Attribute-Based Encryption

Slides:



Advertisements
Similar presentations
Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Attribute-based Encryption
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.
Functional Encryption: An Introduction and Survey Brent Waters.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Functional Encryption: Beyond Public Key Cryptography
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
1 Attribute-Based Encryption Brent Waters SRI International.
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
Attribute-Based Encryption with Non-Monotonic Access Structures
Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-
1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Fuzzy Identity Based Encryption Brent Waters Current Research with Amit Sahai.
Attribute-Based Encryption
1 Efficient Selective-ID IBE Without Random Oracle Dan Boneh Stanford University Xavier Boyen Voltage Security.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
Privacy Preserving Cloud Data Access With Multi-Authorities Taeho Jung 1, Xiang-Yang Li 1, Zhiguo Wan 2, Meng Wan 3 Illinois Institute of Technology, Chicago.
Cryptography and Network Security Chapter 13
P2P encryption by an identity-based one-way group key agreement protocol By Jyh-haw Yeh Boise State University Proceedings of IEEE ICPADS 2014.
What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)
Shucheng Yu, Cong Wang, Kui Ren,
Searchable Encryption in Cloud
Cryptography CS 555 Topic 34: SSL/TLS.
Identity Based Encryption
Boneh-Franklin Identity Based Encryption Scheme
Advanced Protocols.
Some slides borrowed from Philippe Golle, Markus Jacobson
Attribute Based Encryption
Elliptic Curves.
Cryptographic Algorithms for Privacy in an Age of Ubiquitous Recording
Using low-degree Homomorphism for Private Conjunction Queries
Advanced Cryptography Protocols
Risky Traitor Tracing and New Differential Privacy Negative Results
Attribute-Based Encryption
Fuzzy Identity Based Encryption
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data An, Sanghong KAIST
Key Management Network Systems Security
Building an Encrypted and Searchable Audit Log
Key Establishment Protocols ~
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Functional Encryption: An Introduction and Survey
The power of Pairings towards standard model security
Verifiable Attribute Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud They really need a shorter title.
Identity Based Encryption from the Diffie-Hellman Assumption
Presentation transcript:

Attribute-Based Encryption Brent Waters SRI International Joint work with Vipul Goyal, Omkant Pandey, and Amit Sahai http://www.csl.sri.com/users/bwaters/

IBE [BF01] Is regular PKI good enough? IBE: [BF01] Public key encryption scheme where public key is an arbitrary string (ID). Examples: user’s e-mail address Is regular PKI good enough? I am “bob@stanford.edu” Private key email encrypted using public key: “bob@stanford.edu” Alice does not access a PKI CA/PKG Authority is offline master-key

Generalizing the Framework Capability Request Private “Capability” Encrypt “Structured” Data CA/PKG Authority is offline master-key

Attributed-Based Encryption(ABE) [SW05] Encrypt Data with descriptive “Attributes” Users Private Keys reflect Decryption Policies master-key CA/PKG Authority is offline Encrypt w/attributes

An Encrypted Filesystem Encrypted Files on Untrusted Server Label files with attributes File 1 “Creator: bsanders” “Computer Science” “Admissions” “Date: 04-11-06” File 2 “Creator: akeen” “History” “Hiring” “Date: 03-20-05”

An Encrypted Filesystem “Creator: bsanders” “Computer Science” “Admissions” “Date: 04-11-06” Authority OR File 2 “Creator: akeen” “History” “Hiring” “Date: 03-20-05” AND “bsmith” “CS” “admissions”

This Talk Threshold ABE & Biometrics More “Advanced” ABE Other Systems

A Warmup: Threshold ABE[SW05] Data labeled with attributes Keys of form “At least k” attributes Application: IBE with Biometric Identities

Biometric Identities Iris Scan Voiceprint Fingerprint

Biometric Identities Stay with human Are unique No registration Certification is natural

Biometric Identities Deviations Environment Difference in sensors Small change in trait Can’t use previous IBE solutions!

