Policy-based cryptography : theory and applications

Identity-based cryptography? is one of the most popular topics addressed by the cryptographic research community in the last five years. As can be guessed from the name, the notion of ?identity? is central to identity-based cryptographic primitives. In general, identity is not sufficient for authorization and trust establishment, especially in the context of large-scale open environments like the Internet, where interactions often occur between parties with no pre-existing familiarity of one another. An increasingly popular approach to determining the trustworthiness of the interacting entities consists in using policies fulfilled by digital credentials. In this thesis, we present a new concept in cryptography, called ?policy-based cryptography?, which allows to perform cryptographic operations with respect to policies fulfilled by digital credentials. Intuitively, a policy-based encryption scheme allows to encrypt a message with respect to a policy so that only an entity that is compliant with the policy can decrypt the message. Similarly, a policy-based signature scheme allows to generate a signature on a message with respect to a policy so that the signature is valid if and only if it was generated by an entity that is compliant with the policy. We present three policy-based cryptographic primitives from bilinear pairings over elliptic curves and prove their security under well-defined security models. We further illustrate the usefulness of our concept through the description of application scenarios in the contexts of access control, privacy policy enforcement, establishment of ad-hoc communities, automated trust negotiation and proxy certification.