A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
PBES: a policy based encryption system with application to data sharing in the power grid
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hi-index | 0.00 |
In any scheme for protecting the confidentiality of data, selecting a key and encrypting the data is the easy part. The difficult part is controlling access to decryption keys. This becomes particularly significant with object-based protection, that is protection of an object, such as a file or a message, regardless of where the object is currently being stored or transferred within a distributed environment. An example of object-based protection is traditional electronic mail encryption, where access control amounts to selecting a list of individuals permitted to decrypt a message and attaching copies of the symmetric encryption key, encrypted using their public keys, to the encrypted message content. We present a different means of controlling access to decryption keys which can support more flexible access control rules and can better reflect security policy. It is particularly suitable for use in such data distribution environments as public file servers, bulletin boards, commercial information dissemination services, and groupware applications. Because all participants need to trust central servers, the method is less suitable for loosely-connected groups than for medium to large commercial or government organizations.