Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data 20103350 An, Sanghong KAIST 2010 2010. 3. 11.

Published byBrandon Johnston Modified over 6 years ago

Similar presentations

Presentation on theme: "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data 20103350 An, Sanghong KAIST 2010 2010. 3. 11."— Presentation transcript:

1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data
An, Sanghong KAIST 2010

2 Contents Introduction Background Construction for Access Trees
Proof of Security Large Universe Construction Delegation of Private Keys Applications KAIST CS

3 Introduction How can we control access with fine-grained manner?
Just encrypting data is not enough Needs of restrictive access (Audit log access, IP log access…) Keywords Fine-grained Access Control Secret-Sharing Scheme KAIST CS

4 Background Definition : Access Structure Attributes = parties
A set of parties: P = {P1, P2, … , Pn} A monotone collection A ⊆2P,{Φ}∈/A Authorized set S : S ∈A Attributes = parties KAIST CS

5 Background Attribute Based Encryption scheme
Selective-Set Model for ABE CPA(Chosen-Plaintext Attack) PK Setup A : Access Structure PK : Public parameter MK : Master Key E : Ciphertext D : Decryption Key(Private Key) Message m Encryption Set of Attributes γ MK E PK Key Generation D M if γ ∈A Decryption A KAIST CS

6 Background Bilinear Map Decisional Bilinear-Diffie-Hellman Assumption
G1, G2 : multiplicative cyclic groups of prime order p g : generator of G1 e : bilinear map, e: G1 X G1  G2 e(ua,ub) = e(u,v)ab, e(g,g) ≠ 1 Decisional Bilinear-Diffie-Hellman Assumption KAIST CS

7 Construction for Access Tree
Access Tree T Non-leaf node x : (kx,n) , t : threshold value n : # of children Leaf node described by an attribute att(x) : attribute associated with leaf node x index(x) : unique index value for node x Tx(γ) = 1 if γ satisfies the access tree Tx At least kx children returns 1 for Tx’(γ), Tx(γ) = 1 For leaf node, Tx(γ) = 1 iff att(x) ∈ γ KAIST CS

8 Construction for Access Tree
Init G1 : multiplicative cyclic groups of prime order p g : generator of G1 e : bilinear map Δi,S for i ∈Zp : Lagrange Coefficient S⊆ Zp KAIST CS

9 Construction for Access Tree
Setup U : universe of attributes = {1,2,…,n} ti : Randomly generated for i ∈ U, from Zp y = Randomly generated number from Zp Public Parameter PK Ti = g^ti , Y = e(g,g)y Master Key MK t1, … , t|U|, y KAIST CS

10 Construction for Access Tree
Encryption(M, γ, PK) M ∈G2, γ : a set of attributes s : Randomly generated number from Zp Ciphertext E E = (γ, E’ = MYs, {Ei = Tis}i ∈ γ) KAIST CS

11 Construction for Access Tree
Key Generation(T, PK) Generate a Key that decrypt encrypted message when Tr(γ) = 1 For each node x Degree dx of polynomial qx dx = kx -1 qr(0) = y, a proper polynomial qr for dr qx(0) = qparent(x)(index(x)) Decryption Key D = {D1, … Dn} Dx = g^(qx(0)/ti), where i = att(x) KAIST CS

12 Construction for Access Tree
Decryption(E, D) Recursive Algorithm DecryptNode(E,D,x) For leaf node DecryptNode(E,D,x) = e(Dx, Ei) = e(g,g)s qx(0) if i ∈ γ = ┴, otherwise For non-leaf node DecryptNode(E,D,x) = Fx For all x’s childeren z, Fz = DecryptNode(E,D,z) If Fz≠ ┴, put z into a set S KAIST CS

13 Proof of Security Reduce Selective-set model to Decisional BDH
Thm. If an adversary can break the scheme in the Attribute-based Selective-Set model, then a simulator can be constructed to play the Decisional BDH game with a non-negligible advantage. Pf) Reduction to absurdity SSM advantage = ε, but D-BDH advantage = ε/2 KAIST CS

14 Large Universe Construction
Hash function and arbitrary strings KAIST CS

15 Delegation of Private Keys
Delegate Key for sharing T’ : more restrictive than T (T’ ⊆ T) Adding a new trivial gate to T Manipulating existing (t,n)-gate in T To (t+1, n)-gate with (t+1)≤n To (t+1, n+1)-gate To (t, n-1)-gate with t≤(n-1) Re-randomizing the obtained key KAIST CS

16 Applications Audit Log Application Targeted Broadcast
Can’t collude to try to extract unauthorized information from the audit log Targeted Broadcast Broadcast with a label with attributes about the program User subscribes “packages” which have attributes of a program Selective broadcast KAIST CS

17 References V.Goyal and O.Pandey. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, 2006 A.Sahai and B.Water. Fuzzy Idnetity Based Encryption. In Advances in Cryptology –Eurocrypt, 2005 KAIST CS

Download ppt "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data 20103350 An, Sanghong KAIST 2010 2010. 3. 11."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Attribute-based Encryption

Attribute-based Encryption
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption

Identity Based Encryption
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.

1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.
8. Data Integrity Techniques

8. Data Integrity Techniques

Similar presentations

Ads by Google