References

tuzsut

Труды учебных заведений связи

Proceedings of Telecommunication Universities

1813-324X2712-8830

СПбГУТ

10.31854/1813-324X-2022-8-4-119-129

tuzsut-423

Research Article

РЕЗУЛЬТАТЫ ИССЛЕДОВАНИЙ МОЛОДЫХ УЧЕНЫХ

RESEARCH RESULTS BY YOUNG SCIENTISTS

Разработка схемы контроля доступа к данным на основе иерархии ролей с использованием постквантовых математических преобразований

Post-Quantum Cryptographic Access Control Based on Hierarchical RBAC Model

https://orcid.org/0000-0002-7121-6031

Ярмак

А. В.

Yarmak

Ярмак Анастасия Викторовна, ассистент Института кибербезопасности и защиты информации

Санкт-Петербург, 195251

Anastasya Yarmak

St. Petersburg, 195251

yarmak.av@ibks.spbstu.ru

Санкт-Петербургский политехнический университет Петра ВеликогоРоссияPeter the Great St. Petersburg Polytechnic UniversityRussian Federation

2022

10012023

84119129

2023

Ярмак А.В.

Yarmak A.

This work is licensed under a Creative Commons Attribution 4.0 License.

https://tuzs.sut.ru/jour/article/view/423

В работе представлена схема CSIDH-HRBAC, основанная на постквантовых математических преобразованиях и позволяющая реализовать контроль доступа к данным, располагающимся в недоверенной облачной инфраструктуре. CSIDH-HRBAC построена на базе ролевой модели управления доступом с поддержкой системы иерархии ролей. Предлагаемая схема подразумевает наличие доверенной стороны, осуществляющей управление криптографическими ключами, ассоциированными с пользователями, ролями, файлами. Приведено описание основных процедур, связанных с получением доступа к данным, лишением прав доступа, добавлением новых сущностей. Рассмотрены типовые сценарии атак на предложенную схему, в том числе подмена роли, сговор участников с целью вскрытия ключа родительской роли, попытка доступа к данным после отзыва роли у пользователя. Для оценки быстродействия криптографических операций выполнено моделирование ее работы при различных параметрах. Обсуждаются преимущества и ограничения схемы CSIDH-HRBAC. В частности, отмечается необходимость защиты от угроз со стороны администратора, перспектива применения квантово-устойчивых примитивов на основе задач теории решеток.

The paper considers the isogeny-based cryptographically enforced data access control scheme CSIDH-HRBAC for untrusted cloud. CSIDH-HRBAC is based on a role-based access control model with support for a role hierarchy system. The proposed scheme implies the presence of a trusted party that manages cryptographic keys associated with users, roles, files. The basic procedures for gaining access to data, revoking access rights, adding new entities and updating parameters are given. Typical scenarios of attacks on the proposed scheme are considered, including role substitution, collusion by participants to compute the parent role key, attempt to access data after role revocation from user. To evaluate the performance of cryptographic operations, the simulation of the basic procedures was performed. The advantages and limitations of the CSIDH-HRBAC scheme are discussed. In particular, the need for protection against threats from the administrator, the prospect of using lattice-based post-quantum cryptographic primitives is noted.

криптографический контроль доступаэллиптические кривыеизогениикриптография

cryptographic access controlelliptic curvesisogenycryptography

Исследование выполнено при финансовой поддержке Минцифры России в рамках научного проекта № 12/21-к (грант ИБ).

the reported study was funded by Ministry of Digital Development, Communications and Mass Media of the Russian Federation, project number 12/21-k (grant on Information Security).

