Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

Published byLouise Lambert Modified over 9 years ago

Similar presentations

Presentation on theme: "Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA."— Presentation transcript:

1 Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA

2 2 What is Ciphertext-Policy Attribute- Based Encryption (CP-ABE)?  Type of identity-based encryption One public key Master private key used to make more restricted private keys  But very expressive rules for which private keys can decrypt which ciphertexts Private keys have “attributes” or labels Ciphertexts have decryption policies

3 3 Remote File Storage: Interesting Challenges  Scalability  Reliability  … But we also want security

4 4  Good: Flexible access policies  Bad: Data vulnerable to compromise Must trust security of server Remote File Storage: Server Mediated Access Control Access control list: Kevin, Dave, and anyone in IT department Sarah: IT department, backup manager ?

5 5  More secure, but loss of flexibility  New key for each file: Must be online to distribute keys  Many files with same key: Fine grained access control not possible Remote File Storage: Encrypting the Files

6 6 Remote File Storage: We Want It All  Wishlist: Encrypted files for untrusted storage Setting up keys is offline No online, trusted party mediating access to files or keys Highly expressive, fine grained access policies  Ciphertext-policy attribute-based encryption does this! User private keys given list of “attributes” Files can encrypted under “policy” over those attributes Can only decrypt if attributes satisfy policy

7 7 Remove File Storage: Access Control via CP-ABE PK MSK SK Sarah : “manager” “IT dept.” SK Kevin : “manager” “sales” OR IT dept. AND managermarketing    

8 8 Collusion Attacks: The Key Threat  Important potential attack  Users should not be able to combine keys  Essential, almost defining property of ABE  Main technical trick of our scheme: preventing collusion SK Sarah : “A”, “C” SK Kevin : “B”, “D” AND AB ?

9 9 Collusion Attacks: A Misguided Approach to CP-ABE  Collusion attacks rule out some trivial schemes … SK Sarah : “A”, “C” SK Kevin : “B”, “D” AND AB PK A SK B PK B SK A = M 1 + M 2 C = (E A (M 1 ), E B (M 2 )) M SK C PK C SK D PK D

10 10 Highlights From Our Scheme: Background

11 11 Highlights From Our Scheme: Public Key and Master Private Key

12 12 Highlights From Our Scheme: Private Key Generation  “Binds” key components to each other  Makes components from different keys incompatible  Key to preventing collusion attacks

13 13 Highlights From Our Scheme: Policy Features  Leaf nodes: Test for presence of string attribute in key Also numerical attributes and comparisons  Internal nodes: AND gates OR gates Also k of n threshold gates OR IT dept. manager marketing hire date < 2002 2 of 3 OR AND sales exec. level >= 5

14 14 Highlights From Our Scheme: Encryption and Decryption  Encryption: Use general secret sharing techniques to model policy One ciphertext component per leaf node  Decryption: Uses LaGrange interpolation “in the exponents” OR IT dept. manager marketing hire date < 2002 2 of 3 OR AND sales exec. level >= 5

15 15 Highlights From Our Scheme: Security  Proven secure, including collusion resistance Assumes random oracle model Assumes generic group model  Generic group model “Black box” heuristic similar to random oracle model Good future work: scheme without this assumption

16 16 Implementation: The cp-abe Toolkit $ cpabe-setup $ cpabe-keygen -o sarah_priv_key pub_key master_key \ sysadmin it_dept 'office = 1431' 'hire_date = 2002' $ cpabe-enc pub_key security_report.pdf (sysadmin and (hire_date < 2005 or security_team)) or 2 of (executive_level >= 5, audit_group, strategy_team))

17 17 Implementation: Performance  Benchmarked on 64-bit AMD 3.7 GHz workstation  Essentially no overhead beyond group operations in PBC library OperationApproximate Time Private key gen.35 ms per attribute Encryption27 ms per leaf node Decryption0.5–0.8 ms per leaf node

18 18 Implementation: Availability  Available as GPL source at Advanced Crypto Software Collection (ACSC) New project to bring very recent crypto to systems researchers Bridge the gap between theory and practice Total of 8 advanced crypto projects currently available http://acsc.csl.sri.com

19 19 Attribute Based Encryption: Related Work Collusion resistant Policies w/ infinite attr. space Policies w/ fixed attr. space AttributesPolicy [1,2]YesSingle thresh. gate Single thresh. gate In ciphertextIn key [3]YesMonotone formulas All boolean formulas In ciphertextIn key ThisYesMonotone formulas All boolean formulas In keyIn ciphertext [4]*NoNoneAll boolean formulas In keyIn ciphertext * Has additional policy hiding property, but needs online, semi-trusted server to perform encryption

20 20 Attribute Based Encryption: Related Work [1] Sahai, Waters. Eurocrypt 2005. [2] Pirretti, Traynor, McDaniel, Waters. CCS 06. [3] Goyal, Pandey, Sahai, Waters. CCS 06. [4] Kapadia, Tsang, Smith. NDSS 07.

21 21 Thanks for Listening!  bethenco@cs.cmu.edu bethenco@cs.cmu.edu  http://acsc.csl.sri.com

Download ppt "Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA."

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Private Inference Control

Private Inference Control
Functional Encryption & Property Preserving Encryption

Functional Encryption & Property Preserving Encryption
Attribute-based Encryption

Attribute-based Encryption
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),
Access Control & Digital Rights Management KAIST KSE Uichin Lee.

Access Control & Digital Rights Management KAIST KSE Uichin Lee.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Similar presentations

Ads by Google