Presentation is loading. Please wait.

Presentation is loading. Please wait.

Marco Casassa Mont Keith Harrison Martin Sadler

Published byYanti Dharmawijaya Modified over 5 years ago

Similar presentations

Presentation on theme: "Marco Casassa Mont Keith Harrison Martin Sadler"— Presentation transcript:

1 The HP Time Vault Service: Exploiting IBE for Timed Release of Confidential Information
Marco Casassa Mont Keith Harrison Martin Sadler Trusted Systems Laboratory Hewlett-Packard Labs, Bristol, UK WWW 2003, May 2003 Budapest, Hungary

2 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Presentation Outline Addressed Problem: Timed Release of Confidential Data Scenarios Requirements Related Work Our IBE-based Approach Discussion Conclusions 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

3 Problem: Timed Release of Confidential Data [1]
How to Protect Confidential Information Until a Predefined Disclosure Time and Deal With its Subsequent Disclosure? 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

4 Problem: Timed Release of Confidential Data [2]
It is a Common Real-life Problem: Enterprise and Business Environment: confidential data can be disclosed to employee and stakeholders only at well defined point on time B2B and E-Commerce: blind auctions, marketplaces, etc. The involved parties are prevented from accessing sensitive information for a predefined period of time Ordinary Life: political elections, students’ exam results, etc. 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

5 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Scenarios [1] Generation of Confidential Data + Disclosure Time time Starting to Protect Disclosure & Distribution Confidential Data 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

6 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Scenarios [2] Generation of Confidential Data + Disclosure Time time Distribution Disclosure Starting to Protect Confidential Data 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

7 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Requirements Solutions Dealing With This Problem Should: Strongly Enforce Disclosure Constraints to Preserve Confidentiality Avoid Bottlenecks Be Simple Be Provided by Accountable Organisations 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

8 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [1] Time-Lock Puzzles: Based on Computational Complexity Intensive Usage of Computational Resources Interesting Approach, but Unpractical 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

9 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [2] Timed Release Cryptography [Approach 1]: Uses Trusted Agents (i.e. Trusted Third Parties) Confidential Data Encrypted and Stored Locally Until its Disclosure Time Costs in Terms of Resources Escrow Problem Trusted Agent 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

10 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [3] Timed Release Cryptography [Approach 2]: Uses Trusted Agents No Local Storage of Confidential Data Publication of “Decryption” Secret at the Disclosure Time Users Must Interact with the Trust Agent for Data Encryption Trusted Agent 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

11 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Related Work [4] Alternative Solutions Based on: Encryption of Data based on Traditional (RSA) Cryptography Access Control Hybrid Models 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

12 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Our Approach Based on: “Timed Release” Principles Identifier-based Encryption (IBE) 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

13 What is Identifier-based Encryption (IBE)?
It is an Emerging Cryptography Technology Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength of RSA Different Approaches: Quadratic Residuosity, Weil Pairing, Tate Pairing … 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

14 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
IBE Core Properties 1st Property: Any Kind of “String” (or Sequence of Bytes) Can Be Used as an IBE Encryption Key: for example a Role, Terms and Conditions, an Address, a Picture, a Disclosure Time 2nd Property: The Generation of IBE Decryption Keys Can Be Postponed in Time, even Long Time After the Generation of the Correspondent IBE Encryption Key 3rd Property: Reliance on at Least a Trust Authority (Trusted Third Party) for the Generation of IBE Decryption Key 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

15 IBE Three-Player Model
Alice Trust Authority Bob 4. Alice Sends the encrypted Message to Bob, along with the Encryption Key 4 2. Alice knows the Trust Authority's published value of Public Detail N It is well known or available from reliable source 2 3. Alice chooses an appropriate Encryption Key. She encrypts the message: Encrypted message = {E(msg, N, encryption key)} 3 5. Bob requests the Decryption Key associated to the Encryption Key to the relevant Trust Authority. 5 6. The Trust Authority issues an IBE Decryption Key corresponding to the supplied Encryption Key only if it is happy with Bob’s entitlement to the Decryption Key. It needs the Secret to perform the computation. 6 1. Trust Authority - Generates and protects a Secret - Publishes a Public Detail N 1 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

16 Leveraging IBE for Timed Release of Confidential Information
Using “Disclosure Times” as IBE Encryption Keys, for example “GMT ” IBE Decryption Keys are Generated by the Trust Authority only at the Disclosure Time. No need to Store or Secure Them. The Trust Authority Continuously Generates and Publishes IBE Decryption Keys corresponding to the Current Time, with a Predefined Frequency 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

17 The HP Time Vault Service: Model
The owner of confidential information encrypts it with an IBE encryption key – i.e. disclosure time of the document, for example “GMT ”, and then distributes it (No Interactions Required with the Time Vault Service!) The receiver(s) has to wait until the right time has come before the IBE decryption key is made available by the Time Vault Service Here the owner of confidential information uses a predictable encryption key knowing that the corresponding decryption key will only be available after a specific time The Time Vault Service continuously generates and Publish IBE Decryption Keys, related to the current time, with a predefined frequency Time=“GMT ” Decryption Key = sdfsdfsdf32 Time Vault Service 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

