Publication Date:
2016-07-30
Description:
The typical Secure Document Management System (SDMS) uses cryptography or access control mechanisms to restrict illegal access by unauthorized users to digital documents. However, these techniques are insufficient when authorized users betray the trust of their organizations, distributing sensitive digital documents to unauthorized users. This paper presents a novel end-to-end approach to construct a robust SDMS able to guarantee not only the integrity and confidentiality of digital documents (data-centric security), but also providing robust insider threat tracing mechanisms (user-centric security). As far as the authors' knowledge extends, this is the first contribution that analyses security issues of SDMS considering data-centric (by means of encryption) and user-centric (based on fingerprinting) security services for the construction of an SDMS. Security requirements are identified from the modeling of a digital document's lifecycle. Then cryptographic techniques are carefully coupled with a fingerprinting technique at specific stages of the proposed document lifecycle. As a proof of concept, an SDMS was created, implemented and evaluated, demonstrating its feasibility for deployment in production environments. The robustness of the SDMS was proved, using standard cryptographic algorithms and secure key lengths. The created SDMS also resisted the collusion and retyping attacks commonly directed at fingerprinting applications.
Print ISSN:
0010-4620
Electronic ISSN:
1460-2067
Topics:
Computer Science
Permalink
