Cryptographically Enforced Four-Eyes Principle

Title

Cryptographically Enforced Four-Eyes Principle

Authors

Arne Bilzhause (Institute of IT-Security and Security Law, University of Passau), Manuel Huber (Fraunhofer Research Institute AISEC, Munich, Germany), Henrich C. Pöhls (Institute of IT-Security and Security Law, University of Passau), Kai Samelin (IBM Research – Zurich, Rüschlikon, Switzerland & TU Darmstadt, Darmstadt, Germany)

Abstract

The 4-eyes principle (4EP) is a well-known access control and authorization principle, and used in many scenarios to minimize the likelihood of corruption. It states that at least two separate entities must approve a message before it is considered authentic. Hence, an adversarial party aiming to forge bogus content is forced to convince other parties to collude in the attack. We present a formal framework along with a suitable security model. Namely, a party sets a policy for a given message which involves multiple additional approvers in order to authenticate the message. Finally, we show how these signatures are black-box realized by secure sanitizable signature schemes.

Venue

SECPID 2016 EU Symposium - ARES 2016 (https://www.ares-conference.eu/conference/ares-eu-symposium/secpid-2016/)

Place and Date

Salzburg, Austria, August 31 – September 2, 2016.

Publication Reference

A. Bilzhause, M. Huber, H. C. Pöhls and K. Samelin. Cryptographically Enforced Four-Eyes Principle. In Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud to be held at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016), Conference Publishing Services (CPS), 2016.

Bibtex

@inproceedings{Bilzhause_et_al_SECPID16,
 Author    = {Arne Bilzhause and Manuel Huber and Henrich C. P\"ohls and Kai Samelin},
 Title     = {{Cryptographically Enforced Four-Eyes Principle}},
 Booktitle = {{Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud  at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016)}},
 Editors   = {},
 Year      = {2016},
 Month     = {August},
 Publisher = {Conference Publishing Services (CPS)},  Url = {https://web.sec.uni-passau.de/papers/2016_BilzhauseHuberPoehlsSamelin_4EyesPrinciple_ARES_SECPID.pdf}
}