18 The HP Time Vault Service: Architecture
IBE Encryption Module Crypto Libraries Decryption GUI Client Application/ Plug-in Distribution Service (on the Internet/Intranet) WS APPS DB Publishing <Date Time, IBE Decryption Key> secret IBE decryption key Generator Trusted Time Server (Trusted Authority) PD Clock IBE Crypto Libraries 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

19 The HP Time Vault Service: Prototype [1]
Any Type Of File (.NET) Application Web Server (IIS) (.NET) Web Service (.NET) Application date time (Encryption Key) PC Clock secret GUI IBE Encryption Module IBE Decryption Module IBE decryption key generator IBE Decryption key <Date Time, Decryption Key> IBE Crypto Libraries ASP scripts IBE Crypto Libraries PD .TLF file (encrypted data + metadata) Pub. Key Dec. Key SQL Server Client Application/ Plug-in Distribution Service Time Server 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

20 Comparison with a Solution based on Traditional Cryptography [1]
A Similar Service Can Be Build, Based on Traditional Public Key (RSA) Cryptography: A Public key is Associated to the Time Server Users Encrypt Confidential Information with a Symmetric Key and Envelopes it along with the Time-based Disclosure Policies (via the Time Server’s Public key) On request, the Time Server Interprets the Disclosure Polices: if satisfied issues the Symmetric key to the Requestor 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

21 Comparison with a Solution based on Traditional Cryptography [2]
Time Vault Service: Traditional RSA-based Approach 1. Define disclosure date (string) 2. Generate Symmetric Key Sk 3. Encrypt Document with Sk 4. Encrypt Sk with Time Server’s Public Key 5. Cluster the encrypted document with the above metadata: got an extended document 8. Interpret Metadata: decide if disclosure time has come. If it has, decrypt the encrypted symmetric key Sk Public Key Private Key Sender Access Points Time Server 7. Send metadata to Time Server (through its Access Point) 6. Distribute your extended document 9. Return symmetric key or an Error 10. Decrypt or wait … Receiver(s) 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

22 Comparison with a Solution based on Traditional Cryptography [3]
Time Vault Service: IBE-based Approach *. (repeated) The Time Server continuously generates and publishes IBE decryption keys associated to the current time (IBE encryption key) 1. Generate Symmetric Key Sk 2. Encrypt Document with Sk 3. Encrypt Sk with disclosure date i.e. IBE encryption key 4. Bundle the encrypted document with the above metadata: get an extended document Distribution Service Public Detail Sender Secret 6. Ask for IBE decryption key associated to IBE encryption key (stored in document’s metadata) Time Server 5. Distribute the extended document 7. Return decryption key or an Error 8. Decrypt or wait … Receiver(s) 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

23 Comparison with a Solution based on Traditional Cryptography [2]
Our IBE-based approach: Is Simpler To Run and More Modular Potentially Simpler to Secure More Efficient: The Time Server Has Not to Interpret any Disclosure Policies during User Interactions 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

24 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Conclusions We addressed the Problem of Timed-release of Confidential Information Current Solutions based on Timed-Release Cryptography Require Interactions with a Trusted Agent at the Encryption Time Solutions based on Traditional Cryptography Introduce Complexity at the Time Server Side, during the Decryption Time We described our IBE-based Solution: Simpler, more Modular and Efficient The Feasibility of Our Approach demonstrated by a Working Prototype 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

25 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
Backup Slides RSA and IBE Cryptography Models 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

26 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
RSA Model Secrets p&q Compute d&e Keep d secret Compute N = p*q encrypt decrypt N and d e and N published Encrypted Msg Msg 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

27 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
IBE Model [1] Public details E D Encrypt Decrypt Secrets s Compute public Compute Key pairs Encrypted Msg Msg 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

28 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK
IBE Model [2] Public details Encrypt Decrypt Secrets s Compute public Generate Decryption Key Encrypted Msg Choose e Get decrypt Key,e Msg 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

29 The HP Time Vault Service: Prototype [2]
date time (Encryption Key) IBE Decryption key <Date Time, Decryption Key> Client Application/ Plug-in Distribution Service Time Server 20/04/2019 ﴀTrusted Systems Laboratory – Hewlett-Packard Labs, Bristol - UK

30

Download ppt "Marco Casassa Mont Keith Harrison Martin Sadler"

Similar presentations

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
A Survey on Secure Cloud Data Storage ZENG, Xi 1010105140 CAI, Peng 1010121750.

A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
COEN 351 E-Commerce Security Essentials of Cryptography.

COEN 351 E-Commerce Security Essentials of Cryptography.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
Software Security Seminar - 1 Chapter 5. Advanced Protocols 2002. 7. 24. 조미성 Applied Cryptography.

Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.

Similar presentations

Ads by Google