Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
446 Military Communications and Information Technology... may or may not use this key – this depends on the exact trust model tied to the PKMA. • If the PKMA mandates the use of certificates, these are included in the signature-element. Certification information required for delegation are an exception for this rule (discussed below). • The schema may make provisions to embrace extensions of a certain PKMA type, provided they do not exclude other PKMAs from the same function. In practice, these include: ✓ The block key may be encrypted several times by different public keys, and these listed independently. The encrypted data blob should not give preference to any of these. ✓ The role information may be a single identifying string, a list of roles, or a (propositional) logic expression involving roles, activities and other restrictions. C. Design principles: signing The construction of our CBIS schema follows the principles outlined in [12], with one major distinction about the signatures. The distinction concerns the signatory role: whereas in [12] this role was always equated with the key management center, we implement three different roles: Owner/ADMIN-User, WRITE-User and Filter. In the structured document itself this is reflected as content-signatures and metadata signatures, which must thus be independent of each other. The trust model used here dictates that the administrative restructuring of the document should not reveal or modify the actual content, thus the content and administrative signatures (data vs. metadata) should be independent. However, in [12] it was not clear how to automatically compute compound signatures for restructured content with the authority of the Owner. The book suggested using delegation with attribute certificates. The work in [5] presents a brilliant solution to retain the compound signatures constant throughout the whole tree-structure of an XML document. Using this approach, we are able to keep the content signatures unmodified (by administrative components). In addition to the Owner, WRITE-Users are allowed to legally modify the data. This is accomplished through a list of users with WRITE-permission on an element. Technically this means that upon opening a document, the User Agent checks at least the content signatures, and if the signatory is either the Owner (the only completely trusted party) or another user with WRITE-permissions listed in the metadata, the signature is accepted as valid. To enforce the WRITE-permissions list, the whole element containing the list (cbis:securityAttribute) is signed by an ADMIN-user.
Chapter 4: Information Assurance & Cyber Defence 447 The Filter signs parts of the document security metadata (History-related). As the Filter is only semi-trusted, and ADMIN-users may have conflicts of interests, different public keys need a validity certification from the Owner. The Filter validity certification is required irrespective of the PKMA. We assume for simplicity that the correspondence between Owner and a document is oneto-many (instead of many-to-many). Thus the validity certification can be placed in the per-document metadata element. Furthermore, the schema doesn’t specify the form of the certification – it could be a PKI certificate, IBC-based delegation (e.g. with a public key of the type “Owner X grants admin privileges to Filter Y”, which is verifiable with the Owner X public parameters and the claimed string only), or something else, as long as it contains sufficient cryptographic strength. In order to separate the administration and content, some cryptographic conventions need to be observed: • The need to separate non-repudiation and basic integrity signatures is PKMA-dependent, so the number of signatures is left open here, and the types of signatures are listed as widely as needed. • Layered encryption (super-encryption, encrypting already enciphered content) is not used. Opening administrative metadata would require additional layers of filters and/or key management. In [12] and [11] super-encryption is defined – the purpose here could be embedding other documents or hiding the access control information – but we leave it out here for simplicity. D. Design principles: versioning The main document is assumed to be modifiable. There are two types of modification possibilities: content modification and permission type modification. In each case, the CAC paradigm entails that since the actual modifications cannot be prevented (only detected), there should be a possibility of rollback and attribution (finding the perpetrator). Rollback requires versioning and storage of the previous versions. Content versioning is considered to be outside the scope of this paper – it can be done by creating a separate document per committed modification and transferring the versioning burden to the Storage (as it should be optimized for availability). Per-element versioning does affect the CBIS schema itself, and this is considered more of a document management than a security issue. Per-element versioning should bind the content signature together with the content – thus we do not consider content signature versioning either here. Attribution has two facets: illegal modifiers of content and security policy. If content is modified meaningfully, it implies than legal keys of some user are used. This in turn can be traced back to the user identity by comparing different versions and signature information. Thus content modification attribution is built in to the signatures (enforcing non-repudiation) and versioning.
