Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology,

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Akshat Sharma Samarth Shah

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Operating System Security

Attribute-based Encryption

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

1 Identity-Based Encryption form the Weil Pairing Author ： Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date ：

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Computer Science Public Key Management Lecture 5.

By Jyh-haw Yeh Boise State University ICIKM 2013.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Secure Electronic Transaction (SET)

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 ：吉露露、吴莹莹、潘韦韦（ CFCA ）

1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

1 A Secure System Based on Fingerprint Authentication Scheme Author ： Zhe Wu,Jie Tian,Liang Li, Cai-ping Jiang,Xin Yang Prestented by Chia Jui Hsu.

Identity-Based Secure Distributed Data Storage Schemes.

Attribute-Based Encryption with Non-Monotonic Access Structures

CSCE 201 Introduction to Information Security Fall 2010 Access Control.

Module 9: Fundamentals of Securing Network Communication.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 4 Using Encryption in Cryptographic Protocols & Practices.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

A Study of Secure Communications in WiFi Networks Bumjo Park 1 and Namgi Kim 11 1 Dept. Of Computer Science, Kyonggi Univ. San 94-1, Iui, Yeongtong, Suwon,

Attribute-Based Encryption

Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.

Attribute-Based Encryption With Verifiable Outsourced Decryption.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date： Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,

Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.

2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic Regular Seminar Tae Hoon Kim.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

©Richard L. Goldman Public Key Policies for Windows 2000 ©Richard Goldman December 5, 2001.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.

HCBE: Achieving Fine-Grained Access Control in Cloud-based PHR Systems Xuhui Liu [1], Qin Liu [1], Tao Peng [2], and Jie Wu [3] [1] Hunan University, China.

Cloud Multi-domain Access Control Model Based on Role and Trust-degree Lixia Xie Chong Wang School of Computer Science and Technology Civil Aviation University.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

SDSM IN MOBILE CLOUD COMPUTING By- ID NO-1069 K.C. SHARMILAADEVI Sethu Institute Of Tech IV year-ECE Department CEC Batch: AUG 2012.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Privacy Preserving Cloud Data Access With Multi-Authorities Taeho Jung 1, Xiang-Yang Li 1, Zhiguo Wan 2, Meng Wan 3 Illinois Institute of Technology, Chicago.

1 Authentication Celia Li Computer Science and Engineering York University.

Xixu Fu,Kai jun Wu,XiZhang Gong

Microsoft Virtual Academy

Presentation transcript:

Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology, Beijing University of Technology, Beijing, China 2 State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, China 3 Key Laboratory of Information and Network Security, 3rd Research Institute, Ministry of Public Security, Shanghai, China Abstract. An encryption extensions model based on hidden attribute certificate is proposed in this paper, which can represent any key by using "and", "or" logic and the threshold monotony of the access rules, and in order to resist the collusion attack, multiple users use a combination of their keys to decrypt the ciphertext, it virtually eliminates the possibility of a conspiracy to know the key. Keywords: identity-based; attribute-based; hidden attribute; certificate 1 Introduction In the cross-domain large Internet network, in order to ensure users’ own security, before the communication with others, users must first assume whether the others are potentially malicious objects, only after the full test of the mutual contact and authorization certificates interaction, communication and transactions subjects can establish trusted relationships in distributed environment. The existing hidden certificates has obvious drawbacks in the following: in an open environment such as the Internet when users cooperate with unfamiliar parties (such as permission for access to resources), it often based on the requesting party of some vague set of features, but the identity of the requesting party is not clear. To solve the problems above, this paper proposed an improved ABE program, which can represent any key by using "and", "or" logic and the threshold monotony of the access rules. In order to resist the collusion attack, multiple users use a combination of their keys to decrypt the ciphertext, each attribute certification body has a pseudo-random function PRF for random distribution of keys. In this way, it virtually eliminates the possibility of a conspiracy to know the key. 134

2 System Construction is the attribute set of, is the user’s attribute set which is used to generate ciphertext. A hidden certificate extended model includes the following: 1.System configure function: Setup, which is run by the authority center, it will generate the public parameter params and the main key master-key; 2.Certificate distribution function: CA_Issue, which is run by the authority center, it will random select polynomials to create the certificate for each user and issue the certificate to each user, each certificate component correspond to a user’s attribute; when user acquires the certificate from the authority center, the user can use the only disguise name nym; 3.The encryption function:CT=HCE(R, nym, ), which is run by the authority center, it uses as the public key to encrypt the resource, the receiver of is nym, CT is the ciphertext, is the access control policy, it is contained in CT; 1.The decryption function: R=HCD (CT, Cred), which is run by the authority center, it decrypt the ciphertext CT, the public key of the certificate cred is, and if and only if is true, it can decrypt the resource, is the determined threshold. It is worth noting that this system does not give the user a certificate issued for each attribute, but the system issues the certificate for each user, a certificate for each component corresponds to an attribute of the user. If the "issuing a certificate for each attribute" method is used, multiple users will be easy to collude with their attributes that they cannot decrypt the certificate to decrypt the ciphertext alone, the system will be vulnerable to collusion attack. 3 Trust negotiation process of multi-sides Trust negotiation process of multi-sides based on ABE hidden certificate (User A requests a file which satisfies the access control policy from all the users) is shown in Figure 1: 1.A sends Ta=HEs(request, Prequest) to every user ; 2.When the user who receives the request can not satisfies Prequest. It will not decrypt the request, and it can not acquire the access control information, the certificate set of B is CB, and the certificate set of D is CD, if B an D satisfies Prequest, it can decrypt request=HDs(Ta, CB) =HDs(Ta, CD); 1.B sends Tb=HEs(Rb, PRb) to A, D sends the resources Td=HEs(Rd, PR d); 2.The certificate set of A is CA, if A can satisfies PRb, it can decrypt Rb=HDs(Tb, CA), if A satisfies PRd, it can decrypt Rd=HDs(Td, CA) 135

1.Ta=HCE(request,Prequest) B 2.request=HCD(Ta,CB) Prequest D 2.request=HCD(Ta,CD) 3.Tb=HCE(Rb,PR) A B 4.HCD(Tb,CA) 4.R=HCD(Td,CA) 3.Td=HCE(Rb,PR) D Fig. 1. Trust negotiation process of multi-sides C 2.CC does not satisfy A Trust negotiation and trust of both parties in the process of encryption and decryption of the request, encryption and decryption resources use the basic ABE technology. 4 Conclusion In this paper based on IBE / ABE's Web security technology, we proposed an improved ABE scheme which can represent any key by using "and", "or" logic and the threshold monotony of the access rules. In hidden the ABE certificate extended model, since each user only has a certificate, it needs only one chance to decrypt the information; it increases the efficiency of the system. Acknowledgements. This research is funded by Open Research Project of State Key Laboratory of Information Security in Institute of Software Chinese Academy of Sciences, the program "Core Electronic Devices, High-end General Purpose Chips and Basic Software Products" in China (No. 2010ZX ), Funds of Key Lab of Fujian Province University Network Security and Cryptology ( ) and Doctor Launch Fund in Beijing University of Technology (X R1764). References 1.Liu Hong-yue, Fan Jiu-lun, Ma Jian-feng. Research Advances on Access Control[J]. MINI-MICRO SYSTEM S, 2004, 25(1) : Ravi S, Sandhu, Edward J. Coyne, Hal L Feinstein, et a1. Role-based access control models[J]. IEEEComputer, 1996, 29(2):38~47. 3.Barlow T, Hess A, Seamons KE. Trust negotiation in electronic markets. In Proc of 8th Research Symp in Emerging Electronic Markets. Maastricht,