Policy Enforcement Protocols with Split Keys
摘要
Policy enforcement is crucial to ensure secure data transfer between systems. We introduce a Mutual Policy Enforcement (MPE) protocol, where policy enforcement is carried out by dedicated controller devices after the message exchange between two primary devices. Our approach integrates secret sharing to maintain policy integrity, ensuring that a compromise of one device does not lead to unauthorized message approval. A successful run of the protocol ensures that the controllers of both primary devices have verified the messages. We propose two variants of the mutual enforcement protocol: MPE-SIGN, which relies on digital signatures, and MPE-MAC, which uses message authentication codes. We define use cases in which MPE can be applied, set security goals for the protocol, and analyze the performance of the protocol considering communication and computational overhead. We discuss the impact of compromises and perform security analysis. We also formally model our protocols in ProVerif and verify their security properties.