1 / 19

Advanced Information Security April 6, 2010 Presenter: Semin Kim

Improving Privacy and Security in Multi-Authority Attribute-Based Encryption. Advanced Information Security April 6, 2010 Presenter: Semin Kim. Overview. History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions. Overview.

tadhg
Télécharger la présentation

Advanced Information Security April 6, 2010 Presenter: Semin Kim

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Improving Privacy and Security in Multi-Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim

  2. Overview • History of Attribute-Based Encryption • Introduction of Paper • Single Authority ABE • Multi Authority ABE • Conclusions

  3. Overview • History of Attribute-Based Encryption • Introduction of Paper • Single Authority ABE • Multi Authority ABE • Conclusions

  4. History of Attributed-Based Encryption • 1977, RSA • Rivest, Shamir and Adleman • Public/Private(Secret) Key • 1985, IBE(Identity-Based Encryption) • Shamir • Allows for a sender to encrypt message to an identity without access to a public key certificate Encrypted by Address, Name

  5. History of Attributed-Based Encryption • 2005, Fuzzy IBE • Sahai and Waters • A user having identity ω can decrypt a ciphertext with public key ω’. (|ω – ω’| < threshold distance) • Two interesting new applications • Uses biometric identities. • Ex) a fingerprint of human can be changeable by pressure, angle and noisy • Attributed-Based Encryption (ABE) • Suppose that a party wish to encrypt a document to all users that have a certain set of attributes • Ex) {School, Department, Course} -> {KAIST, ICE, Ph.D}

  6. Overview • History of Attribute-Based Encryption • Introduction of Paper • Single Authority ABE • Multi Authority ABE • Conclusions

  7. Introduction of paper • Title • Improving Privacy and Security in Multi-Authority Attribute-Based Encryption • Conference • In CCS'09: Proceedings of the 16th ACM conference on Computer and communications security. ACM, New York, NY, USA, 2009 • Authors • Melissa Chase (Microsoft Research) • Sherman S.M. Chow (New York University)

  8. Background of paper • Motivation • In single authority Attribute-Based Encryption (ABE), there exist only one trusted server who monitors all attributes. • However, this may not be entirely realistic. • Goal • To provide an efficient scheme to resolve the above problem by multi-authority ABE

  9. Overview • History of Attribute-Based Encryption • Introduction of Paper • Single Authority ABE • Multi Authority ABE • Conclusions

  10. Preliminaries • Basic Idea of ABE • Attributes of Human are different and changeable. • Thus, it is difficult to find a perfect set of attributes according to various situations. Soccer Red Reading Soccer Soccer Action Drama Red Blue Reading Music A B

  11. Preliminaries • Lagrange Polynomial (from Wikipedia)

  12. Single Authority ABE • Step One – Feldman Verifiable Secret Sharing • Init: First fix y ← Zq, where q is a prime. • Secret Key (SK) for user u: Choose a random polynomial p such that p(0) = y and the degree of p is d-1. SK: {Di = gp(i)} ∀i∈Au,where Au is a attribute set of user u and g is a costant • Encryption: E = gym, where m is a message • Decryption: Use d SK elements Di to interpolate to obtain Y = gp(0) = gy. Then m = E/Y

  13. Single Authority ABE • Step Two – Specifying Attributes • Let G1 be a cyclic multiplicative group of prime order q generated by g. • Let e(•, •) be a bilinear map such that g ∈ G1, and a, b ∈ Zq, e(ga, gb) = e(g, g)ab • Init: First fix y, t1,…,tn ←Zq, Let Y = e(g, g)y • SK for user u: Choose a random polynomial p such that p(0) = y. . SK: {Di = gp(i)/ti} ∀i∈Au • Encryption for attribute set Ac: E=Ym and {Ei = gti} ∀i∈AC • Decryption: For d attributes i∈Ac∩Au, compute e(Ei, Di) = e(g, g)p(i). Interpolate to find Y = e(g, g)p(0) = e(g, g)y.Then m = E/Y.

  14. Single Authority ABE • Step Three – Multiple Encryptions • To encrypt multiple times without the decryptor needing to get a new secret key each time. • Init: First fix y, t1, …, tn← Zq. • Public Key (PK) for system: T1 = gt1 … Tn = gtn, Y = e(g, g)y. PK = {Ti}1 ≤ I ≤ n,Y • SK for user u: Choose a random polynomial p such that p(0) = y. SK: {Di = gp(i)/ti} ∀i∈Au • Encryption for attribute set Ac: E=Ys=e(g, g)ysm and {Ei = gtis} ∀i∈AC • Decryption: For d attributes i∈Ac∩Au, compute e(Ei, Di) = e(g, g)p(i)s. Interpolate to find Ys = e(g, g)p(0)s = e(g, g)ys.Then m = E/Ys.

  15. Overview • History of Attribute-Based Encryption • Introduction of Paper • Single Authority ABE • Multi Authority ABE • Conclusions

  16. Multi Authority Attribute Based Encryption • Encryption • Attribute Set {A1C, …, ANC), pick s ∈R Zq. • Return (E0 = mYs, E1 = g2s, {Ck, i = Tsk,i} • Decryption • For each authority k ∈ [1, …, N] • For any dk attributes i ∈AkC ∩ Aku, pair up Sk,i and Ck,i compute e(Sk,i, Ck,i) = e(g1, g2)spk(i). • Interpolate all the values e(g1, g2)spk(i) to get Pk = e(g1, g2)spk(i) = e(g1, g2)s(vk- ∑Rkj) • Multiply Pk’s together to get Q = e(g1, g2)s(vk- ∑Ru) = Ys/ e(g1Ru, g2s) • Compute e(Du, E1)Q = e(g1Ru, g2s)Q = Ys • Recover m by E0/Ys

  17. Overview • History of Attribute-Based Encryption • Introduction of Paper • Single Authority ABE • Multi Authority ABE • Conclusions

  18. Conclusion • Contribution • Multi-authority attributed-based encryption enables a more realistic deployment of attribute-based access control. • Novelty • An attribute-based encryption scheme without the trusted authority was proposed

  19. Q&A Thank you! Any questions?

More Related