Attribute-Based Encryption with Non-Monotonic Access Structures

Slides:



Advertisements
Similar presentations
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Advertisements

Attribute-based Encryption
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
Access Control & Digital Rights Management KAIST KSE Uichin Lee.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Daniel Moran & Marina Yatsina. Access control through encryption.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
Cryptographic Approach for Delegation and Authorization in Cloud Computing Di Ma NSF Workshop on Security for Cloud Computing Mar. 15 ~ Mar. 16, 2012 Arlington,
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
Computer Science Public Key Management Lecture 5.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.
Privacy Preserving Query Processing in Cloud Computing Wen Jie
Functional Encryption: An Introduction and Survey Brent Waters.
Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.
Functional Encryption: Beyond Public Key Cryptography
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.
HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.
Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.
1 Attribute-Based Encryption Brent Waters SRI International.
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
Identity-Based Secure Distributed Data Storage Schemes.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-
Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.
1 Applied Cryptography in CyberTA Brent Waters Work with Dan Boneh and Amit Sahai.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Presented by: Sanketh Beerabbi University of Central Florida.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Fuzzy Identity Based Encryption Brent Waters Current Research with Amit Sahai.
Attribute-Based Encryption
Attribute-Based Encryption With Verifiable Outsourced Decryption.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.
2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic Regular Seminar Tae Hoon Kim.
Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.
Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology,
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.
Shucheng Yu, Cong Wang, Kui Ren,
Grid Computing Security Mechanisms: the state-of-the-art
Security Outline Encryption Algorithms Authentication Protocols
pVault Sharing Architecture
Attribute-Based Encryption
Fuzzy Identity Based Encryption
Functional Encryption: An Introduction and Survey
Attribute-Based Encryption
Verifiable Attribute Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud They really need a shorter title.
Presentation transcript:

Attribute-Based Encryption with Non-Monotonic Access Structures Rafail Ostrovsky UCLA Amit Sahai UCLA Brent Waters SRI International

Server Mediated Access Control File 1 Server stores data in clear Expressive access controls Access list: John, Beth, Sue, Bob Attributes: “Computer Science” , “Admissions”

Distributed Storage Downside: Increased vulnerability Scalability Reliability Downside: Increased vulnerability

Traditional Encrypted Filesystem Encrypted Files stored on Untrusted Server Every user can decrypt its own files File 1 Owner: John Files to be shared across different users? Credentials? File 2 Owner: Tim Lost expressivity of trusted server approach!

Attribute-Based Encryption [SW05] Goal: Encryption with Expressive Access Control File 1 “Creator: John” “Computer Science” “Admissions” “Date: 04-11-06” Label files with attributes File 2 “Creator: Tim” “History” “Admissions” “Date: 03-20-05”

Attribute-Based Encryption Univ. Key Authority File 1 “Creator: John” “Computer Science” “Admissions” “Date: 04-11-06” OR AND “Computer Science” “Admissions” “Bob” File 2 “Creator: Tim” “History” “Admissions” “Date: 03-20-05”

Attribute-Based Encryption Ciphertext has set of attributes Keys reflect a tree access structure Decrypt iff attributes from CT satisfy key’s policy OR AND “Computer Science” “Admissions” “Bob” “Creator: John” “Computer Science” “Admissions” “Date: 04-11-06”

Central goal: Prevent Collusions If neither user can decrypt a CT, then they can’t together AND “Computer Science” “Admissions” AND “History” “Hiring” Ciphertext = M, {“Computer Science”, “Hiring”}

Current ABE Systems [GPWS06] Monotonic Access Formulas Tree of ANDs, ORs, threshold (k of N) … Attributes at leaves NOT is unsupported! OR AND “Bob” “Computer Science” “Admissions”

Fresh randomness used for each key generated! Key Generation Public Parameters Fresh randomness used for each key generated! gt1, gt2,.... gtn, e(g,g)y OR AND “Computer Science” “Admissions” “Bob” y r (y-r) y3= yn= y1= “Greedy” Decryption Private Key gy1/t1 , gy3/t3 , gyn/tn

Supporting “NOTs” [OSW07] Example Peer Review of Other Depts. Bob is in C.S. dept => Avoid Conflict of Interest AND “Computer Science” NOT “Dept. Review” “Year:2007” Challenge: Can’t attacker just ignore CT components?

A Simple Solution Use explicit “not” attributes Attribute “Not:Admissions”, “Not:Biology” Problems: Encryptor does not know all attributes to negate Huge number of attributes per CT “Creator: John” “History” “Admissions” “Date: 04-11-06” “Not:Anthropology” “Not:Aeronautics” … “Not:Zoology”

Technique 1: Simplify Formulas Use DeMorgan’s law to propagate NOTs to just the attributes AND NOT OR NOT “Dept. Review” “Public Policy” “Computer Science”

Revocation Systems [NNL01,NP01…] Broadcast to all but a certain set of users Application: Digital content protection P1 P2 P3

Applying Revocation Techniques Focus on a particular Not Attribute AND “Year:2007” “Dept. Review” “Computer Science” NOT

Applying Revocation Techniques Focus on a particular ‘Not’ Attribute “Computer Science” NOT Attribute in ‘Not’ as node’s “identity” Attributes in CT as Revoked Users “Creator: John” “Computer Science” “Admissions” “Date: 04-11-06” Node ID not in “revoked” list =>satisfied N.B. – Just one node in larger policy

“Polynomial Revocation” [NP01] Pick a degree n polynomial q( ), q(0)=a n+1 points to interpolate User t gets q(t) Encryption: gs , ,Mgsa Revoked x1, …, xn gsq(x1) , ..., gsq(xn) gsq(t) Can interpolate to gsq(0)=gsa iff t not in {x1,…xn}

ABE with Negation Push NOTs to leaves Apply ABE key generation Collusion resistance still key! Treat non-negated attributes same New Type of Polynomial Revocation at Leaves

Choose degree n polynomial q(), q(0)=b System Sketch Choose degree n polynomial q(), q(0)=b Public Parameters Can compute gq(x) gq(0), gq(1),.... gq(n), Ciphertext gs, gsq(x1) , … , gsq(xn) Attributes: x1, x2… e(g,g)srq(t) e(g,g)srq(x1) e(g,g)srq(xn) Private Key grq(t), gr “Computer Science” NOT Derived from ABE key generation If points different can compute e(g,g)srb =t

Conclusions and Open Directions Goal: Increase expressiveness of Encryption Systems Provided Negation to ABE systems Challenge: Decryptor Ignores “Bad” Attributes Solution: Revocation techniques Future: ABE with Circuits Other cryptographic access control

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.