Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.

Published byBrianna Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI."— Presentation transcript:

1 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI

2 2 Traditional Encrypted Filesystem File 1 Owner: John File 2 Owner: Tim  Encrypted Files stored on Untrusted Server  Every user can decrypt its own files  Files to be shared across different users?

3 3 A New Encrypted Filesystem File 1 “Creator: John” “Computer Science” “Admissions” “Date: 04-11-06” File 2 “Creator: Tim” “History” “Admissions” “Date: 03-20-05”  Label files with attributes

4 4 An Encrypted Filesystem File 1 “Creator: John” “Computer Science” “Admissions” “Date: 04-11-06” File 2 “Creator: Tim” “History” “Admissions” “Date: 03-20-05” Authority OR AND “Computer Science” “Admissions” “Bob”

5 5 Threshold Attribute-Based Enc. [SW05]  Sahai-Waters introduced ABE, but only for “threshold policies”: Ciphertext has set of attributes User has set of attributes If more than k attributes match, then User can decrypt.  Main Application- Biometrics

6 6 General Attribute-Based Encryption  Ciphertext has set of attributes  Keys reflect a tree access structure  Decrypt iff attributes from CT satisfy key’s policy OR AND “Computer Science” “Admissions” “Bob”

7 7 Central goal: Prevent Collusions  Users shouldn’t be able to collude AND “Computer Science” “Admissions” AND “History” “Hiring” Ciphertext = M, {“Computer Science”, “Hiring”}

8 8 Related Work  Access Control [Smart03], Hidden Credentials [Holt et al. 03-04] Not Collusion Resistant  Secret Sharing Schemes [Shamir79, Benaloh86…] Allow Collusion

9 9 Techniques We combine two ideas  Bilinear maps  G eneral Secret Sharing Schemes

10 10 Bilinear Maps  G, G 1 : multiplicative of prime order p.  Def: An admissible bilinear map e: G  G  G 1 is: –Non-degenerate: g generates G  e(g,g) generates G 1. –Bilinear: e(g a, g b ) = e(g,g) ab  a,b  Z, g  G –Efficiently computable. –Exist based on Elliptic-Curve Cryptography

11 11 Secret Sharing [Ben86]  Secret Sharing for tree-structure of AND + OR OR AND “Computer Science” “Admissions” “Bob” y y y r (y-r) Replicate secret for OR’s. Split secrets for AND’s.

12 12 The Fixed Attributes System: System Setup Public Parameters g t 1, g t 2,.... g t n, e(g,g) y “Bob”, “John”, …, “Admissions” List of all possible attributes:

13 13 Encryption Public Parameters g t 1, g t 2, g t 3,.... g t n, e(g,g) y Ciphertext g st 2, g st 3, g st n, e(g,g) sy Select set of attributes, raise them to random s M File 1 “Creator: John” (attribute 2) “Computer Science” (attribute 3) “Admissions” (attribute n)

14 14 Key Generation Public Parameters Private Key g y 1 /t 1, g y 3 /t 3, g y n /t n g t 1, g t 2,.... g t n, e(g,g) y Fresh randomness used for each key generated! Ciphertext g st 2, g st 3, g st n, e(g,g) sy M OR AND “Computer Science” “Admissions” “Bob” y y y r (y-r) y3=y3= yn=yn= y1=y1=

15 15 Decryption e(g,g) sy 3 e(g,g) sy n = e(g,g) s(y-r+r) = e(g,g) sy (Linear operation in exponent to reconstruct e(g,g) sy ) Ciphertext g st 2, g st 3, g st n, Me(g,g) sy Private Key g y 1 /t 1, g y 3 /t 3, g y n /t n e(g,g) sy 3

16 16 Security  Reduction: Bilinear Decisional Diffie-Hellman  Given g a,g b,g c distinguish e(g,g) abc from random  Collusion resistance  Can’t combine private key components

17 17 The Large Universe Construction: Key Idea Public Function T(.), e(g,g) y Private Key  Any string can be a valid attribute Ciphertext g s, e(g,g) sy M For each attribute i: T(i) s For each attribute i g y i T(i) r i, g r i e(g,g) sy i Public Parameters

18 18 Extensions  Building from any linear secret sharing scheme  In particular, tree of threshold gates…  Delegation of Private Keys

19 19 Delegation AND “Computer Science” “admissions” OR “ Bob ”  Derive a key for a more restrictive policy Year=2006  Subsumes Hierarchical-IBE [Horwitz-Lynn 02, …] Bob’s Assistant

20 20 Applications: Targeted Broadcast Encryption  Encrypted stream AND “Soccer” “Germany” AND “Sport” “11-01-2006” Ciphertext = S, {“Sport”, “Soccer”, “Germany”, “France”, “11-01-2006”}

21 21 Thank You

Download ppt "1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI."

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
Attribute-based Encryption

Attribute-based Encryption
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.

1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption

Identity Based Encryption
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.

Similar presentations

Ads by Google