A secure directory service based on exclusive encryption

We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Douceur, J.R., Adya, A., Benaloh, J., Bolosky, W.J., Yuval, G.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 182
container_issue
container_start_page 172
container_title
container_volume
creator Douceur, J.R.
Adya, A.
Benaloh, J.
Bolosky, W.J.
Yuval, G.
description We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.
doi_str_mv 10.1109/CSAC.2002.1176289
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1176289</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1176289</ieee_id><sourcerecordid>1176289</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-ad3c131b5c6c95b033fd19184d3858363bd791f2e3f1bf52bbfc595dd484502b3</originalsourceid><addsrcrecordid>eNotj8lqwzAURUUHqJP2A0o3-gGnenrWtDSmEwS6aLsOlvQEKqkTZCfUf99As7qcszhwGbsHsQIQ7rH7aLuVFEKe0Ghp3QWrpDK6diDwki2E0U6BlRauWAVCY-2UNDdsMY7fQoBzBipmWz5SOBTiMRcK067MJ1GOORD3_UiR7wZOv2F7GPOROA2hzPsp74Zbdp367Uh3512yr-enz-61Xr-_vHXtus5g1FT3EQMgeBV0cMoLxBTBgW0iWmVRo4_GQZKECXxS0vsUlFMxNrZRQnpcsof_biaizb7kn77Mm_Nj_AOk8EgI</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A secure directory service based on exclusive encryption</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Douceur, J.R. ; Adya, A. ; Benaloh, J. ; Bolosky, W.J. ; Yuval, G.</creator><creatorcontrib>Douceur, J.R. ; Adya, A. ; Benaloh, J. ; Bolosky, W.J. ; Yuval, G.</creatorcontrib><description>We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.</description><identifier>ISSN: 1063-9527</identifier><identifier>ISBN: 0769518281</identifier><identifier>ISBN: 9780769518282</identifier><identifier>EISSN: 2576-9103</identifier><identifier>DOI: 10.1109/CSAC.2002.1176289</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Authorization ; Cryptography ; Data mining ; Data privacy ; Encoding ; File servers ; Law ; Legal factors ; Protection</subject><ispartof>18th Annual Computer Security Applications Conference, 2002. Proceedings, 2002, p.172-182</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1176289$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,4050,4051,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1176289$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Douceur, J.R.</creatorcontrib><creatorcontrib>Adya, A.</creatorcontrib><creatorcontrib>Benaloh, J.</creatorcontrib><creatorcontrib>Bolosky, W.J.</creatorcontrib><creatorcontrib>Yuval, G.</creatorcontrib><title>A secure directory service based on exclusive encryption</title><title>18th Annual Computer Security Applications Conference, 2002. Proceedings</title><addtitle>CSAC</addtitle><description>We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.</description><subject>Access control</subject><subject>Authorization</subject><subject>Cryptography</subject><subject>Data mining</subject><subject>Data privacy</subject><subject>Encoding</subject><subject>File servers</subject><subject>Law</subject><subject>Legal factors</subject><subject>Protection</subject><issn>1063-9527</issn><issn>2576-9103</issn><isbn>0769518281</isbn><isbn>9780769518282</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2002</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj8lqwzAURUUHqJP2A0o3-gGnenrWtDSmEwS6aLsOlvQEKqkTZCfUf99As7qcszhwGbsHsQIQ7rH7aLuVFEKe0Ghp3QWrpDK6diDwki2E0U6BlRauWAVCY-2UNDdsMY7fQoBzBipmWz5SOBTiMRcK067MJ1GOORD3_UiR7wZOv2F7GPOROA2hzPsp74Zbdp367Uh3512yr-enz-61Xr-_vHXtus5g1FT3EQMgeBV0cMoLxBTBgW0iWmVRo4_GQZKECXxS0vsUlFMxNrZRQnpcsof_biaizb7kn77Mm_Nj_AOk8EgI</recordid><startdate>2002</startdate><enddate>2002</enddate><creator>Douceur, J.R.</creator><creator>Adya, A.</creator><creator>Benaloh, J.</creator><creator>Bolosky, W.J.</creator><creator>Yuval, G.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2002</creationdate><title>A secure directory service based on exclusive encryption</title><author>Douceur, J.R. ; Adya, A. ; Benaloh, J. ; Bolosky, W.J. ; Yuval, G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-ad3c131b5c6c95b033fd19184d3858363bd791f2e3f1bf52bbfc595dd484502b3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2002</creationdate><topic>Access control</topic><topic>Authorization</topic><topic>Cryptography</topic><topic>Data mining</topic><topic>Data privacy</topic><topic>Encoding</topic><topic>File servers</topic><topic>Law</topic><topic>Legal factors</topic><topic>Protection</topic><toplevel>online_resources</toplevel><creatorcontrib>Douceur, J.R.</creatorcontrib><creatorcontrib>Adya, A.</creatorcontrib><creatorcontrib>Benaloh, J.</creatorcontrib><creatorcontrib>Bolosky, W.J.</creatorcontrib><creatorcontrib>Yuval, G.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Douceur, J.R.</au><au>Adya, A.</au><au>Benaloh, J.</au><au>Bolosky, W.J.</au><au>Yuval, G.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A secure directory service based on exclusive encryption</atitle><btitle>18th Annual Computer Security Applications Conference, 2002. Proceedings</btitle><stitle>CSAC</stitle><date>2002</date><risdate>2002</risdate><spage>172</spage><epage>182</epage><pages>172-182</pages><issn>1063-9527</issn><eissn>2576-9103</eissn><isbn>0769518281</isbn><isbn>9780769518282</isbn><abstract>We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.</abstract><pub>IEEE</pub><doi>10.1109/CSAC.2002.1176289</doi><tpages>11</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1063-9527
ispartof 18th Annual Computer Security Applications Conference, 2002. Proceedings, 2002, p.172-182
issn 1063-9527
2576-9103
language eng
recordid cdi_ieee_primary_1176289
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Authorization
Cryptography
Data mining
Data privacy
Encoding
File servers
Law
Legal factors
Protection
title A secure directory service based on exclusive encryption
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T02%3A42%3A53IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20secure%20directory%20service%20based%20on%20exclusive%20encryption&rft.btitle=18th%20Annual%20Computer%20Security%20Applications%20Conference,%202002.%20Proceedings&rft.au=Douceur,%20J.R.&rft.date=2002&rft.spage=172&rft.epage=182&rft.pages=172-182&rft.issn=1063-9527&rft.eissn=2576-9103&rft.isbn=0769518281&rft.isbn_list=9780769518282&rft_id=info:doi/10.1109/CSAC.2002.1176289&rft_dat=%3Cieee_6IE%3E1176289%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1176289&rfr_iscdi=true