Cryptographically Enforced Four-Eyes Principle
Title
Cryptographically Enforced Four-Eyes Principle
Authors
Arne Bilzhause (Institute of IT-Security and Security Law, University of Passau), Manuel Huber (Fraunhofer Research Institute AISEC, Munich, Germany), Henrich C. Pöhls (Institute of IT-Security and Security Law, University of Passau), Kai Samelin (IBM Research – Zurich, Rüschlikon, Switzerland & TU Darmstadt, Darmstadt, Germany)
Abstract
The 4-eyes principle (4EP) is a well-known access control and authorization principle, and used in many scenarios to minimize the likelihood of corruption. It states that at least two separate entities must approve a message before it is considered authentic. Hence, an adversarial party aiming to forge bogus content is forced to convince other parties to collude in the attack. We present a formal framework along with a suitable security model. Namely, a party sets a policy for a given message which involves multiple additional approvers in order to authenticate the message. Finally, we show how these signatures are black-box realized by secure sanitizable signature schemes.
Venue
SECPID 2016 EU Symposium - ARES 2016 (https://www.ares-conference.eu/conference/ares-eu-symposium/secpid-2016/)
Place and Date
Salzburg, Austria, August 31 – September 2, 2016.
Publication Reference
A. Bilzhause, M. Huber, H. C. Pöhls and K. Samelin. Cryptographically Enforced Four-Eyes Principle. In Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud to be held at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016), Conference Publishing Services (CPS), 2016.
[Download]
Bibtex
@inproceedings{Bilzhause_et_al_SECPID16,
Author = {Arne Bilzhause and Manuel Huber and Henrich C. P\"ohls and Kai Samelin},
Title = {{Cryptographically Enforced Four-Eyes Principle}},
Booktitle = {{Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016)}},
Editors = {},
Year = {2016},
Month = {August},
Publisher = {Conference Publishing Services (CPS)}, Url = {https://web.sec.uni-passau.de/papers/2016_BilzhauseHuberPoehlsSamelin_4EyesPrinciple_ARES_SECPID.pdf}
}