Presentation is loading. Please wait.

Presentation is loading. Please wait.

Broadcast Encryption with Multiple Trust Authorities Alexander W. Dent Information Security Group Royal Holloway, University of London.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Broadcast Encryption with Multiple Trust Authorities Alexander W. Dent Information Security Group Royal Holloway, University of London."— Presentation transcript:

1 Broadcast Encryption with Multiple Trust Authorities Alexander W. Dent Information Security Group Royal Holloway, University of London

2 Table of Contents Broadcast encryption in multiple domains (Or what we tried to do...) [8 slides] Our scheme (Or how we achieved our aim...) [4 slides] 2

3 Broadcast Encryption with Multiple Trust Authorities Broadcast encryption in structured organisations Broadcast encryption in collaborations The simple solution? An example use scenario 3

4 Broadcast encryption Encrypt a message using a pattern (ID 1,ID 2, *,ID 4 ). Key for any identity which matches pattern can decrypt the ciphertext. 4 Public parameters “Trust authority” “Department 1”“Department 2” “Project 1”“Project 2” “User 1”“User 2” Setup algorithm Key generation algorithm Key derivation algorithm

5 Broadcast encryption (TA,Dept,Project,User) targets a specific individual. (TA,Dept, *, * ) targets all members of a specific department. (TA, *,Project, * ) targets all users of a specific project. Etc. 5 Public parameters “Trust authority” “Department” “Project” “User”

6 Multiple trust authorities What if multiple institutions want to collaborate on a project? We would want: –Each trust authority retains control of its own trust domain and keys. –Trust domains can be set up independently of all other trust domains. –Trust authorities can easily form coalitions. –Membership of one coalition does not give that TA rights in any other coalition. 6

7 Multiple trust authorities 7 Public parameters “Trust authority” “Department 1”“Department 2” “Project 1”“Project 2” “User 1”“User 2” “Trust authority” “Department 1”“Department 2” “Project 1”“Project 2” “User 1”“User 2” (Public) protocol (Broadcast) key update message

8 Multiple trust authorities To address the coalition, use coalition master key (derived from master keys of coalition TAs). (TA,Dept,Proj,User) targets a single user. (TA,Dept, *, * ) targets a department under one TA. ( *, *,Proj, * ) targets all users on a project regardless of their TA. Users decrypt with their coalition decryption keys. 8 Public parameters “Trust authority” “Department” “Project” “User”

9 Assumptions All TAs have to use the same scheme. All TAs have to use same public parameters (and trust them). –Common problem with common solutions. All TAs have to use the same naming structure in their trust domains. –TA1 has (TA,Dept,Proj,User) –TA2 has (TA,Sector,Supervisor,Building,User) 9

10 Assumptions Why not use a single new WIBE scheme? –It cannot be set up in advance and every new coalition requires a new WIBE scheme. –It’s unclear who should hold the master private key for the coalition WIBE. –Every existing member of the trust authority would have to re-register and obtain a new key for the coalition. 10

11 Usage scenarios Use on joint projects is clear. Suppose a number of manufacturers are building general purpose sensors for use in multiple projects. (Man,Type, *, * ) could be used for software updates. ( *,Type,Proj, * ) could be used to update mission parameters. 11 Public parameters “Sensor Type” “Project” “Sensor Identity” “Manufacturer”

12 Boneh-Boyen MTA-WIBE The Boneh-Boyen HIBE/WIBE Ghost authorities 12

13 Our scheme Based on the Boneh-Boyen WIBE –Abdalla et al. (2006) and Boneh-Boyen (2004). Selective-identity IND-CPA secure in the standard model –Full CPA security achieved in ROM –Normal trick of hashing user identities Selective-identity IND-CCA secure in the standard model via novel Boneh-Katz transform (which applies to WIBEs too). 13

14 Boneh-Boyen HIBE 14 Public parameters (g 1, g 2, u 10,u 11,u 20,u 21,...) Master private key: Master public key: g2αg1αg2αg1α Level one key: (g 2 α (u 10 ·u 11 ID1 ) r, g 1 r ) Level two key: (g 2 α (u 10 ·u 11 ID1 ) r (u 20 ·u 21 ID2 ) s, g 1 r, g 1 s )

15 Our scheme Our scheme shows that two TAs can cooperate to create a “ghost” super TA. Each TA can figure out their key in this new hierarchy, but not the super TA’s key or each other’s keys. 15 TA1TA2 Ghost “super” TA

16 Our scheme 16 Public parameters (g 1, g 2, u 00,u 01,u 10,u 11,u 20,u 21,...) Master private key: Master public key: g2αg1αg2αg1α (g 2 α (u 10 ·u 11 TA2 ) t, g 1 t ) Level one key: (g 2 α (u 00 ·u 01 TA1 ) r (u 10 ·u 11 ID1 ) s, g 1 r, g 1 s ) g2βg1βg2βg1β TA1TA2 (g 2 α+β (u 10 ·u 11 TA1 ) x, g 1 x ) g2α+βg1α+βg2α+βg1α+β GHOST (g 2 α+β (u 10 ·u 11 TA2 ) t, g 1 t ) (g 2 β (u 10 ·u 11 TA1 ) x, g 1 x )

17 Conclusion We proposed a new functionality for encryption between trust domains. Instantiated that scheme with a novel version of the BB-WIBE. Gave a new transform for creating CCA- secure WIBEs from CPA-secure WIBEs. Other functionalities? 17 Questions?

Download ppt "Broadcast Encryption with Multiple Trust Authorities Alexander W. Dent Information Security Group Royal Holloway, University of London."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Www.mobilevce.com © 2004 Mobile VCE 3G 20041. www.mobilevce.com © 2004 Mobile VCE 3G 20042 19 th October 2004 Regional Blackouts: Protection of Broadcast.

© 2004 Mobile VCE 3G © 2004 Mobile VCE 3G th October 2004 Regional Blackouts: Protection of Broadcast.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.

Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.
Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:
Group Key Distribution Chih-Hao Huang

Group Key Distribution Chih-Hao Huang
Building Better Signcryption Schemes with Tag-KEMs Tor E. Bjørstad and Alexander W. Dent University of Bergen, Norway Royal Holloway, University of London,

Building Better Signcryption Schemes with Tag-KEMs Tor E. Bjørstad and Alexander W. Dent University of Bergen, Norway Royal Holloway, University of London,
A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.

A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.

Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

Similar presentations

Ads by Google