Solving the Cross Domain Problem with Functional Encryption

A Cross Domain Problem (CDP) is the question of how to securely access and exchange information between the domains of varying security levels. A Cross Domain Solution (CDS) addresses the CDP by designing the framework and protocols for such access and transfers. Most existing CDS methods rely on policies and trusted parties to manage different security levels. A CDS that can function in the presence of untrusted parties is a challenge. Functional Encryption (FE) is an encryption scheme in which a secret key allows one to compute a specific function of plaintext from the ciphertext. FE is a generalization of identity-based and attribute-based encryption frameworks. General and simultaneously practical FE is an emerging area, and only special types of encryption schemes and functions are effectively handled within existing systems. We apply the concepts of FE to explore a new solution to the CDP, and we argue that our solution does not leak information, provided that widely accepted assumptions about standard digital signatures hold. We built a practical software case study application using a trusted Key Distribution Center (KDC), a standard symmetric key block cipher component (like the AES), and using the Elliptic Curve Digital Signature Algorithm (ECDSA). The experiments show that the computational overhead introduced to routing by our method is cost effective, where the additional cost is equivalent to just a few applications of standard digital signatures.