Error-tolerance in Identity k attributes must match Example: 5 attributes Public Key master-key CA/PKG Private Key 5 matches

Error-tolerance in Identity k attributes must match Example: 5 attributes Public Key Private Key CA/PKG 3 matches master-key

Secret Sharing Split message M into shares such that need k to reconstruct Choose random k-1 degree polynomial, q, s.t. q(0)=M Need k points to interpolate

First Method Key Pair per Trait Encrypt shares of message Deg. 4 (need 5 traits) polynomial q(x), such that q(0)=M Ciphertext E3(q(3))... 5 Private Key 2 7 8 11 13 16 q(x) at 5 points ) q(0)=M

Collusion Attack Private Key 5 6 7 9 10 8 6 8 9 7 5 10

Our Approach Goals Threshold Collusion Resistance Methods Secret-share private key Bilinear maps

Bilinear Maps G , G1 : finite cyclic groups of prime order p. Def: An admissible bilinear map e: GG  G1 is: Bilinear: e(ga, gb) = e(g,g)ab a,bZ, gG Non-degenerate: g generates G  e(g,g) generates G1 . Efficiently computable.

The SW05 Threshold ABE system Public Parameters e(g,g)y 2 G1, gt1, gt2,.... gtn 2 G Private Key Random degree 4 polynomial q(x) s.t. q(0)=y gq(5)/t5 Bilinear Map e(g,g)rq(5) Ciphertext gr¢ t5 Me(g,g)ry Interpolate in exponent to get e(g,g)rq(0)=e(g,g)ry

Intuition Threshold Need k values of e(g,g)rq(x) Collusion resistance Can’t combine private key components ( shares of q(x), q’(x) ) Reduction Given ga,gb,gc distinguish e(g,g)ab/c from random

Moving Beyond Threshold ABE Threshold ABE not very expressive “Grafting” has limitations Shamir Secret Sharing => k of n Base new ABE off of general secret sharing schemes OR AND “ksmith” “CS” “admin”

Access Trees [Ben86] Secret Sharing for tree-structure of AND + OR Replicate ORs Split ANDs s OR s AND AND OR s-s’’ s’’ Alice Bob Charlie s’ s-s’ s’’ Doug Edith

Key-Policy Attribute-Based Encryption [GPSW06] Encryption similar to Threshold ABE Keys reflect a tree access structure Randomness to prevent collusion! Use Threshold Gates Decrypt iff attributes from CT satisfy key’s policy OR AND “ksmith” “CS” “admin”

Delegation Can delegate any key to a more restrictive policy Subsumes Hierarchical-IBE OR AND “ksmith” Year=2005 “CS” “admin”

A comparison ABE [GPSW06] Arbitrary Attributes Expressive Policy Attributes in Clear Hidden Vector Enc. [BW06] Fields Fixed at Setup Conjunctions & don’t care Hidden Attributes

Ciphertext Policy ABE (opposite) Encrypt Data reflect Decryption Policies Users’ Private Keys are descriptive attributes master-key CA/PKG “Blond”, “Well-dressed”, “Age=21”, “Height=5’2” OR AND “Rhodes Scholar” “25-35” “millionaire”

Multi-Authority ABE [Chase07] Authorities over different domains E.g. DMV and IRS Challenge: Prevent Collusion Across Domains Insight: Use “globally verifiable ID/attribute” to link

Open Problems Ciphertext Policy ABE ABE with “hidden attributes” Policies from Circuits instead of Trees

Generalizing the Framework Capability Request Private “Capability” Encrypt “Structured” Data CA/PKG Authority is offline master-key

Health Records Weight=125 Height = 5’4 Age = 46 Blood Pressure= 125 Partners = … If Weight/Height >30 AND Age > 45 Output Blood Pressure Private “Capability” No analogous PKI solution CA/PKG Authority is offline master-key

THE END

Related Work Secret Sharing Schemes [Shamir79, Benaloh86…] Allow Collusion Building from IBE + Secret Sharing [Smart03, Juels] IBE gives key Compression Not Collusion Resistant

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.