Presentation is loading. Please wait.

Presentation is loading. Please wait.

** Ecole nationale Supérieure d’Informatique (Alger).

Published byJean-Jacques Pelletier Modified over 6 years ago

Similar presentations

Presentation on theme: "** Ecole nationale Supérieure d’Informatique (Alger)."— Presentation transcript:

1 ** Ecole nationale Supérieure d’Informatique (Alger).
Contrôle d’accès basé sur la « Preuve de Coexistence d’objets » pour l’IoT Lyes Touati *, Hamed Hellaoui ** and Yacine Challal ** * Sorbonne universités, Université de technologie de Compiègne, CNRS, Heudiasyc. ** Ecole nationale Supérieure d’Informatique (Alger). Journées Non Thématiques ResCom Inria Sophia Antipolis, France 12/01/2017 ANR-11-IDEX

2 Ciphertext-Policy Attribute-Based Encryption (CP-ABE)
Plan Introduction State of the art Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Threshold grouping proofs based Access Control for IoT Conclusion

3 Introduction Grouping proofs:
It is a concept that aims to provide a proof that a group of entities are simultaneously present at the same zone. Threshold grouping proofs: It is a generalization of the grouping proofs concept by allowing to precise a number threshold of entities.

4 Introduction Examples of grouping proofs concept applications
It could be used in order to enhance the access control: Access to buildings. NFC Payment. Secure Location Access k-out-of-N objects must be present.

5 State of the art State of the art Concept of grouping proofs is introduced in [J. Saito, et al. 2005] by using a timestamps. Simultaneity is compromised. In [Leonid Bolotnyy, et. al. 2007], a construction of a circular chain while polling tags is proposed. Scalability issues => (Simultaneity compromised) In [Fuentes et al. 2015], The set of devices is divided into several subsets. Each subset is polled in unpredictable manner (many rounds). High execution time

6 Background Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme [J. Bethencourt et. al. 2007] Asymmetric encryption mechanism. Powerful tool to implement access control. Fine-grained access control. Private keys are constructed on a set of attributes. Ciphertexts are encrypted under access policies. Attribute Authority is a responsible for defining system settings and generating private keys.

7 Background Background Ciphertext-Policy Attribute-Based Encryption (Operation) OR Director AND Doctor Cardiology MSK PK Attribute Authority Alice SKSarah: “Doctor” “Director” SKKevin: “Doctor” “Neurology” Sarah Kevin

8 CP-ABE based Threshold Grouping proofs:
Threshold grouping proof based Access Control for IoT CP-ABE based Threshold Grouping proofs: Network Model Entities: We consider a group of N entities. Proxy: It is responsible of relating the group of entities in order to construct the proof. It is semi-trusted: trusted for the entities, and (might be) malicious for the verifier. Verifier: It is responsible for generating the challenge and verifying the proof. Attributes Authority: It is responsible for configuring the system by creating Public and Master keys.

9 CP-ABE based Threshold Grouping proofs:
Threshold grouping proof based Access Control for IoT CP-ABE based Threshold Grouping proofs: Overview We use CP-ABE in order to provide grouping proofs in IoT We split the private key into many elements shared by entities. A verifier will encrypt a random message which is the challenge The group of entities will try to decrypt the message using the part of the secret key. Decrypting the message is a proof of the co-existance of the entities.

10 CP-ABE based Threshold Grouping proofs:
Threshold grouping proof based Access Control for IoT CP-ABE based Threshold Grouping proofs: Construction > System Configuration Let consider a group of N entities GE = {E1, E2, …, EN}. Running key generation primitive to generate SK associated to S = {attribute_1, …, attribute_N}. 𝑆𝐾=(𝐷= 𝑔 (𝛼+𝑟)/𝛽 , ∀ 𝑗 ∈𝑆: 𝐷 𝑗 = 𝑔 𝑟 . 𝐻(𝑗) 𝑟 𝑗 ; 𝐷 ′ 𝑗 = 𝑔 𝑟 𝑗 ) The element 𝐷 is sent to the proxy. Each couple ( 𝐷 𝑗 , 𝐷′ 𝑗 ) is given to the corresponding entity Ej of the group holding the attribute_j.

11 CP-ABE based Threshold Grouping proofs:
Threshold grouping proof based Access Control for IoT CP-ABE based Threshold Grouping proofs: Construction > Challenge/Response γ=(𝑘−𝑜𝑢𝑡−𝑜𝑓−𝑁 ( 𝑎𝑡𝑡𝑟𝑖𝑏𝑢𝑡𝑒_1; 𝑎𝑡𝑡𝑟𝑖𝑏𝑢𝑡𝑒_2;…; 𝑎𝑡𝑡𝑟𝑖𝑏𝑢𝑡𝑒_𝑁)).

12 CP-ABE based Threshold Grouping proofs:
Threshold grouping proof based Access Control for IoT CP-ABE based Threshold Grouping proofs: Construction > Group dynamics Adding an entity: Construct a couple (D (N+1), D’ (N+1)) for the new entity (Attribute Authority, Entity_N+1). Add the new attribute in the access policy (Verifier).

13 CP-ABE based Threshold Grouping proof:
Threshold grouping proof based Access Control for IoT CP-ABE based Threshold Grouping proof: Construction > Group dynamics Removing an entity: Remove the corresponding attribute from the access policy (Verifier).

14 Threshold grouping proof based Access Control for IoT
Advantages Ability to variate the threshold k and therefore the level of security. Ability to variate the importance of the entities (Number of attributes associated). Ability to easily update (add and/or remove) one or more entities from the group

15 Performance analysis (1/2)
Threshold grouping proof based Access Control for IoT Performance analysis (1/2) Number of operations executed n: number of entities in the group k: threshold

16 Performance analysis (2/2) Settings: PBC library (Configuration: “f”).
Threshold grouping proof based Access Control for IoT Performance analysis (2/2) Settings: PBC library (Configuration: “f”). Required Storage Capacity Ni: number of entities in the group i. Ng: number of the groups.

17 Grouping-proofs is a robust access control technique for IoT.
Conclusion Conclusion Grouping-proofs is a robust access control technique for IoT. We have introduced a threshold grouping proofs scheme based on CP-ABE. Our scheme supports dynamic groups of entities with variable weight and adaptive level of security (threshold k).

18 Thanks ! Questions ?

Download ppt "** Ecole nationale Supérieure d’Informatique (Alger)."

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.

UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Building Better Signcryption Schemes with Tag-KEMs Tor E. Bjørstad and Alexander W. Dent University of Bergen, Norway Royal Holloway, University of London,

Building Better Signcryption Schemes with Tag-KEMs Tor E. Bjørstad and Alexander W. Dent University of Bergen, Norway Royal Holloway, University of London,
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Functional Encryption: An Introduction and Survey Brent Waters.

Functional Encryption: An Introduction and Survey Brent Waters.
SAT: Situation Aware Trust Architecture for Vehicular Networks Xiaoyan Hong, Univ of Alabama Dijiang Huang, Arizona State Univ Mario Gerla, UCLA Zhen Cao,

SAT: Situation Aware Trust Architecture for Vehicular Networks Xiaoyan Hong, Univ of Alabama Dijiang Huang, Arizona State Univ Mario Gerla, UCLA Zhen Cao,
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Similar presentations

Ads by Google