Policy enforcement is crucial to ensure secure data transfer between systems. We introduce a Mutual Policy Enforcement (MPE) protocol, where policy enforcement is carried out by dedicated controller devices after the message exchange between two primary devices. Our approach integrates secret sharing to maintain policy integrity, ensuring that a compromise of one device does not lead to unauthorized message approval. A successful run of the protocol ensures that the controllers of both primary devices have verified the messages. We propose two variants of the mutual enforcement protocol: MPE-SIGN, which relies on digital signatures, and MPE-MAC, which uses message authentication codes. We define use cases in which MPE can be applied, set security goals for the protocol, and analyze the performance of the protocol considering communication and computational overhead. We discuss the impact of compromises and perform security analysis. We also formally model our protocols in ProVerif and verify their security properties.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Policy Enforcement Protocols with Split Keys

  • Gizem Akman,
  • Philip Ginzboorg,
  • Sampo Sovio,
  • Valtteri Niemi

摘要

Policy enforcement is crucial to ensure secure data transfer between systems. We introduce a Mutual Policy Enforcement (MPE) protocol, where policy enforcement is carried out by dedicated controller devices after the message exchange between two primary devices. Our approach integrates secret sharing to maintain policy integrity, ensuring that a compromise of one device does not lead to unauthorized message approval. A successful run of the protocol ensures that the controllers of both primary devices have verified the messages. We propose two variants of the mutual enforcement protocol: MPE-SIGN, which relies on digital signatures, and MPE-MAC, which uses message authentication codes. We define use cases in which MPE can be applied, set security goals for the protocol, and analyze the performance of the protocol considering communication and computational overhead. We discuss the impact of compromises and perform security analysis. We also formally model our protocols in ProVerif and verify their security properties.