- Page 395 and 396: Network Traffic Characteristics for
- Page 397 and 398: Chapter 4: Information Assurance &
- Page 399 and 400: Chapter 4: Information Assurance &
- Page 401 and 402: Chapter 4: Information Assurance &
- Page 403 and 404: Chapter 4: Information Assurance &
- Page 405 and 406: Chapter 4: Information Assurance &
- Page 407 and 408: Chapter 4: Information Assurance &
- Page 409 and 410: Chapter 4: Information Assurance &
- Page 411 and 412: Chapter 4: Information Assurance &
- Page 413 and 414: Chapter 4: Information Assurance &
- Page 415 and 416: Methodology for Gathering Data Conc
- Page 417 and 418: Chapter 4: Information Assurance &
- Page 419 and 420: Chapter 4: Information Assurance &
- Page 421 and 422: Chapter 4: Information Assurance &
- Page 423 and 424: Chapter 4: Information Assurance &
- Page 425 and 426: Chapter 4: Information Assurance &
- Page 427 and 428: Chapter 4: Information Assurance &
- Page 429: Chapter 4: Information Assurance &
- Page 432 and 433: 432 Military Communications and Inf
- Page 434 and 435: 434 Military Communications and Inf
- Page 436 and 437: 436 Military Communications and Inf
- Page 439 and 440: On Multi-Level Secure Structured Co
- Page 441 and 442: Chapter 4: Information Assurance &
- Page 443 and 444: Chapter 4: Information Assurance &
- Page 445: Chapter 4: Information Assurance &
- Page 449 and 450: Chapter 4: Information Assurance &
- Page 451 and 452: Chapter 4: Information Assurance &
- Page 453 and 454: Chapter 4: Information Assurance &
- Page 455 and 456: Generation of Nonlinear Feedback Sh
- Page 457 and 458: Chapter 4: Information Assurance &
- Page 459 and 460: Chapter 4: Information Assurance &
- Page 461 and 462: Chapter 4: Information Assurance &
- Page 463: Chapter 4: Information Assurance &
- Page 466 and 467: 466 Military Communications and Inf
- Page 468 and 469: 468 Military Communications and Inf
- Page 470 and 471: 470 Military Communications and Inf
- Page 472 and 473: 472 Military Communications and Inf
- Page 474 and 475: 474 Military Communications and Inf
- Page 476 and 477: 476 Military Communications and Inf
- Page 478 and 479: 478 Military Communications and Inf
- Page 480 and 481: 480 Military Communications and Inf
- Page 482 and 483: 482 Military Communications and Inf
- Page 485 and 486: Modern Usage of “Old” One-Time
- Page 487 and 488: Chapter 4: Information Assurance &
- Page 489 and 490: Chapter 4: Information Assurance &
- Page 491 and 492: Chapter 4: Information Assurance &
- Page 493 and 494: Chapter 4: Information Assurance &
- Page 495: Chapter 4: Information Assurance &
446 <strong>Military</strong> <strong>Communications</strong> <strong>and</strong> <strong>Information</strong> <strong>Technology</strong>...<br />
may or may not use this key – this depends on the exact trust model tied<br />
to the PKMA.<br />
• If the PKMA m<strong>and</strong>ates the use of certificates, these are included in the signature-element.<br />
Certification information required for delegation are<br />
an exception for this rule (discussed below).<br />
• The schema may make provisions to embrace extensions of a certain PKMA<br />
type, provided they do not exclude other PKMAs from the same function.<br />
In practice, these include:<br />
✓ The block key may be encrypted several times by different public keys,<br />
<strong>and</strong> these listed independently. The encrypted data blob should not give<br />
preference to any of these.<br />
✓ The role information may be a single identifying string, a list of roles,<br />
or a (propositional) logic expression involving roles, activities <strong>and</strong> other<br />
restrictions.<br />
C. Design principles: signing<br />
The construction of our CBIS schema follows the principles outlined<br />
in [12], with one major distinction about the signatures. The distinction concerns<br />
the signatory role: whereas in [12] this role was always equated with the key<br />
management center, we implement three different roles: Owner/ADMIN-User,<br />
WRITE-User <strong>and</strong> Filter. In the structured document itself this is reflected<br />
as content-signatures <strong>and</strong> metadata signatures, which must thus be independent<br />
of each other.<br />
The trust model used here dictates that the administrative restructuring<br />
of the document should not reveal or modify the actual content, thus the content<br />
<strong>and</strong> administrative signatures (data vs. metadata) should be independent. However,<br />
in [12] it was not clear how to automatically compute compound signatures for<br />
restructured content with the authority of the Owner. The book suggested using<br />
delegation with attribute certificates.<br />
The work in [5] presents a brilliant solution to retain the compound signatures<br />
constant throughout the whole tree-structure of an XML document. Using this<br />
approach, we are able to keep the content signatures unmodified (by administrative<br />
components).<br />
In addition to the Owner, WRITE-Users are allowed to legally modify the data.<br />
This is accomplished through a list of users with WRITE-permission on an element.<br />
Technically this means that upon opening a document, the User Agent<br />
checks at least the content signatures, <strong>and</strong> if the signatory is either the Owner<br />
(the only completely trusted party) or another user with WRITE-permissions<br />
listed in the metadata, the signature is accepted as valid.<br />
To enforce the WRITE-permissions list, the whole element containing the list<br />
(cbis:securityAttribute) is signed by an ADMIN-user.