On the Use of Key Assignment Schemes in Authentication Protocols

TL;DR

This paper investigates using Key Assignment Schemes in entity authentication protocols to enable efficient, policy-based, and potentially anonymous authentication, including group and timestamp-based methods without synchronized clocks.

Contribution

It introduces a novel application of KASs in authentication protocols, allowing policy enforcement, anonymity, and flexible identity verification with trusted third parties.

Findings

KASs can be used to authenticate entities based on security labels.

The approach supports group authentication and anonymity.

It enables timestamp-based authentication without synchronized clocks.

Abstract

Key Assignment Schemes (KASs) have been extensively studied in the context of cryptographically-enforced access control, where derived keys are used to decrypt protected resources. In this paper, we explore the use of KASs in entity authentication protocols, where we use derived keys to encrypt challenges. This novel use of KASs permits the efficient authentication of an entity in accordance with an authentication policy by associating entities with security labels representing specific services. Cryptographic keys are associated with each security label and demonstrating knowledge of an appropriate key is used as the basis for authentication. Thus, by controlling the distribution of such keys, restrictions may be efficiently placed upon the circumstances under which an entity may be authenticated and the services to which they may gain access. In this work, we explore how both standardized protocols and novel constructions may be developed to authenticate entities as members of a group associated to a particular security label, whilst protecting the long-term secrets in the system. We also see that such constructions may allow for authentication whilst preserving anonymity, and that by including a trusted third party we can achieve the authentication of individual identities and authentication based on timestamps without the need for synchronized clocks.