Key Assignment Schemes (KASs) have been extensively studied in the context ofcryptographically-enforced access control, where derived keys are used todecrypt protected resources. In this paper, we explore the use of KASs inentity authentication protocols, where we use derived keys to encryptchallenges. This novel use of KASs permits the efficient authentication of anentity in accordance with an authentication policy by associating entities withsecurity labels representing specific services. Cryptographic keys areassociated with each security label and demonstrating knowledge of anappropriate key is used as the basis for authentication. Thus, by controllingthe distribution of such keys, restrictions may be efficiently placed upon thecircumstances under which an entity may be authenticated and the services towhich they may gain access. In this work, we explore how both standardized protocols and novelconstructions may be developed to authenticate entities as members of a groupassociated to a particular security label, whilst protecting the long-termsecrets in the system. We also see that such constructions may allow forauthentication whilst preserving anonymity, and that by including a trustedthird party we can achieve the authentication of individual identities andauthentication based on timestamps without the need for synchronized clocks.
展开▼