Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim."— Presentation transcript:

1 Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim

2 OverviewOverview History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions -2/19-

3 OverviewOverview History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions -3/19-

4 History of Attributed-Based Encryption 1977, RSA  Rivest, Shamir and Adleman  Public/Private(Secret) Key 1985, IBE(Identity-Based Encryption)  Shamir  Allows for a sender to encrypt message to an identity without access to a public key certificate -4/19- Encrypted by Address, Name

5 History of Attributed-Based Encryption 2005, Fuzzy IBE  Sahai and Waters  A user having identity ω can decrypt a ciphertext with public key ω’. (|ω – ω’| < threshold distance)  Two interesting new applications Uses biometric identities. –Ex) a fingerprint of human can be changeable by pressure, angle and noisy Attributed-Based Encryption (ABE) –Suppose that a party wish to encrypt a document to all users that have a certain set of attributes –Ex) {School, Department, Course} -> {KAIST, ICE, Ph.D} -5/19-

6 OverviewOverview History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions -6/19-

7 Introduction of paper Title  Improving Privacy and Security in Multi-Authority Attribute-Based Encryption Conference  In CCS'09: Proceedings of the 16th ACM conference on Computer and communications security. ACM, New York, NY, USA, 2009 Authors  Melissa Chase (Microsoft Research)  Sherman S.M. Chow (New York University) -7/19-

8 Background of paper Motivation  In single authority Attribute-Based Encryption (ABE), there exist only one trusted server who monitors all attributes.  However, this may not be entirely realistic. Goal  To provide an efficient scheme to resolve the above problem by multi-authority ABE -8/23-

9 OverviewOverview History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions -9/19-

10 PreliminariesPreliminaries Basic Idea of ABE  Attributes of Human are different and changeable.  Thus, it is difficult to find a perfect set of attributes according to various situations. -10/23- Soccer Action Red Reading Soccer Red Reading AB Soccer Drama Blue Music

11 PreliminariesPreliminaries Lagrange Polynomial (from Wikipedia) -11/23-

12 Single Authority ABE Step One – Feldman Verifiable Secret Sharing  Init: First fix y ← Z q, where q is a prime.  Secret Key (SK) for user u: Choose a random polynomial p such that p(0) = y and the degree of p is d-1. SK: {D i = g p(i) } ∀ i ∈ A u,where A u is a attribute set of user u and g is a costant  Encryption: E = g y m, where m is a message  Decryption: Use d SK elements D i to interpolate to obtain Y = g p(0) = g y. Then m = E/Y -12/23-

13 Single Authority ABE Step Two – Specifying Attributes  Let G 1 be a cyclic multiplicative group of prime order q generated by g.  Let e(, ) be a bilinear map such that g ∈ G1, and a, b ∈ Z q, e(g a, g b ) = e(g, g) ab  Init: First fix y, t 1,…,t n ←Zq, Let Y = e(g, g) y  SK for user u: Choose a random polynomial p such that p(0) = y.. SK: {D i = g p(i)/ti } ∀ i ∈ A u  Encryption for attribute set A c : E=Ym and {E i = g ti } ∀ i ∈ A C  Decryption: For d attributes i ∈ A c ∩A u, compute e(E i, D i ) = e(g, g) p(i). Interpolate to find Y = e(g, g) p(0) = e(g, g) y. Then m = E/Y. -13/23-

14 Single Authority ABE Step Three – Multiple Encryptions  To encrypt multiple times without the decryptor needing to get a new secret key each time.  Init: First fix y, t 1, …, t n ← Z q.  Public Key (PK) for system: T 1 = g t1 … T n = g tn, Y = e(g, g) y. PK = {T i } 1 ≤ I ≤ n,Y  SK for user u: Choose a random polynomial p such that p(0) = y. SK: {D i = g p(i)/ti } ∀ i ∈ A u  Encryption for attribute set A c : E=Y s =e(g, g) ys m and {E i = g tis } ∀ i ∈ A C  Decryption: For d attributes i ∈ A c ∩A u, compute e(E i, D i ) = e(g, g) p(i)s. Interpolate to find Y s = e(g, g) p(0)s = e(g, g) ys. Then m = E/Y s. -14/23-

15 OverviewOverview History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions -15/19-

16 Multi Authority Attribute Based Encryption Encryption  Attribute Set {A 1 C, …, A N C ), pick s ∈ R Zq.  Return (E0 = mY s, E1 = g 2 s, {C k, i = T s k,i } Decryption  For each authority k ∈ [1, …, N] For any d k attributes i ∈ A k C ∩ A k u, pair up S k,i and C k,i compute e(S k,i, C k,i ) = e(g 1, g 2 ) spk(i). Interpolate all the values e(g 1, g 2 ) spk(i) to get P k = e(g 1, g 2 ) spk(i) = e(g 1, g 2 ) s(vk- ∑Rkj)  Multiply Pk’s together to get Q = e(g 1, g 2 ) s(vk- ∑Ru) = Ys/ e(g 1 Ru, g 2 s )  Compute e(Du, E1)Q = e(g 1 Ru, g 2 s )Q = Ys  Recover m by E 0 /Y s -16/23-

17 OverviewOverview History of Attribute-Based Encryption Introduction of Paper Single Authority ABE Multi Authority ABE Conclusions -17/19-

18 ConclusionConclusion Contribution  Multi-authority attributed-based encryption enables a more realistic deployment of attribute-based access control. Novelty  An attribute-based encryption scheme without the trusted authority was proposed -18/19-

19 Q&AQ&A Thank you! Any questions? -19/19-

Download ppt "Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Attribute-based Encryption

Attribute-based Encryption
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography 101 How is data actually secured. RSA Public Key Encryption RSA – names after the inventors –Rivest, Shamir, and Adleman Basic Idea: Your.

Cryptography 101 How is data actually secured. RSA Public Key Encryption RSA – names after the inventors –Rivest, Shamir, and Adleman Basic Idea: Your.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Identity Based Encryption

Identity Based Encryption
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.

Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.

Similar presentations

Ads by Google