Simplified Key Management for Digital Access Control of Information Objects
Abstract
Access control of information objects is complicated by the need to establish a common set of access requirements, bind those access requirements to the information object, and compute whether or not the criteria are met for allowing access. An information object can be an e-mail, a Word document, a spreadsheet, or a series of sensor readings. In the simplified case, objects that need to be controlled will be stored in an encrypted file. The file will be decrypted when access criteria are verified. With increasing requirements for records management and maintenance of more and more electronic objects, the number of controlled information objects is rising dramatically. In the past key management has been extensive with little efficiency available when encrypting large numbers of information assets. Often, grouping and segmenting objects by type is done to reduce the number of keys needed and hence reduce management of keys. This approach compromises a large number of content files when exploits manage to extract cryptographic keys. Yet maintaining distinct keys for each content object makes key management a serious issue. The proposed process uses a hybrid symmetric/asymmetric keying approach that provides a unique key for each information object while minimizing the key management requirements. This method reduces losses to individual information objects when keys are compromised, but with a greatly reduced key management process that relies on PKI processes.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 02, 2016
- Accession Number
- AD1014102
Entities
People
- Kevin E. Foltz
- William R. Simpson
Organizations
- Institute for Defense Analyses