Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Cryptographically enforced four-eyes principle

: Bilzhause, A.; Huber, M.; Pöhls, H.C.; Samelin, K.


Institute of Electrical and Electronics Engineers -IEEE-:
11th International Conference on Availability, Reliability and Security, ARES 2016 : Salzburg, Austria, 31 August - 2 September 2016; Proceedings
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-5090-0990-9
ISBN: 978-1-5090-0989-3
ISBN: 978-1-5090-0991-6
International Conference on Availability, Reliability and Security (ARES) <11, 2016, Salzburg>
Fraunhofer AISEC ()

The 4-eyes principle (4EP) is a well-known access control and authorization principle, and used in many scenarios to minimize the likelihood of corruption. It states that at least two separate entities must approve a message before it is considered authentic. Hence, an adversarial party aiming to forge bogus content is forced to convince other parties to collude in the attack. We present a formal framework along with a suitable security model. Namely, a party sets a policy for a given message which involves multiple additional approvers in order to authenticate the message. Finally, we show how these signatures are black-box realized by secure sanitizable signature schemes.