Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class.

Published byMavis Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class."— Presentation transcript:

1 Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class Presentation (Based on Authors’ presentation)

2 Computer Science Outline Digital Content and the stateless scenario for trace and revoke The Subset Cover Framework for T&R schemes Two subset cover schemes –Complete Subset Tree –Subset Difference Tree Tracing: –General Tracing Algorithm –Bifurcation property Conclusion

3 Computer Science Problems and Motivation Digital Content: Very easy to generate, transfer and reproduce. However - also easy to violate ownership. CRITICAL!!: –Copyright –Privacy Protecting content : methods for discouraging/preventing redistribution of content - after decryption Watermarking Fingerprinting Protecting cryptographic keys –Broadcast Encryption/Revocation Send information only to intended recipients –Tracing Traitors –Trace and Revoke

4 Computer Science The Broadcast Encryption Problem

5 Computer Science Components of a stateless system NNotations: N - set of n users, R - set of r users whose privileges are to be revoked Scheme Initiation : – a method to assign secret information to devices, I u to u. The broadcast algorithm - –For message M and a set R of users to be revoked, produce a ciphertext C to broadcast to all. A decryption algorithm (at device)- –a non-revoked device should produce M from ciphertext C. –Stateless Users: Decryption should be based on the current message and the secret information I u only. –Goal: Impossible to produce M from ciphertext even when provided with the secret information of all revoked users.

6 Computer Science Subset Cover Framework :An algorithm Underlying collection of subsets (of devices) S 1, S 2,...,S W S j  N. Each subset S j associated with long-lived key L j –A device u  S j should be able to deduce L j from its secret information I u RNRGiven a revoked set R, the non-revoked users N \ R are partitioned into m disjoint subsets NR S i 1, S i 2,..., S i m (N \ R =  S i j ) –a session key K is encrypted m times with L i 1, L i 2,..., L i m.

7 Computer Science S.Cover:The Broadcast Algorithm Choose a session key K Given R, find a partition of N \ R into disjoint sets: S i 1, S i 2,..., S i m NR N \ R =  Sij –with associated keys Li1, Li2,..., Lim Encrypt message M E: Long Term Alg. F: Moderate Term

8 Computer Science S.Cover: The Decryption Step at u Either – Find the subset i j such that u  S i j, or – null if u  R Obtain L i j from the private information Iu Compute D L i j (E L i j (K)) to obtain K Decrypt F K (M) with K to obtain the message M.

9 Computer Science A Subset-Cover Algorithms

10 Computer Science The Complete Sub-tree Method

11 Computer Science Subset Cover of non-revoked devices Complete Subtree Method

12 Computer Science The Subset-difference Method: Subset Definition

13 Computer Science Subset Cover of non-Revoked Devices Subset-Difference Method

14 Computer Science Key-Assignment: Subset-Difference Method

15 Computer Science Key-Assignment : Subset-Difference Method

16 Computer Science Tracing Traitors Some Users leak their keys to pirates Pirates construct unauthorized decryption devices and sell them at discount Trace and Revoke for all subset cover algorithms satisfying bifurcation property More efficient procedure for subset difference Goal: output one of the two –a user u contained in the box –a partition S = Si1, Si2, …, Sim that disables the box

17 Computer Science Subset Tracing

18 Computer Science Definition: Bifurcation Property Any subset S i can be partitioned into (roughly) two equal sets S i 1 and S i 2. S i = S i 1 U S i 2 Bifurcation value: –Max { |Si1/Si|, |Si2/Si|} –Complete sub-tree method (since sub-trees re complete), can be spitted in two equal part. –Subset Difference methods generally have 2/3. Fundamental for following Tracing algorithm.

19 Computer Science The Tracing Algorithm

20 Computer Science The Tracing Algorithm

21 Computer Science Conclusion Subset-CoverDefine the Subset-Cover framework –Family of algorithms, encapsulating previous methods Rigorous security analysis :Sufficient condition for an algorithm in framework to be secure. Subset-DifferenceProvide the Subset-Difference revocation algorithms –r-flexible (it does not assume a upper bound for # of revoked receiver) –concise message length Tracing algorithm –Works for any algorithm in framework satisfying the bifurcation property –Seamless integration with the revocation algorithm –Withstands any coalition size

22 Computer Science Future Works Can we modify these approaches used in group key management in dynamic wireless networks such as MANETs. Compromised nodes for sensor networks together with broadcast authentication? Real world application?

23 Computer Science Questions Thank you for listening! Questions?

Download ppt "Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.

Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim.

Broadcast Encryption and Traitor Tracing Jin Kim.
1 Trace, Revoke and Self Enforcement Mechanisms for Protecting Information Moni Naor Weizmann Institute of Science.

1 Trace, Revoke and Self Enforcement Mechanisms for Protecting Information Moni Naor Weizmann Institute of Science.
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.

1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.
Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy Miodrag Mihaljevic ASIACRYPT 2003 December 1,

Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy Miodrag Mihaljevic ASIACRYPT 2003 December 1,
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Similar presentations

Ads by Google