E-Book, Englisch, Band 48, 138 Seiten
Kayem / Akl / Martin Adaptive Cryptographic Access Control
1. Auflage 2010
ISBN: 978-1-4419-6655-1
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, Band 48, 138 Seiten
Reihe: Advances in Information Security
ISBN: 978-1-4419-6655-1
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Cryptographic access control (CAC) is an approach to securing data by encrypting it with a key, so that only the users in possession of the correct key are able to decrypt the data and/or perform further encryptions. Applications of cryptographic access control will benefit companies, governments and the military where structured access to information is essential. The purpose of this book is to highlight the need for adaptability in cryptographic access control schemes that are geared for dynamic environments, such as the Internet. Adaptive Cryptographic Access Control presents the challenges of designing hierarchical cryptographic key management algorithms to implement Adaptive Access Control in dynamic environments and suggest solutions that will overcome these challenges. Adaptive Cryptographic Access Control is a cutting-edge book focusing specifically on this topic in relation to security and cryptographic access control. Both the theoretical and practical aspects and approaches of cryptographic access control are introduced in this book. Case studies and examples are provided throughout this book.
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;8
2;Preface;10
3;Acknowledgements;10
4;Contents;12
5;Chapter 1 Introduction;16
5.1;1.1 Motivation;16
5.2;1.2 What is Autonomic Computing?;17
5.3;1.3 From Manually Managed to Adaptive Access Control;18
5.4;1.4 Aim of this Monograph;20
5.5;1.5 How to read this Monograph;23
6;Chapter 2 A Presentation of Access Control Methods;25
6.1;2.1 Distributed Access Control’s Beginnings;25
6.2;2.2 Terminology;26
6.3;2.3 General Access Control Models;27
6.3.1;2.3.1 Discretionary Access Control;27
6.3.2;2.3.2 Mandatory Access Control;29
6.3.3;2.3.3 Role-Based Access Control;30
6.3.4;2.3.4 Multilevel Access Control;32
6.3.4.1;2.3.4.1 The BLP and BIBA models;32
6.3.4.2;2.3.4.2 The Chinese Wall Model;32
6.3.4.3;2.3.4.3 The Clark-Wilson (CLW) Model;33
6.4;2.4 Cryptographic Access Control;33
6.4.1;2.4.1 Key Management Models;34
6.4.2;2.4.2 One-Way Function Schemes;35
6.4.3;2.4.3 Time-Bound Schemes;42
6.4.4;2.4.4 Other CKM Schemes;43
6.5;2.5 Other Access Control Paradigms;44
6.5.1;2.5.1 Overview;44
6.5.2;2.5.2 Cookies;45
6.5.3;2.5.3 XML Access Control and Limitations;46
6.5.4;2.5.4 Anti-Viruses, Intrusion Detection, and Firewalls;48
6.6;2.6 Controlling Access to Outsourced Data;50
6.7;2.7 Autonomic Access Control;51
6.7.1;2.7.1 The Autonomic Security Model;52
6.7.2;2.7.2 Perspectives and Discussions;53
7;Chapter 3 Efficient Key Management: Heuristics;55
7.1;3.1 Overview;55
7.2;3.2 An Overview of the CAT Scheme;56
7.3;3.3 Exponent Assignment Algorithm;57
7.3.1;3.3.1 Algorithm;59
7.3.2;3.3.2 Exponent Assignment Example;60
7.4;3.4 Enforcing Hierarchy Updates;62
7.4.1;3.4.1 Replacement, Insertion, and Deletion: Algorithm;62
7.4.2;3.4.2 Insertion, Deletion and Replacement: Example;64
7.5;3.5 Analysis;66
7.5.1;3.5.1 Security Analysis;66
7.5.2;3.5.2 Complexity Analysis;67
7.6;3.6 Experimental Setup and Results;67
7.6.1;3.6.1 Implementation and Experimental Setup;68
7.6.2;3.6.2 Cost of Key Generation;69
7.6.3;3.6.3 Cost of Data Encryption;70
7.6.4;3.6.4 Cost of Key Replacement;71
7.6.5;3.6.5 Window of Vulnerability;71
7.7;3.7 Discussions;72
8;Chapter 4 Timestamped Key Management;74
8.1;4.1 On Timestamps and Key Updates;74
8.2;4.2 Timestamped Key Assignment;76
8.3;4.3 Timestamped Rekey Scheme - Algorithm;78
8.4;4.4 Analysis;79
8.4.1;4.4.1 Security Analysis;79
8.4.2;4.4.2 Complexity Analysis;79
8.5;4.5 Experimental Setup and Results;80
8.5.1;4.5.1 Implementation and Experimental Setup;80
8.5.2;4.5.2 Timestamped Key Generation - Server Cost;82
8.5.3;4.5.3 Timestamped Rekeying - Server Cost;83
8.5.4;4.5.4 Window of Vulnerability;84
8.6;4.6 Discussion;85
9;Chapter 5 Controlling Access to Outsourced Data;88
9.1;5.1;88
9.1.1;5.1.1 Securing Outsourced Data;89
9.1.2;5.1.2 Combining CKM and RBAC;91
9.1.3;5.1.3 Handling Key Updates;93
9.2;5.2 Discussion;95
10;Chapter 6 Self-Protecting Key Management;97
10.1;6.1 Overview;97
10.2;6.2 Self-Protecting Cryptographic Key Management (SPCKM) Framework;98
10.2.1;6.2.1 Mathematical Model Supporting Framework;100
10.2.2;6.2.2 An Example;104
10.3;6.3 Implementation and Experimental Setup;105
10.3.1;6.3.1 Experimental Setup;105
10.3.2;6.3.2 Prototype Description;106
10.3.3;6.3.3 Performance Criteria;107
10.3.4;6.3.4 Experimental Results;108
10.4;6.4 Discussions;111
10.4.1;6.4.1 Contributions of the SPCKM Framework;111
10.4.2;6.4.2 Some Challenges in Adaptive Rekeying;113
10.4.3;6.4.3 The Adaptive Rekey Scheduling Problem;114
11;Chapter 7 Collusion Detection and Resolution;116
11.1;7.1 Overview;116
11.2;7.2 On Detecting Collusion Possibilities;117
11.2.1;7.2.1 The DCFK problem;118
11.3;7.3 An Adaptive Framework for Collusion Detection and Resolution (ACDR);119
11.3.1;7.3.1 Some Basic Assumptions;120
11.3.2;7.3.2 Collusion Verification;122
11.3.3;7.3.3 Example of Collusion Detection;123
11.3.4;7.3.4 Collusion Resolution Algorithm;124
11.3.5;7.3.5 Example of Collusion Resolution;125
11.4;7.4 Experimental Setup and Results;127
11.4.1;7.4.1 Implementation and Experimental Setup;127
11.4.2;7.4.2 Cost of Collusion Detection;127
11.4.3;7.4.3 Cost of Collusion Resolution;128
11.4.4;7.4.4 Cost of Key Generation;129
11.4.5;7.4.5 Cost of Key Generation and Data Encryption;130
11.5;7.5 Discussions;130
12;Chapter 8 Conclusions;132
12.1;8.1 Synopsis;132
12.2;8.2 Critique;133
12.3;8.3 Potential Extensions;136
12.3.1;8.3.1 Internal Violations;136
12.3.2;8.3.2 Adaptive Rekeying;137
12.3.3;8.3.3 Key Selection;138
12.4;References;139
13;Index;146
