1 / 20

Broadcast Encryption and Traitor Tracing

Broadcast Encryption and Traitor Tracing. 2001. 12. 2001507 Jin Kim. Contents. Introduction Broadcast Encryption Traitor Tracing Traitor Tracing Models Conclusion & Further Work Reference. Broadcast Encryption. Provider transmits encrypted content to a privileged subset of users

snana
Télécharger la présentation

Broadcast Encryption and Traitor Tracing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Broadcast Encryption andTraitor Tracing 2001. 12. 2001507 Jin Kim

  2. Contents • Introduction • Broadcast Encryption • Traitor Tracing • Traitor Tracing Models • Conclusion & Further Work • Reference

  3. Broadcast Encryption • Provider transmits encrypted content to a privileged subset of users • Pay TV, Online DB. • Consider a center and a set of users . • The center wishes to broadcast a message to a privileged set of users. • Goal: • Efficiency of • transmission length • storage at the user’s end • the computation in retrieving the common key.

  4. Broadcast Encryption Center E(content) U1 U2 3U Un I1 I2 I3 In Ui Decrypts E(content) using Ii

  5. The Danger • Some Users leak their keys to pirates • Pirates construct unauthorized decryption devices and sell them at a discount K1 K3 K8 E(Content) Content Pirate Box

  6. Stopping Leakage Two non-exclusive approaches: • Traitor Tracing • Trace and Revoke • Trace users who leak their keys • Revoke those keys - rendering pirated boxes dysfunctional. • Powerful combination! • Self Enforcement Goal: discourage users from leaking keys • Idea: key should contain sensitive information that user doesn’t want to spread. • Should be impossible to use without revealing explicitly • Example: Credit Card Number • Challenge: how to embed the sensitive information in the keys

  7. Revocation Legal Decoder M E’(M) Pirate Decoder M’ (decode incorrectly)

  8. Traitors • Traitorsare legitimate users who aid a pirate by: • Plaintext re-transmission • compromised keys

  9. TraitorTracing Goal of Traitor Tracing Schemes: • Find source of keys of illegal decryption devices • If at most ttraitors - should identify (one of) them • No honest user should be implicated K1 K3 K8 Tracer Pirate Box K3

  10. Traitor Tracing • Fighting Piracy • Identify piracy • Prevent transmitting information to pirate users • Identify the source of such piracy • Finding Traitors • Consideration • Memory and Computation requirements • Per authorized user • For the data supplier • Data redundancy overhead

  11. Tracing Schemes • Some Models of previous schemes: • Static • Asymmetric • Dynamic • Sequential • Alternative • If group members can share exactly the same data, the problem of determining guilt or innocent is unsolvable • To find a traitor, Give a slightly different secret to the shares

  12. Chor-Fiat-Naor Scheme • Traitor tracing message : (enabling block, cipher block) • Cipher block : symmetric encryption of the actual data • Enabling block : user’s key set and enabling block can generate decryption key Enabling block Cipher block Personal key broadcast User 1 decrypt Original block decrypt Personal key User n decrypt

  13. Some Schemes • Boneh and Franklin • Fixed key-length of private key • Length of enabling block depends on the # of revocation capability • W. Tzeng and Z. Tzeng • Enlarged the # of revocation capability to the degree of Shamir polynomail • Kim, Lee, and Lim • Enlarged the # of revocation capability to the infinity

  14. Comparison : Some schemes

  15. Comparison : Threshold schemes

  16. Proposed Schems • Based on Lee, Kim and Lim’s Scheme • Difference : • Enabling Block : by reducing random number r • change from <shdxM, A1trxM, A2trxM, t-rxMd, tr, d> to <shdxM, A1txM, A2 txM, t-xMd, d>

  17. Advances in the proposed scheme • Proposed scheme is more useful. • Because of Provider can more short enabling block. • Efficiency of storage at the user’s end • With no change of semantic security

  18. Conclusion • Introducing broadcast encryption and their issue – traitor tracing. • Dividing enabling block & retrieving block is more efficient than all in one scheme. • Proposed method is decreasing the number of each user’s enabling block. • Further Works • Research about • Efficiency of proposed scheme • New (Updated) Traitor Tracing Schemes • Key Management • New (Updated) Broadcast Encryption Scheme • And Provably Secure Broadcast Encryption Scheme • Study on other problems of Broadcast Scheme

  19. References • S. Berkovits. How to Broadcast a Secret. Advances in Cryptology - Eurocrypt ’91, Lecture Notes in Computer Science 547 (1992), pp. 536-541. • A. Fiat and M. Naor. Broadcast Encryption. Advances in Cryptology - Crypto ’93, Lecture Notes in Computer Science 773, (1994), pp. 480–491. • M. Just, E. Kranakis, D. Krizanc ans P. van Oorschot. On Key Distribution via True Broadcasting. In Proceedings of 2nd ACM Conference on Computer and Communications Security, November 1994, pp. 81–88. • B. Chor, A. Fiat and M.Naor. Tracing traitors. Advances in Cryptology - Crypto ’94, Lecture Notes in Computer Science 839, (1994), pp. 257–270. • D. Boneh and M Franklin. An Efficient Public Key Traitor Tracing Scheme. Advances in Cryptology - Crypto ’99, Lecture Notes in Computer Science , (1994), pp. 338–353. • D.H. Lee, H.J. Kim and J.I. Lim. Efficient Public-Key Traitor Tracing in Provably Secure Broadcast Encryption with Unlimited Revocation Capability, WISC 2001, WISC 2001 Proceeding, (2001), pp. 31–42

  20. Thank you for listening.Any Questions?

More Related