Paper 2016/106

Access Control Encryption: Enforcing Information Flow with Cryptography

Ivan Damgård, Helene Haagh, and Claudio Orlandi

Abstract

We initiate the study of Access Control Encryption (ACE), a novel cryptographic primitive that allows fine-grained access control, by giving different rights to different users not only in terms of which messages they are allowed to receive, but also which messages they are allowed to send. Classical examples of security policies for information flow are the well known Bell-Lapadula [BL73] or Biba [Bib75] model: in a nutshell, the Bell-Lapadula model assigns roles to every user in the system (e.g., public, secret and top-secret). A users' role specifies which messages the user is allowed to receive (i.e., the no read-up rule, meaning that users with public clearance should not be able to read messages marked as secret or top-secret) but also which messages the user is allowed to send (i.e., the no write-down rule, meaning that a user with top-secret clearance should not be able to write messages marked as secret or public). To the best of our knowledge, no existing cryptographic primitive allows for even this simple form of access control, since no existing cryptographic primitive enforces any restriction on what kind of messages one should be able to encrypt. Our contributions are: - Introducing and formally defining access control encryption (ACE); - A construction of ACE with complexity linear in the number of the roles based on classic number theoretic assumptions (DDH, Paillier); - A construction of ACE with complexity polylogarithmic in the number of roles based on recent results on cryptographic obfuscation;

Note: Updated full version of the paper

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
access control
Contact author(s)
orlandi @ cs au dk
haagh @ cs au dk
History
2016-11-23: last of 3 revisions
2016-02-10: received
See all versions
Short URL
https://ia.cr/2016/106
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/106,
      author = {Ivan Damgård and Helene Haagh and Claudio Orlandi},
      title = {Access Control Encryption: Enforcing Information Flow with Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2016/106},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/106}},
      url = {https://eprint.iacr.org/2016/106}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.