Accueil || Parcours || Recherche || S'enregistrer || Mon Compte || Contacts || Aide || Langues
Bagga, Wohammed Walid (2006) Cryptographie à base de politiques : théorie et applications. Doctorat Informatique et Réseaux, Institut Eurécom, ENST p.194.
Plein texte disponible en tant que :
|
|
( 1449 Kb )Résumé
‘Identity-based cryptography’ is definitely one of the most popular topics addressed by the
cryptographic research community in the last five years. As can be guessed from the name,
the notion of ‘identity’ is central to identity-based cryptographic primitives. As for identitybased
encryption, access to an encrypted message is only permitted to the entity whose identity
is the one according to which the message was encrypted, whereas for identity-based signature,
the validity of the signature on a message is defined with respect to the identity of the
entity that generated the signature. In general, identity is not sufficient for authorization and
trust establishment, especially in the context of large-scale open environments like the Internet,
where interactions often occur between parties with no pre-existing familiarity of one another.
An increasingly popular approach to determining the trustworthiness of the interacting entities
consists in using policies fulfilled by digital credentials.
In this thesis, we present a new concept in cryptography, called ‘policy-based cryptography’,
which allows to perform cryptographic operations with respect to policies fulfilled by digital
credentials. Intuitively, a policy-based encryption scheme allows to encrypt a message with respect
to a policy so that only an entity that is compliant with the policy can decrypt the message.
Similarly, a policy-based signature scheme allows to generate a signature on a message with respect
to a policy so that the signature is valid if and only if it was generated by an entity that is
compliant with the policy. We present three policy-based cryptographic primitives from bilinear
pairings over elliptic curves and prove their security under well-defined security models. We
further illustrate the usefulness of our concept of policy-based cryptography through the description
of application scenarios in the contexts of access control, privacy policy enforcement,
establishment of ad-hoc communities, automated trust negotiation and proxy certification.
| Type d'EPrint: | Thèse (Doctorat) |
|---|---|
| Directeur de Mémoire: | Molva, Refik |
| Date: | 08 Décembre 2006 |
| Jury de Mémoire: | Di Crescenzo, Giovanni et Girault, Marc et Deswarte, Yves et Tsudik, Gene et Urien, Pascal |
| Ecole Doctorale: | ED 130 INFORMATIQUE, TELECOMMUNICATIONS ET ELECTRONIQUE (EDITE) |
| Discipline: | Informatique et Réseaux |
| Fonds: | ENST |
| Institution: | ENST |
| Laboratoire: | Institut Eurécom |
| Sujets: | 2. Sciences et technologies de l'information et de la communication 1. Mathématiques et leurs applications |
| Mots-clés libres: | Cryptography, Policy, Bilinear Pairings, Credentials, Access Control |
| Code ID: | 2525 |
| Déposé par : | WB Bagga |
| Déposé le : | 12 Juin 2007 |
Table des Matières
Résumé en Français i
Table of Contents xvii
Abstract xix
Introduction 1
Preliminaries 7
0.1 Standard Cryptography - 10
0.1.1 Symmetric-Key Encryption - 10
0.1.2 Public-Key Encryption - 10
0.1.3 Digital Signature - 11
0.1.4 Hash Function - 12
0.2 Provable Security - 13
0.2.1 Reductionist Security Proofs - 13
0.2.2 The Random Oracle Model - 15
0.2.3 Security Notions for Public-Key Encryption Schemes - 15
0.2.4 The Fujisaki-Okamoto Transformations - 18
0.2.5 Security Notions for Digital Signature Schemes - 21
0.2.6 The Oracle Replay Technique - 22
0.3 Bilinear Pairings - 23
0.3.1 Abstract Algebra - 24
0.3.2 Elliptic Curves - 25
0.3.3 Bilinear Pairings over Elliptic Curves - 27
0.3.4 Bilinear Diffie-Hellman Problems - 28
0.3.5 Pairing-Based Cryptographic Schemes - 30
0.4 Conclusion - 33
1 Policy-Based Encryption 35
1.1 Introduction - 35
1.2 Related Work - 38
1.3 Formal Definitions - 44
1.3.1 Policy Model - 44
1.3.2 Policy-Based Encryption - 47
1.3.3 Security Model - 48
1.4 A Pairing-Based Implementation - 49
1.4.1 Description - 49
1.4.2 Consistency and Efficiency - 51
1.4.3 Security - 52
1.5 Controlling Access to Released XML Documents - 58
1.5.1 The XML Data Model - 62
1.5.2 Policy Model - 65
1.5.3 Protection Model - 70
1.5.4 Protection Enforcement: Formal Description - 75
1.5.5 Protection Enforcement: XML Representation - 78
1.5.6 Summary - 82
1.6 The Sticky Privacy Policy Paradigm - 83
1.6.1 An Overview of EPAL - 84
1.6.2 Privacy Policy Refinement - 86
1.6.3 Sticky Policy through Policy-Based Cryptography - 87
1.7 Establishment of Ad-Hoc Communities - 90
1.7.1 Policy-Based Establishment of Ad-Hoc Communities - 90
1.7.2 Community Establishment using Policy-Based Encryption - 93
1.8 Conclusion - 95
2 Collusion-Free Policy-Based Encryption 97
2.1 Introduction - 97
2.2 Related Work - 100
2.3 Formal Definitions - 101
2.3.1 Policy Model - 101
2.3.2 Policy-Based Public-Key Encryption - 103
2.3.3 Security Model - 104
2.4 A Pairing-Based Implementation - 106
2.4.1 Description - 106
2.4.2 Consistency and Efficiency - 108
2.4.3 Security - 109
2.5 Automated Trust Negotiation - 117
2.5.1 Basic Negotiation Protocol - 118
2.5.2 Cryptography-Based Negotiation Protocol - 120
2.5.3 Concealing Sensitive Policies - 123
2.6 Conclusion - 124
3 Policy-Based Signature 125
3.1 Introduction - 125
3.2 Related Work - 128
3.3 Formal Definitions - 130
3.3.1 Policy Model - 130
3.3.2 Policy-Based Signature - 130
3.3.3 Security Model - 131
3.4 A Pairing-Based Implementation - 134
3.4.1 Description - 134
3.4.2 Consistency and Efficiency - 136
3.4.3 Security - 137
3.5 Proof-Carrying Proxy Certificates - 144
3.5.1 General Setting - 146
3.5.2 An Application Scenario - 148
3.5.3 Related Approaches - 149
3.6 Conclusion - 150
Conclusion 151
Bibliography 157
Administrateurs de l'archive uniquement : éditer cet enregistrement