Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-Based Encryption with Non-Monotonic Access Structures

Published byPatricia Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "Attribute-Based Encryption with Non-Monotonic Access Structures"— Presentation transcript:

1 Attribute-Based Encryption with Non-Monotonic Access Structures
Rafail Ostrovsky UCLA Amit Sahai UCLA Brent Waters SRI International

2 Server Mediated Access Control
File 1 Server stores data in clear Expressive access controls Access list: John, Beth, Sue, Bob Attributes: “Computer Science” , “Admissions”

3 Distributed Storage Downside: Increased vulnerability Scalability
Reliability Downside: Increased vulnerability

4 Traditional Encrypted Filesystem
Encrypted Files stored on Untrusted Server Every user can decrypt its own files File 1 Owner: John Files to be shared across different users? Credentials? File 2 Owner: Tim Lost expressivity of trusted server approach!

5 Attribute-Based Encryption [SW05]
Goal: Encryption with Expressive Access Control File 1 “Creator: John” “Computer Science” “Admissions” “Date: ” Label files with attributes File 2 “Creator: Tim” “History” “Admissions” “Date: ”

6 Attribute-Based Encryption
Univ. Key Authority File 1 “Creator: John” “Computer Science” “Admissions” “Date: ” OR AND “Computer Science” “Admissions” “Bob” File 2 “Creator: Tim” “History” “Admissions” “Date: ”

7 Attribute-Based Encryption
Ciphertext has set of attributes Keys reflect a tree access structure Decrypt iff attributes from CT satisfy key’s policy OR AND “Computer Science” “Admissions” “Bob” “Creator: John” “Computer Science” “Admissions” “Date: ”

8 Central goal: Prevent Collusions
If neither user can decrypt a CT, then they can’t together AND “Computer Science” “Admissions” AND “History” “Hiring” Ciphertext = M, {“Computer Science”, “Hiring”}

9 Current ABE Systems [GPWS06]
Monotonic Access Formulas Tree of ANDs, ORs, threshold (k of N) … Attributes at leaves NOT is unsupported! OR AND “Bob” “Computer Science” “Admissions”

10 Fresh randomness used for each key generated!
Key Generation Public Parameters Fresh randomness used for each key generated! gt1, gt2,.... gtn, e(g,g)y OR AND “Computer Science” “Admissions” “Bob” y r (y-r) y3= yn= y1= “Greedy” Decryption Private Key gy1/t1 , gy3/t3 , gyn/tn

11 Supporting “NOTs” [OSW07]
Example Peer Review of Other Depts. Bob is in C.S. dept => Avoid Conflict of Interest AND “Computer Science” NOT “Dept. Review” “Year:2007” Challenge: Can’t attacker just ignore CT components?

12 A Simple Solution Use explicit “not” attributes
Attribute “Not:Admissions”, “Not:Biology” Problems: Encryptor does not know all attributes to negate Huge number of attributes per CT “Creator: John” “History” “Admissions” “Date: ” “Not:Anthropology” “Not:Aeronautics” “Not:Zoology”

13 Technique 1: Simplify Formulas
Use DeMorgan’s law to propagate NOTs to just the attributes AND NOT OR NOT “Dept. Review” “Public Policy” “Computer Science”

14 Revocation Systems [NNL01,NP01…]
Broadcast to all but a certain set of users Application: Digital content protection P1 P2 P3

15 Applying Revocation Techniques
Focus on a particular Not Attribute AND “Year:2007” “Dept. Review” “Computer Science” NOT

16 Applying Revocation Techniques
Focus on a particular ‘Not’ Attribute “Computer Science” NOT Attribute in ‘Not’ as node’s “identity” Attributes in CT as Revoked Users “Creator: John” “Computer Science” “Admissions” “Date: ” Node ID not in “revoked” list =>satisfied N.B. – Just one node in larger policy

17 “Polynomial Revocation” [NP01]
Pick a degree n polynomial q( ), q(0)=a n+1 points to interpolate User t gets q(t) Encryption: gs , ,Mgsa Revoked x1, …, xn gsq(x1) , ..., gsq(xn) gsq(t) Can interpolate to gsq(0)=gsa iff t not in {x1,…xn}

18 ABE with Negation Push NOTs to leaves Apply ABE key generation
Collusion resistance still key! Treat non-negated attributes same New Type of Polynomial Revocation at Leaves

19 Choose degree n polynomial q(), q(0)=b
System Sketch Choose degree n polynomial q(), q(0)=b Public Parameters Can compute gq(x) gq(0), gq(1),.... gq(n), Ciphertext gs, gsq(x1) , … , gsq(xn) Attributes: x1, x2… e(g,g)srq(t) e(g,g)srq(x1) e(g,g)srq(xn) Private Key grq(t), gr “Computer Science” NOT Derived from ABE key generation If points different can compute e(g,g)srb =t

20 Conclusions and Open Directions
Goal: Increase expressiveness of Encryption Systems Provided Negation to ABE systems Challenge: Decryptor Ignores “Bad” Attributes Solution: Revocation techniques Future: ABE with Circuits Other cryptographic access control

21 Thank You

Download ppt "Attribute-Based Encryption with Non-Monotonic Access Structures"

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Attribute-based Encryption

Attribute-based Encryption
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.

Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.

1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
Access Control & Digital Rights Management KAIST KSE Uichin Lee.

Access Control & Digital Rights Management KAIST KSE Uichin Lee.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Daniel Moran & Marina Yatsina. Access control through encryption.

Daniel Moran & Marina Yatsina. Access control through encryption.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.

Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Similar presentations

Ads by Google