Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data 20103350 An, Sanghong KAIST 2010 2010. 3. 11.

Slides:



Advertisements
Similar presentations
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Advertisements

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Attribute-based Encryption
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
8. Data Integrity Techniques
Cryptography Lecture 8 Stefan Dziembowski
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
1 Attribute-Based Encryption Brent Waters SRI International.
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Attribute-Based Encryption
Systems Architecture Anonymous Key Agreement Dominik Oepen
Shucheng Yu, Cong Wang, Kui Ren,
Advanced Information Security 5 ECC Cryptography
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
On the Size of Pairing-based Non-interactive Arguments
Identity Based Encryption
Boneh-Franklin Identity Based Encryption Scheme
Certificateless signature revisited
Network Security.
RSA and El Gamal Cryptosystems
Attribute Based Encryption
Group theory exercise.
Identity-based deniable authentication protocol
Modern symmetric-key Encryption
Secrecy of (fixed-length) stream ciphers
Digital signatures.
Efficient Public-Key Distance Bounding
Topic 5: Constructing Secure Encryption Schemes
Broadcast Encryption Amos Fiat & Moni Naor Advances in Cryptography - CRYPTO ’93 Proceeding, LNCS, Vol. 773, 1994, pp Multimedia Security.
Topic 25: Discrete LOG, DDH + Attacks on Plain RSA
Topic 30: El-Gamal Encryption
ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption Danfeng Yao Nelly Fazio Brown University New.
Attribute-Based Encryption
Fuzzy Identity Based Encryption
Topic 7: Pseudorandom Functions and CPA-Security
Introduction to Provable Security
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Key Management Network Systems Security
Network Security.
El Gamal and Diffie Hellman
Introduction to Elliptic Curve Cryptography
Attribute-Based Encryption
The power of Pairings towards standard model security
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Verifiable Attribute Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud They really need a shorter title.
Fuzzy Identity-Based Encryption
Compact Adaptively Secure ABE for NC1 from k-Lin
Elliptic-Curve Cryptography (ECC)
Presentation transcript:

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data 20103350 An, Sanghong KAIST 2010 2010. 3. 11.

Contents Introduction Background Construction for Access Trees Proof of Security Large Universe Construction Delegation of Private Keys Applications KAIST CS 2018-12-01

Introduction How can we control access with fine-grained manner? Just encrypting data is not enough Needs of restrictive access (Audit log access, IP log access…) Keywords Fine-grained Access Control Secret-Sharing Scheme KAIST CS 2018-12-01

Background Definition : Access Structure Attributes = parties A set of parties: P = {P1, P2, … , Pn} A monotone collection A ⊆2P,{Φ}∈/A Authorized set S : S ∈A Attributes = parties KAIST CS 2018-12-01

Background Attribute Based Encryption scheme Selective-Set Model for ABE CPA(Chosen-Plaintext Attack) PK Setup A : Access Structure PK : Public parameter MK : Master Key E : Ciphertext D : Decryption Key(Private Key) Message m Encryption Set of Attributes γ MK E PK Key Generation D M if γ ∈A Decryption A KAIST CS 2018-12-01

Background Bilinear Map Decisional Bilinear-Diffie-Hellman Assumption G1, G2 : multiplicative cyclic groups of prime order p g : generator of G1 e : bilinear map, e: G1 X G1  G2 e(ua,ub) = e(u,v)ab, e(g,g) ≠ 1 Decisional Bilinear-Diffie-Hellman Assumption KAIST CS 2018-12-01

Construction for Access Tree Access Tree T Non-leaf node x : (kx,n) , t : threshold value n : # of children Leaf node described by an attribute att(x) : attribute associated with leaf node x index(x) : unique index value for node x Tx(γ) = 1 if γ satisfies the access tree Tx At least kx children returns 1 for Tx’(γ), Tx(γ) = 1 For leaf node, Tx(γ) = 1 iff att(x) ∈ γ KAIST CS 2018-12-01

Construction for Access Tree Init G1 : multiplicative cyclic groups of prime order p g : generator of G1 e : bilinear map Δi,S for i ∈Zp : Lagrange Coefficient S⊆ Zp KAIST CS 2018-12-01

Construction for Access Tree Setup U : universe of attributes = {1,2,…,n} ti : Randomly generated for i ∈ U, from Zp y = Randomly generated number from Zp Public Parameter PK Ti = g^ti , Y = e(g,g)y Master Key MK t1, … , t|U|, y KAIST CS 2018-12-01

Construction for Access Tree Encryption(M, γ, PK) M ∈G2, γ : a set of attributes s : Randomly generated number from Zp Ciphertext E E = (γ, E’ = MYs, {Ei = Tis}i ∈ γ) KAIST CS 2018-12-01

Construction for Access Tree Key Generation(T, PK) Generate a Key that decrypt encrypted message when Tr(γ) = 1 For each node x Degree dx of polynomial qx dx = kx -1 qr(0) = y, a proper polynomial qr for dr qx(0) = qparent(x)(index(x)) Decryption Key D = {D1, … Dn} Dx = g^(qx(0)/ti), where i = att(x) KAIST CS 2018-12-01

Construction for Access Tree Decryption(E, D) Recursive Algorithm DecryptNode(E,D,x) For leaf node DecryptNode(E,D,x) = e(Dx, Ei) = e(g,g)s qx(0) if i ∈ γ = ┴, otherwise For non-leaf node DecryptNode(E,D,x) = Fx For all x’s childeren z, Fz = DecryptNode(E,D,z) If Fz≠ ┴, put z into a set S KAIST CS 2018-12-01

Proof of Security Reduce Selective-set model to Decisional BDH Thm. If an adversary can break the scheme in the Attribute-based Selective-Set model, then a simulator can be constructed to play the Decisional BDH game with a non-negligible advantage. Pf) Reduction to absurdity SSM advantage = ε, but D-BDH advantage = ε/2 KAIST CS 2018-12-01

Large Universe Construction Hash function and arbitrary strings KAIST CS 2018-12-01

Delegation of Private Keys Delegate Key for sharing T’ : more restrictive than T (T’ ⊆ T) Adding a new trivial gate to T Manipulating existing (t,n)-gate in T To (t+1, n)-gate with (t+1)≤n To (t+1, n+1)-gate To (t, n-1)-gate with t≤(n-1) Re-randomizing the obtained key KAIST CS 2018-12-01

Applications Audit Log Application Targeted Broadcast Can’t collude to try to extract unauthorized information from the audit log Targeted Broadcast Broadcast with a label with attributes about the program User subscribes “packages” which have attributes of a program Selective broadcast KAIST CS 2018-12-01

References V.Goyal and O.Pandey. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, 2006 A.Sahai and B.Water. Fuzzy Idnetity Based Encryption. In Advances in Cryptology –Eurocrypt, 2005 KAIST CS 2018-12-01

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.