References1

Krundyshev V., Kalinin M. The Security Risk Analysis Methodology for Smart Network Environments // Proceedings of the International Russian Automation Conference (RusAutoCon, Sochi, Russia, 06‒12 September 2020). IEEE, 2020. PP. 437‒442. DOI:10.1109/RusAutoCon49822.2020.9208116

Krundyshev V., Kalinin M. The Security Risk Analysis Methodology for Smart Network Environments. Proceedings of the International Russian Automation Conference, RusAutoCon, 06‒12 September 2020, Sochi, Russia. IEEE; 2020. p.437‒442. DOI:10.1109/RusAutoCon49822.2020.9208116

Ovasapyan T., Moskvin D., Tsvetkov A. Detection of attacks on the Internet of Things based on intelligent analysis of devices functioning indicators // Proceedings of the 13th International Conference on Security of Information and Networks (SIN, Merkez Turkey, 4‒7 November 2020). New York: Association for Computing Machinery, 2020. P. 3. DOI: 10.1145/3433174.3433611

Ovasapyan T., Moskvin D., Tsvetkov A. Detection of attacks on the Internet of Things based on intelligent analysis of devices functioning indicators. Proceedings of the 13th International Conference on Security of Information and Networks, SIN, 4‒7 November 2020, Merkez Turkey. New York: Association for Computing Machinery; 2020. p. 3. DOI: 10.1145/3433174.3433611

Александрова Е.Б., Облогина А.Ю., Шкоркина Е.Н. Аутентификация управляющих устройств в сети Интернета вещей с архитектурой граничных вычислений // Проблемы информационной безопасности. Компьютерные системы. 2021. № 2. С. 82‒88.

Aleksandrova E.B., Oblogina A.Yu., Shkorkina E.N. Authentication of Intelligent Electronic Devices in IoT Network with the Edge Computing Architecture. Information Security Problems. Computer Systems. 2021;2:82‒88. (in Russ.)

Мако Д., Месарович М., Такахара И. Теория иерархических многоуровневых систем. М.: Мир. 1973.

Mesarovic M., Mako D., Takahara Y. Theory of Hierarchical Multilevel Systems. New York, London: Academic Press; 1970. 294 p. (in Italian)

Горковенко Е.В. Применение нетрадиционных криптографических преобразований в системах с мандатной политикой управления доступом к информации // Известия Южного федерального университета. Технические науки. 2008. № 8(85). С. 135‒141.

Gorkovenko Ye.V. Using of Non-Traditional Cryptographic Transformations in Informational Systems with Mandate Policy of Control Access. Izvestiya SFedU. Engineering Sciences. 2008;8(85):135‒141. (in Russ.)

Di Vimercati S.D.C., Foresti S., Jajodia S., Paraboschi S., Samarati P. Over-encryption: Management of Access Control Evolution on Outsourced Data // Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB, Vienna Austria, 23‒27 September 2007). VLDB Endowment Inc., 2007. PP. 123‒134.

Di Vimercati S.D.C., Foresti S., Jajodia S., Paraboschi S., Samarati P. Over-encryption: Management of Access Control Evolution on Outsourced Data. Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB, 23‒27 September 2007, Vienna Austria. VLDB Endowment Inc.; 2007. p.123‒134.

Epishkina A., Zapechnikov S. On Attribute-Based Encryption for Access Control to Multidimensional Data Structures // Proceedings of the First International Early Research Career Enhancement School on Biologically Inspired Cognitive Architectures (BICA) for Young Scientist and Cybersecurity (FIERCES 2017, Moscow, Russia, 1‒3 August 2017). Advances in Intelligent Systems and Computing. Vol. 636. Cham: Springer, 2017. PP. 251‒256. DOI:10.1007/978-3-319-63940-6_36

Epishkina A., Zapechnikov S. On Attribute-Based Encryption for Access Control to Multidimensional Data Structures. Proceedings of the First International Early Research Career Enhancement School on Biologically Inspired Cognitive Architectures, BICA, for Young Scientist and Cybersecurity, FIERCES 2017, 1‒3 August 2017, Moscow, Russia. Advances in Intelligent Systems and Computing, vol. 636. Cham: Springer; 2017. p.251‒256. DOI:10.1007/978-3-319-63940-6_36

Qi S., Zheng Y. Crypt-DAC: Cryptographically Enforced Dynamic Access Control in the Cloud // IEEE Transactions on Dependable and Secure Computing. 2019. Vol. 18. Iss. 2. PP. 765‒779. DOI:10.1109/TDSC.2019.2908164

