110 likes | 345 Vues
Persona: An Online Social Network with User-Defined Privacy. Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, Daniel Starin. Contents . Problem Goals Glossary Group Key Management Applications. Problem. Service Provider cannot be completely trusted
E N D
Persona: An Online Social Network with User-Defined Privacy Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, Daniel Starin
Contents • Problem • Goals • Glossary • Group Key Management • Applications
Problem • Service Provider cannot be completely trusted • The AC mechanism provided by SP is not enough • Traditional PKI methods needs many copies • Users prefer decentralized ways
Goals • Encrypt by group without many copies • Precise Group control mechanism • Groups created by one user should be available for use, both in enc/dec by friends. • Decentralized structure • Can be added onto existing applications
Glossary • APK: ABE public key • AMSK: ABE master secret key • ASK: ABE secret key • Access structure: a logical expression over attributes • TPK: Traditional public key • TSK: Traditional secret key (private key) • SS: storage service
Group Key Management • Data is encrypted with APK, any user could retrieve the data, but can decrypt it only if he’s a member of the group. • Each Persona user is identified by a single TPK, and stores their encrypted data in storage service. Users exchange TPK and SS locations out of band.
Primitives • DefineRelationship: add individuals to a group DefineRelationship(u1; attrs; u2) u1: A = ABEKeyGen(u1.AMSK , attrs) u1: C = TEncrypt(u2.TPK, A) u1: u1.SS.put(H(u2.TPK), C) u2: u1.SS.get(H(u2.TPK))
Primitives • DefineTransitiveRelationship : allows a user Alice to define groups based on a group defined by another user, Bob. DefineTransitiveRelationship(u1, Bob.APK, AS, attrs) u1: A = ABEKeyGen(u1.APK, attrs) u1: C = ABEEncrypt(APK, A, AS) u1: u1.SS.put(H(AS, APK), C)
Primitives • AssignRightsToIdentity(u1, rights, TPK, resource r, owner o) u1: o.chACL(r, TPK, rights)
Primitives • AssignRightsToGroup AssignRightsToGroup(u1, rights, AS, r, o) u1: (TPK;TSK) = TKeyGen() u1: C = ABEEncrypt(u1.APK, (TPK;TSK), AS) u1: u1.SS.put(H(AS, APK), C) u1: AssignRightsToIdentity(u1, rights, TPK, r, o)
Application • Private user data is encrypted with a symmetric key, the symmetric key is encrypted with an ABE key of a group.