Simplified Key Management for Digital Access Control of Information Objects
Institute for Defense Analyses Alexandria United States
Pagination or Media Count:
Access control of information objects is complicated by the need to establish a common set of access requirements, bind those access requirements to the information object, and compute whether or not the criteria are met for allowing access. An information object can be an e-mail, a Word document, a spreadsheet, or a series of sensor readings. In the simplified case, objects that need to be controlled will be stored in an encrypted file. The file will be decrypted when access criteria are verified. With increasing requirements for records management and maintenance of more and more electronic objects, the number of controlled information objects is rising dramatically. In the past key management has been extensive with little efficiency available when encrypting large numbers of information assets. Often, grouping and segmenting objects by type is done to reduce the number of keys needed and hence reduce management of keys. This approach compromises a large number of content files when exploits manage to extract cryptographic keys. Yet maintaining distinct keys for each content object makes key management a serious issue. The proposed process uses a hybrid symmetricasymmetric keying approach that provides a unique key for each information object while minimizing the key management requirements. This method reduces losses to individual information objects when keys are compromised, but with a greatly reduced key management process that relies on PKI processes.
- Computer Systems Management and Standards
- Information Science