Algebraic Framework for the Specification and Analysis of Cryptographic-Key Distribution
Fundamenta Informaticae
A generic algebraic model for the analysis of cryptographic-key assignment schemes
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
| Hi-index | 0.00 |
Many organizations generate and store a wide range of information in what is commonly referred to as data stores. The confidentiality of this information is an important aspect that should be considered during systems' development. Two main architectures are used to assure the confidentiality of information and restrict its access to legitimate users. The first architecture enables users to access information through a trusted server that enforces established confidentiality policies. The second one focuses on making the information public but in its encrypted form. Then through a scheme for the distribution of cryptographic keys, each user is provided with the keys needed to decrypt only the part of the information she is authorized to access. Cryptography is also used in cryptographic protocols for distributing keys and exchanging confidential information. In this thesis, we propose a mathematical framework for the analysis of information confidentiality. The framework specifies the knowledge of agents and their communications. We classify agent knowledge into explicit knowledge and procedural knowledge. The explicit knowledge consists of the information available to an agent, while the procedural knowledge relates to the mechanisms used to evolve the knowledge. We develop an algebraic structure to represent agent explicit knowledge and prove that it is an information algebra. This structure is expressive as it allows to articulate policies and express operators on pieces of information and their frames. Also, we define algebraic structures for specifying agent procedural knowledge that captures the inherent properties of the elements of an encrypted message. The structures allow specifying different aspects of messages such as double encryption, secret sharing, and key construction. Furthermore, we use global and end-point calculi to specify the communication between agents and link them to our model for agent knowledge. We apply our proposed framework to the analysis of information confidentiality in data-centred software architecture. First, we apply it to the analysis of information flow in multi-agent systems. The framework allows specifying and reasoning of composite information flow. Also, it allows specifying policies similar to those articulated within Bell-LaPadula and Chinese Wall models. Second, we apply the framework to the analysis of key distributions. The framework allows specifying complex policies that cannot be handled by the existing techniques. Also, the framework gives an algebraic representation and a generalization to the existing techniques to implement key distribution policies. Finally, we apply the framework to characterize intruder behaviours to analyze cryptographic protocols. We identify the behaviours that lead an intruder to its goal instead of trying all possible behaviours.