Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

Slides:

Advertisements

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Advertisements

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control

Functional Encryption & Property Preserving Encryption

Attribute-based Encryption

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Encryption Public-Key, Identity-Based, Attribute-Based.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

Access Control & Digital Rights Management KAIST KSE Uichin Lee.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Chapter 5 Cryptography Protecting principals communication in systems.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

Lesson 18: Configuring Application Restriction Policies

Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.

Cryptographic Approach for Delegation and Authorization in Cloud Computing Di Ma NSF Workshop on Security for Cloud Computing Mar. 15 ~ Mar. 16, 2012 Arlington,

Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.

Privacy Preserving Query Processing in Cloud Computing Wen Jie

Functional Encryption: An Introduction and Survey Brent Waters.

Access Control & Digital Rights Management

Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.

Functional Encryption: Beyond Public Key Cryptography

A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

An Ad Hoc Group Signature Scheme for Accountable and Anonymous Access to Outsourced Data Chuang Wang a,b and Wensheng Zhang a a Department of Computer.

1 Attribute-Based Encryption Brent Waters SRI International.

1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.

Identity-Based Secure Distributed Data Storage Schemes.

Attribute-Based Encryption with Non-Monotonic Access Structures

Threshold PKC Shafi Goldwasser and Ran Canetti. Public Key Encryption [DH] A PKC consists of 3 PPT algorithms (G,E,D) - G(1 k ) outputs public key e,

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.

1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.

Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Attribute-Based Encryption

Attribute-Based Encryption With Verifiable Outsourced Decryption.

Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.

1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.

2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic Regular Seminar Tae Hoon Kim.

Hierarchical Key Applications for Assured Destruction of Deleted Material.

Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology,

SAT: Situation Aware Trust Architecture for Vehicular Networks Xiaoyan Hong, Univ of Alabama Dijiang Huang, Arizona State Univ Mario Gerla, UCLA Zhen Cao,

Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.

Privacy Preserving Cloud Data Access With Multi-Authorities Taeho Jung 1, Xiang-Yang Li 1, Zhiguo Wan 2, Meng Wan 3 Illinois Institute of Technology, Chicago.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

SMARTIE Area of Activity: Framework Programme 7Framework Programme 7 ICT Objective 1.4 IoT (Smart Cities) Period:1 st September st August 2016.

Shucheng Yu, Cong Wang, Kui Ren,

ETSI STF 529 on Attribute Based Encryption for IoT, Cloud, mobile

** Ecole nationale Supérieure d’Informatique (Alger).

2 Cloud Computing Transforms the way IT is consumed and managed, bringing costs down Service delivery (NIST 2011) SaaS (Software) PaaS (Platform) IaaS.

Attribute-Based Encryption

Fuzzy Identity Based Encryption

CMPE 252A : Computer Networks

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data An, Sanghong KAIST

Functional Encryption: An Introduction and Survey

Attribute-Based Encryption

Verifiable Attribute Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud They really need a shorter title.

Presentation transcript:

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA

2 What is Ciphertext-Policy Attribute- Based Encryption (CP-ABE)?  Type of identity-based encryption One public key Master private key used to make more restricted private keys  But very expressive rules for which private keys can decrypt which ciphertexts Private keys have “attributes” or labels Ciphertexts have decryption policies

3 Remote File Storage: Interesting Challenges  Scalability  Reliability  … But we also want security

4  Good: Flexible access policies  Bad: Data vulnerable to compromise Must trust security of server Remote File Storage: Server Mediated Access Control Access control list: Kevin, Dave, and anyone in IT department Sarah: IT department, backup manager ?

5  More secure, but loss of flexibility  New key for each file: Must be online to distribute keys  Many files with same key: Fine grained access control not possible Remote File Storage: Encrypting the Files

6 Remote File Storage: We Want It All  Wishlist: Encrypted files for untrusted storage Setting up keys is offline No online, trusted party mediating access to files or keys Highly expressive, fine grained access policies  Ciphertext-policy attribute-based encryption does this! User private keys given list of “attributes” Files can encrypted under “policy” over those attributes Can only decrypt if attributes satisfy policy

7 Remove File Storage: Access Control via CP-ABE PK MSK SK Sarah : “manager” “IT dept.” SK Kevin : “manager” “sales” OR IT dept. AND managermarketing    

8 Collusion Attacks: The Key Threat  Important potential attack  Users should not be able to combine keys  Essential, almost defining property of ABE  Main technical trick of our scheme: preventing collusion SK Sarah : “A”, “C” SK Kevin : “B”, “D” AND AB ?

9 Collusion Attacks: A Misguided Approach to CP-ABE  Collusion attacks rule out some trivial schemes … SK Sarah : “A”, “C” SK Kevin : “B”, “D” AND AB PK A SK B PK B SK A = M 1 + M 2 C = (E A (M 1 ), E B (M 2 )) M SK C PK C SK D PK D

10 Highlights From Our Scheme: Background

11 Highlights From Our Scheme: Public Key and Master Private Key

12 Highlights From Our Scheme: Private Key Generation  “Binds” key components to each other  Makes components from different keys incompatible  Key to preventing collusion attacks

13 Highlights From Our Scheme: Policy Features  Leaf nodes: Test for presence of string attribute in key Also numerical attributes and comparisons  Internal nodes: AND gates OR gates Also k of n threshold gates OR IT dept. manager marketing hire date < of 3 OR AND sales exec. level >= 5

14 Highlights From Our Scheme: Encryption and Decryption  Encryption: Use general secret sharing techniques to model policy One ciphertext component per leaf node  Decryption: Uses LaGrange interpolation “in the exponents” OR IT dept. manager marketing hire date < of 3 OR AND sales exec. level >= 5

15 Highlights From Our Scheme: Security  Proven secure, including collusion resistance Assumes random oracle model Assumes generic group model  Generic group model “Black box” heuristic similar to random oracle model Good future work: scheme without this assumption

16 Implementation: The cp-abe Toolkit $ cpabe-setup $ cpabe-keygen -o sarah_priv_key pub_key master_key \ sysadmin it_dept 'office = 1431' 'hire_date = 2002' $ cpabe-enc pub_key security_report.pdf (sysadmin and (hire_date < 2005 or security_team)) or 2 of (executive_level >= 5, audit_group, strategy_team))

17 Implementation: Performance  Benchmarked on 64-bit AMD 3.7 GHz workstation  Essentially no overhead beyond group operations in PBC library OperationApproximate Time Private key gen.35 ms per attribute Encryption27 ms per leaf node Decryption0.5–0.8 ms per leaf node

18 Implementation: Availability  Available as GPL source at Advanced Crypto Software Collection (ACSC) New project to bring very recent crypto to systems researchers Bridge the gap between theory and practice Total of 8 advanced crypto projects currently available

19 Attribute Based Encryption: Related Work Collusion resistant Policies w/ infinite attr. space Policies w/ fixed attr. space AttributesPolicy [1,2]YesSingle thresh. gate Single thresh. gate In ciphertextIn key [3]YesMonotone formulas All boolean formulas In ciphertextIn key ThisYesMonotone formulas All boolean formulas In keyIn ciphertext [4]*NoNoneAll boolean formulas In keyIn ciphertext * Has additional policy hiding property, but needs online, semi-trusted server to perform encryption

20 Attribute Based Encryption: Related Work [1] Sahai, Waters. Eurocrypt [2] Pirretti, Traynor, McDaniel, Waters. CCS 06. [3] Goyal, Pandey, Sahai, Waters. CCS 06. [4] Kapadia, Tsang, Smith. NDSS 07.

21 Thanks for Listening!  