1 / 31

CMPE 252A : Computer Networks

CMPE 252A : Computer Networks. Chen Qian UCSC Baskin Engineering Lecture 18. Some slides from Brent Waters and Saiyu Qi. Scalable Data Access Control in RFID-Enabled Supply Chain. Saiyu Qi 1,2 , Yuanqing Zheng 2 , Mo Li 2 , Yunhao Liu 3 , Jinli Qiu 4. HKUST 1

sroberta
Télécharger la présentation

CMPE 252A : Computer Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CMPE 252A : Computer Networks Chen Qian UCSC Baskin Engineering Lecture 18 Some slides from Brent Waters and Saiyu Qi

  2. Scalable Data Access Control in RFID-EnabledSupply Chain Saiyu Qi1,2, Yuanqing Zheng2, Mo Li2, Yunhao Liu3 , Jinli Qiu4 HKUST1 Nanyang Technological University2 Tsinghua University3 Xi’an Jiaotong University4

  3. Introduction of RFID technique Basic components of RFID: • RFID Tag: • low cost • limited storage ability • support wireless communication • RFID Reader: • moderate-ability • retrieve tag carried data via wireless channel • Database: • Connect with reader • store detailed tag data • tag identification/authentication The global forecast of RFID hardware, middleware and IT market --------Source from DolceraWiki

  4. RFID-enabled supply chain 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 shared among supply chain participants

  5. Motivation • The product data derived by RFID tags is usually sensitive • An instance: pedigree of drugs • created for each tagged drug in a pharmaceutical supply chain • be useful to verify if a drug is fake • often contains counterfeit certificate , time of delivery and manufactures suffer malicious accesses by drug counterfeiters and competitive manufacturers

  6. The goal of this paper • Secure sharing of RFID-derived product data • A scalable data access control system for RFID-Enabled Supply Chain • an item-level data access control mechanism • an item-level privilege revocation mechanism • Advantages: • data access control in item-level • scalable to large amount of tagged products

  7. System model product data is sensitive and may be compromised A participant only needs to contact the provider to retrieve the data of others idxi, <Enc(wit, Ki)>sig We aim to provide item-level access policy for product data defined by participants

  8. Item-level data access control: a strawman method Not scalable to support large-scale tagged products Some participants are unknown in advance

  9. Item-level data access control: our idea Consider a tagged product flowing through the supply chain… • Submit policy enforced encryption: • encryption associated with an access policy • Policy definition: • two types of attributes: role attribute (etc, USA, Retailer) and tag attribute (used as tag ID) • logical expression over role attributesAND tag attribute • e.g., (‘retailer’ AND (‘USA’ OR ‘France’)AND‘TagAtt’)

  10. Item-level data access control: our idea • Decryption condition of policy enforced encryption: • a credential with satisfiable role attributes and a credential with the tag attribute • Distributed credential management: • role attributes /credentials ------a key authority • tag attributes/credentials------corresponding tags (only participants within the supply chain can acquire!) • A participant can acquire: • one credential with a set of role attributes to describe itself from the key authority • credentials of tag attributes from tags

  11. Item-level data access control: an example role attributes published by key authority tag attribute from tag credential issuing of role attributes within the supply chain but unsatisfiable role attributes outside the supply chain Location: USA Location: France Location: USA Obligation: retailer Obligation: producer Obligation: retailer TagAtt TagAtt

  12. Item-level data access control: advantage • Advantages: • define an access policy with role attributes (acquired from the key authority) and tag attributes (acquired from tags)---do not need knowing other participants in advance • participants acquire credentials from key authority and tags --- item-level key issuing is avoided

  13. Item-level data access control:implementation • Policy enforced encryption: • Double encryption pattern: Ciphertext Policy-Attribute Based Encryption (CP-ABE) [Bethencourt, et al., SP '07] and Updatable Encryption (UE) scheme Symmetric encrypt the ABE encryption ABE encrypt the data Precisely enforce our desired policy: ABE to enforce role attribute part Updatable encryption to enforce tag attribute part Product data Policy enforced encryption ABE encryption • Two types of credentials: • Credentials with role attributes: ABE private keys • Credentials with tag attributes: UE private keys

