Kroll's abstract

Title: Flexible Cryptographic Access Control Through Accountability

Speaker: Joshua Kroll (UC Berkeley)

Abstract:

Encryption promises perfect prospective access control: an access-control policy can be implemented cryptographically so long as the policy can be completely specified. Unfortunately, cryptographically mediated access is inflexible; one a ciphertext has been created under some policy, it is impossible to escape that policy without re-encrypting the ciphertext. An alternative is to implement a broad, permissive policy, but this does little to restrict access to information only when it is truly necessary for some task. To deter excessive reading of protected information, access control systems must hold parties accountable for the information they extract. The result is a flexible policy backed up by a combination of technical and non-technical controls.

We present a system for accountable cryptographic access control admitting dynamic policies through a threshold approval mechanism with robust accountability. Every access to records is mediated by an approver and enacted by a threshold set of decryption authorities. All accesses are logged by an auditor, and the resultant audit log can be verified publicly. By itself, the audit log proves that all accesses were authorized by the approver and provides traffic-level information (number and frequency of accesses) while keeping the particulars of which records were accessed obscured. However, the audit log can be interpreted by a privileged overseer who can decrypt the audit log entries to determine whether any party in the system misbehaved.

We implemented a prototype of this system and demonstrated that it is possible to encrypt billions of records in a few hours on commodity hardware and that access requires no more than a few seconds even with many decryption authorities. This system demonstrates that the actions of a privileged and powerful player in a cryptographic protocol (namely, the approver) can be constrained by auditing data that support robust accountability. This framework is applicable to surveillance applications, such as the NSA's telephony metadata collection program, and also to commercial applications, such as the deployment of flexible attribute-based access control with a robust break-glass mechanism for runtime policy changes.

Paper