Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Bernd Prünster*, Gerald Palfinger, Dominik Ziegler

*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung


This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.

TitelNetwork and System Security - 14th International Conference, NSS 2020, Proceedings
Untertitel14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings
Redakteure/-innenMirosław Kutyłowski, Jun Zhang, Chao Chen
Herausgeber (Verlag)Springer
ISBN (Print)978-3-030-65744-4
PublikationsstatusVeröffentlicht - 1 Jan. 2020
Veranstaltung14th International Conference on Network and System Security - Virtual, Melbourne, Australien
Dauer: 25 Nov. 202027 Nov. 2020


NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band12570 LNCS
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349


Konferenz14th International Conference on Network and System Security
KurztitelNSS 2020
OrtVirtual, Melbourne

ASJC Scopus subject areas

  • Theoretische Informatik
  • Informatik (insg.)

Fields of Expertise

  • Information, Communication & Computing
  • A-SIT - Zentrum für sichere Informationstechnologie Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.


    Projekt: Arbeitsgebiet

Dieses zitieren