Qi S., Zheng Y. Crypt-DAC: Cryptographically Enforced Dynamic Access Control in the Cloud. IEEE Transactions on Dependable and Secure Computing. 2019;18(2):765‒779. DOI:10.1109/TDSC.2019.2908164

Chinnasamy P., Deepalakshmi P. HCAC-EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud // Journal of Ambient Intelligence and Humanized Computing. 2022. Vol. 13. Iss. 2. PP. 1001‒1019. DOI:10.1007/s12652-021-02942-2

Chinnasamy P., Deepalakshmi P. HCAC-EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud. Journal of Ambient Intelligence and Humanized Computing. 2022;13(2):1001‒1019. DOI: 10.1007/s12652-021-02942-2

Contiu S., Pires R., Vaucher S., Pasin M., Felber P., Réveillère L. IBBE-SGX: Cryptographic Group Access Control Using Trusted Execution Environments // Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN, Luxembourg, Luxembourg, 25‒28 June 2018). IEEE, 2018. PP. 207‒218. DOI:10.1109/DSN.2018.00032

Contiu S., Pires R., Vaucher S., Pasin M., Felber P., Réveillère L. IBBE-SGX: Cryptographic Group Access Control Using Trusted Execution Environments. Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN, 25‒28 June 2018, Luxembourg, Luxembourg. IEEE; 2018. p.207‒218. DOI:10.1109/DSN.2018.00032

Punithasurya K., Priya S.J. Analysis of Different Access Control Mechanism in Cloud // International Journal of Applied Information Systems. 2012. Vol. 4. Iss. 2. PP. 34‒39. DOI:10.5120/IJAIS12-450660

Punithasurya K., Priya S.J. Analysis of Different Access Control Mechanism in Cloud. International Journal of Applied Information Systems. 2012;4(2):34‒39. DOI:10.5120/IJAIS12-450660

Jemihin Z.B., Tan S.F., Chung G.C. Attribute-Based Encryption in Securing Big Data from Post-Quantum Perspective: A Survey // Cryptography. 2022. Vol. 6. Iss. 3. PP. 40. DOI:10.3390/cryptography6030040

Jemihin Z. B., Tan S. F., Chung G. C. Attribute-Based Encryption in Securing Big Data from Post-Quantum Perspective: A Survey. Cryptography. 2022;6(3):40. DOI:10.3390/cryptography6030040

Гайдамакин Н.А. Теоретические основы компьютерной безопасности: учебно-методический комплекс. Екатеринбург: Уральский государственный университет им. А.М. Горького, 2008. 2012 с.

Gaydamakin N. Theoretical Foundations of Computer Security. Ekaterinburg: Ural State University A.M. Gorky Publ.; 2008. 2012 p. (in Russ.)

Крашенинников Э.А., Ярмак А.В., Александрова Е.Б. Контроль доступа к данным облачного хранилища на основе изогений // Методы и технические средства обеспечения безопасности информации. 2022. № 31. С. 139‒141.

Krasheninnikov E.A., Yarmak A.V., Aleksandrova E.B. Isogeny-Based Cloud Storage Data Access Control. Metody i tekhnicheskiye sredstva obespecheniya bezopasnosti informatsii. 2022;31:139‒141. (in Russ.)

Ростовцев А.Г. Эллиптические кривые в криптографии. Теория и вычислительные алгоритмы. СПб.: НПО «Профессионал, 2010. 364 с.

Rostovtsev A. Elliptic Curves in Cryptography. Theory and Computational Algorithms. St. Petersburg: Professional Publ.; 2010. 364 p. (in Russ.)

Chenu-de la Morinerie M. Supersingular Group Actions and Post-quantum Key-exchange. DSc Thesis. Paris: Polytechnic Institute of Paris, 2021.

Chenu-de la Morinerie M. Supersingular Group Actions and Post-quantum Key-exchange. DSc Thesis. Paris: Polytechnic Institute of Paris; 2021.

Castryck W., Decru T. An efficient key recovery attack on SIDH (preliminary version) // Cryptology ePrint Archive. 2022. P. 2022/975. URL: https://eprint.iacr.org/2022/975 (Accessed 12th December 2022)

Castryck W., Decru T. An efficient key recovery attack on SIDH (preliminary version). Cryptology ePrint Archive. P. 2022/975. URL: https://eprint.iacr.org/2022/975 [Accessed 12th December 2022]

Robert D. Breaking SIDH in polynomial time // Cryptology ePrint Archive. 2022. P. 2022/1038. URL: https://eprint.iacr.org/2022/1038.pdf (Accessed 12th December 2022)

Robert D. Breaking SIDH in polynomial time. Cryptology ePrint Archive. 2022. P. 2022/1038. URL: https://eprint.iacr.org/2022/1038.pdf [Accessed 12th December 2022]

Castryck W., Lange T., Martindale C., Panny L., Renes J. CSIDH: an Efficient Post-Quantum Commutative Group Action // Proceedings of the 24th International Conference on the Theory and Application of Cryptology and Information Security (Brisbane, Australia, 2–6 December 2018). Lecture Notes in Computer Science. Vol. 11274. Cham: Springer, 2018. PP. 395‒427. DOI:10.1007/978-3-030-03332-3_15

Castryck W., Lange T., Martindale C., Panny L., Renes J. CSIDH: an Efficient Post-Quantum Commutative Group Action. Proceedings of the 24th International Conference on the Theory and Application of Cryptology and Information Security, 2–6 December 2018, Brisbane, Australia. Lecture Notes in Computer Science, vol. 11274. Cham: Springer; 2018. p.395‒427. DOI:10.1007/978-3-030-03332-3_15

Beullens W., Kleinjung T., Vercauteren F. CSI-FiSh: Efficient Isogeny-Based Signatures Through Class Group Computations // Proceedings of the 25th International Conference on the Theory and Application of Cryptology and Information Security (Kobe, Japan, 8–12 December 2019). Lecture Notes in Computer Science. Vol. 11921. Cham: Springer, 2019. PP. 227‒247. DOI:10.1007/978-3-030-34578-5_9

Beullens W., Kleinjung T., Vercauteren F. CSI-FiSh: Efficient Isogeny-Based Signatures Through Class Group Computations. Proceedings of the 25th International Conference on the Theory and Application of Cryptology and Information, 8–12 December 2019 Security, Kobe, Japan. Lecture Notes in Computer Science, vol.11921. Cham: Springer; 2019. p.227‒247. DOI:10.1007/978-3-030-34578-5_9

Atallah M.J., Blanton M., Fazio N., Frikken K.B. Dynamic and Efficient Key Management for Access Hierarchies // ACM Transactions on Information and System Security. 2009. Vol. 12. Iss. 3. PP. 1‒43. DOI:10.1145/1455526.1455531

Atallah M.J., Blanton M., Fazio N., Frikken K.B. Dynamic and Efficient Key Management for Access Hierarchies. ACM Transactions on Information and System Security. 2009;12(3):1‒43. DOI:10.1145/1455526.1455531

Beullens W. CSI-FiSh // Github repository. 2019. URL: https://github.com/KULeuven-COSIC/CSI-FiSh (Accessed 12th December 2022)

Beullens W. CSI-FiSh. Github repository. 2019. URL: https://github.com/KULeuven-COSIC/CSI-FiSh [Accessed 12th December 2022]

Agrawal S., Boneh D., Boyen X. Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE // Proceedings of the 30th Annual cryptology conference (CRYPTO 2010, Santa Barbara, USA, 15‒19 August 2010). Lecture Notes in Computer Science. Vol. 6223. Berlin, Heidelberg: Springer, 2010. PP. 98‒115. DOI: 10.1007/978-3-642-14623-7_6

Agrawal S., Boneh D., Boyen X. Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE. Proceedings of the 30th Annual cryptology conference (CRYPTO 2010, Santa Barbara, USA, 15‒19 August 2010). Lecture Notes in Computer Science, vol.6223. Berlin, Heidelberg: Springer; 2010. p.98‒115. DOI: 10.1007/978-3-642-14623-7_6

The authors declare that there are no conflicts of interest present.