des Eintrags: | Dissertation | ||||
---|---|---|---|---|---|
Erschienen: | 2011 | ||||
Autor(en): | Müller, Sascha | ||||
Art des Eintrags: | Erstveröffentlichung | ||||
Titel: | Data-Centric Security with Attribute-Based Encryption | ||||
Sprache: | Englisch | ||||
Referenten: | Katzenbeisser, Prof. Dr. Stefan ; Waidner, Prof. Dr. Michael | ||||
Publikationsjahr: | 24 Oktober 2011 | ||||
Datum der mündlichen Prüfung: | 11 Oktober 2011 | ||||
URL / URN: | urn:nbn:de:tuda-tuprints-27751 | ||||
Kurzbeschreibung (Abstract): | In this thesis we examine several aspects of data-centric security. In particular, we take a look at Attribute-Based Encryption (ABE), a cryptographic primitive that allows to encrypt documents with policies over attributes and allows decryption only by parties possessing sets of attributes that satisfy the encryption policies. Our primary goal is to show the applicability of data-centric security to practical scenarios. We first extend ABE to dynamic and distributed settings, introducing what we call Distributed Attribute-Based Encryption (DABE). DABE not only allows parties to claim their attributes incrementally throughout the lifetime of a system (unlike conventional ABE where all attributes must be claimed at once), but also supports these attributes to be managed by an arbitrary number of independent attribute authorities, each of them having control over its own universe of attributes. We give two constructions of DABE schemes, one of which is also more efficient than any ABE scheme known today. Our second contribution is a novel concept that improves privacy in ABE by hiding the encryption policy. To this end, we introduce, define and discuss \emph{policy anonymity}. Using an idea from graph theory we then show how a high degree of policy anonymity can be achieved by extending a known ABE construction. The complete construction along with security proofs is given. We also discuss how ABE can be utilized in practical settings. We develop a new DRM framework using ABE that offers a simplified license creation process while requiring less trust. We then describe an extraction tool that is able to determine cryptographically enforceable components of policies in the Open Digital Rights Language (ODRL). Finally, we demonstrate how ABE can be integrated into Service Oriented Architectures (SOA), showing how common Web Service standards can be used to support ABE encrypted SOAP messages and describing implementations of web services to build a complete DABE framework. This resulting framework can be used to extend existing SOAs in order to support the improved security guarantees offered by data-centric security technology. |
||||
Alternatives oder übersetztes Abstract: |
|
||||
Sachgruppe der Dewey Dezimalklassifikatin (DDC): | 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik | ||||
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik > Security Engineering 20 Fachbereich Informatik |
||||
Hinterlegungsdatum: | 27 Okt 2011 08:18 | ||||
Letzte Änderung: | 05 Mär 2013 09:55 | ||||
PPN: | |||||
Referenten: | Katzenbeisser, Prof. Dr. Stefan ; Waidner, Prof. Dr. Michael | ||||
Datum der mündlichen Prüfung / Verteidigung / mdl. Prüfung: | 11 Oktober 2011 | ||||
Export: | |||||
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |