International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Break-glass Encryption

Authors:
Alessandra Scafuro
Download:
DOI: 10.1007/978-3-030-17259-6_2
Search ePrint
Search Google
Conference: PKC 2019
Abstract: “Break-glass” is a term used in IT healthcare systems to denote an emergency access to private information without having the credentials to do so.In this paper we introduce the concept of break-glass encryption for cloud storage, where the security of the ciphertexts – stored on a cloud – can be violated exactly once, for emergency circumstances, in a way that is detectable and without relying on a trusted party.Detectability is the crucial property here: if a cloud breaks glass without permission from the legitimate user, the latter should detect it and have a proof of such violation. However, if the break-glass procedure is invoked by the legitimate user, then semantic security must still hold and the cloud will learn nothing. Distinguishing that a break-glass is requested by the legitimate party is also challenging in absence of secrets.In this paper, we provide a formalization of break-glass encryption and a secure instantiation using hardware tokens. Our construction aims to be a feasibility result and is admittedly impractical. Whether hardware tokens are necessary to achieve this security notion and whether more practical solutions can be devised are interesting open questions.
BibTeX
@inproceedings{pkc-2019-29296,
  title={Break-glass Encryption},
  booktitle={Public-Key Cryptography – PKC 2019},
  series={Lecture Notes in Computer Science},
  publisher={Springer},
  volume={11443},
  pages={34-62},
  doi={10.1007/978-3-030-17259-6_2},
  author={Alessandra Scafuro},
  year=2019
}