Ecole d'ingénieur et centre de recherche en télécommunications

Policy-based cryptography : theory and applications

Bagga, Walid

Thesis

Identity-based cryptography’ is one of the most popular topics addressed by the cryptographic research community in the last five years. As can be guessed from the name, the notion of ‘identity’ is central to identity-based cryptographic primitives. In general, identity is not sufficient for authorization and trust establishment, especially in the context of large-scale open environments like the Internet, where interactions often occur between parties with no pre-existing familiarity of one another. An increasingly popular approach to determining the trustworthiness of the interacting entities consists in using policies fulfilled by digital credentials. In this thesis, we present a new concept in cryptography, called ‘policy-based cryptography’, which allows to perform cryptographic operations with respect to policies fulfilled by digital credentials. Intuitively, a policy-based encryption scheme allows to encrypt a message with respect to a policy so that only an entity that is compliant with the policy can decrypt the message. Similarly, a policy-based signature scheme allows to generate a signature on a message with respect to a policy so that the signature is valid if and only if it was generated by an entity that is compliant with the policy. We present three policy-based cryptographic primitives from bilinear pairings over elliptic curves and prove their security under well-defined security models. We further illustrate the usefulness of our concept through the description of application scenarios in the contexts of access control, privacy policy enforcement, establishment of ad-hoc communities, automated trust negotiation and proxy certification.

Document Doi Bibtex

Type:Thèse
Langue:English
Date:
Département:Réseaux et Sécurité
Eurecom ref:2122
Copyright: © ENST Paris. Personal use of this material is permitted. The definitive version of this paper was published in Thesis and is available at : http://pastel.paristech.org/2525/
Bibtex: @phdthesis{EURECOM+2122, doi = {http://pastel.paristech.org/2525/}, year = {2006}, title = {{P}olicy-based cryptography : theory and applications}, author = {{B}agga, {W}alid}, school = {{T}hesis}, month = {12}, url = {http://www.eurecom.fr/publication/2122} }