  14. Ciphertext-Policy,Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA

  15. Remote File Storage:Interesting Challenges • Scalability • Reliability • … But we also want security

  16. Remote File Storage:Server Mediated Access Control • Good: • Flexible access policies • Bad: • Data vulnerable to compromise • Must trust security of server Sarah: IT department, backup manager ? Access control list: Kevin, Dave, and anyone in IT department

  17. Remote File Storage:Encrypting the Files • More secure, but loss of flexibility • New key for each file: • Must be online to distribute keys • Many files with same key: • Fine grained access control not possible

  18. Remote File Storage:We Want It All • Wishlist: • Encrypted files for untrusted storage • Setting up keys is offline • No online, trusted party mediating access to files or keys • Highly expressive, fine grained access policies • Ciphertext-policy attribute-based encryption does this! • User private keys given list of “attributes” • Files can encrypted under “policy” over those attributes • Can only decrypt if attributes satisfy policy

  19. OR AND IT dept. manager marketing Remove File Storage:Access Control via CP-ABE MSK   PK      SKSarah: “manager” “IT dept.” SKKevin: “manager” “sales”

  20. Important potential attack Users should not be able to combine keys Essential, almost defining property of ABE Main technical trick of our scheme: preventing collusion AND A B Collusion Attacks:The Key Threat ? SKSarah: “A”, “C” SKKevin: “B”, “D”

  21. Collusion attacks rule out some trivial schemes … AND A B Collusion Attacks: A Misguided Approach to CP-ABE PKA PKB PKC PKD SKA SKB SKC SKD M = M1 + M2 SKSarah: “A”, “C” SKKevin: “B”, “D” C = (EA(M1), EB(M2)) CP-ABE has special design to be resilient to this attack

  22. Item-level data access control:CP-ABE ABE master key ABE private key: {USA, retailer} ABE private key: {France, manufacturer} USA Logic expression over role attributes ENC(M, ‘USA’ OR ‘CHINA’)

  23. Item-level data access control:CP-ABE alone is ill-suited ABE master key ABE private key: {USA, retailer} ABE private key: {France, manufacturer} ABE private key: {TagAtt} ABE private key: {TagAtt} Collusion resistance: Prevent joint usage of multiple private keys for decryption Single point of failure: All participants within the supply chain must trust the key authority

  24. Item-level data access control:Updatable Encryption • Updatable Encryption (UE): • use UE-private key to further encrypt • Generate UE private keys by themselves as tag attribute credentials • Must within the supply chain can acquire the keys to decrypt encrypt with the UE-private key Policy enforced encryption ABE encryption

  25. Item-level data access control:Updatable Encryption • Updatable Encryption (UE): • (UE) re-key to transform an encryption under one UE-private keyto an encryption under another UE-private key without decryption Proxy re-encryption [Blaze , et al., EUROCRYPT, 1998]: • long private key (1024 bits) • not specific for supply chain setting Updatable encryption: • short private key (486 bits) to store in commercial tags (512 bits) • two security models for revoked participants and service provider • provable security under the two models

  26. Item-level privilege revocation: basic tasks • Upstream participants cannot access the data of downstream ones • Downstream participants still can access the data of upstream ones

  27. Item-level privilege revocation: complete the second task • A strawman method: add a tag credential each revocation old tag credential old encryption high tag storage overhead new tag credential new encryption • Our solution: re-encrypt old encryption with re-key re-key service provider old encryption only need to store the newest tag credential new tag credential new encryption

  28. Evaluation: environment • PC configuration:16-core AMD Opteron Processor 6320 and 16GB RAM running on Ubuntu 13.10 OS • Two platforms: • Single PC • Cluster of three PCs with hadoop • Product data is randomly generated following normal distribution

  29. Evaluation: data submission, data retrieval, and updating All the three operations for 10000 tagged products can be completed within 1 hour

  30. Summary • Policy enforced encryption with role attributes and tag attribute • Preclude participants outside supply chain and with unsatisfiable characters • separately manage credentials of role attributes and tag attributes • Enforce item-level access control without item-level key issuing • Enable servicer provider to transform old encryptions to new encryptions by re-key without decryption • Tag only needs to store the newest tag credential

  31. End

More Related