Presentation is loading. Please wait.

Presentation is loading. Please wait.

Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes.

Published byEmory Elliott Modified over 9 years ago

Similar presentations

Presentation on theme: "Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes."— Presentation transcript:

1 Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes

2 2 Contents Broadcast Encryption (BE) Concept / Applications Related Works Our Approach for Scalability Design Principle Generic Transformation Compiled Examples Concluding Remarks

3 3 Broadcast Encryption : Concept Message Sender s : session key, m :contents HeaderBody Broadcast Encryption Message Contents Subscribers

4 4 BE : Applications Satellite-based Business Group Communication Digital Rights Management Home network content protection AACS (Advanced Access Content System) group 2004. 7. IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, Warner Bros. Studios

5 5 BE : Basic Goal How to efficiently exclude illegal users from a privileged set ? Revoked UserPrivileged User Transmission Overhead (TO) User Storage Overhead (SO) Computation Overhead (CO) one-to-many communication : Transmission efficiency

6 6 BE : Related Works Unicast & Power-Set Solutions Middle Ground : Revocation-state ? Define a collection of subsets - Combinatorial Approach (collusion) - Tree Structure (SD,LSD,SSD), Line Segment (PI) Reveal Information of Revoked Users - Secret Sharing Accumulate Information of Privileged Users - One-Way Accumulator

7 7 Problem of Scalability & Our Solution Large Number of Users? Impractical due to Excessive User Storage and/or Computation Overhead Modular Approach for Scalability Reduction in User Storage and Computation Slight Increase in Transmission Overhead Structure Preserving - Security - Type of Key Sharing : Symmetric / Public Key - Connection State : Stateful / Stateless

8 8 Our Solution : Modular Approach … … SeSe S e1 S e18 User Structure : n=w s w-ary Tree …… … U e184 Sibling Set S a Users Independent & Hierarchical Application of BE to small subsets e 1 8 1234 5 6 78 4 1 2 3 5 6 78 Height = s

9 9 Our Solution : Modular Approach … … Independent & Hierarchical Application of BE - Key Assignment SeSe S e1 S e18 Tree …… … U e184

10 10 Our Solution : Modular Approach … … SeSe S e1 S e18 Independent & Hierarchical Application of BE - Revocation Tree …… … Revoked Users (leaves) Revoked nodes (Steiner Tree) u e115 u e182

11 11 Our Solution : Modular Approach … SeSe S e1 S e18 Independent & Hierarchical Application of BE - Revocation Tree … Revoked nodes …… … S e11 u e115 u e182

12 12 Our Solution : Performance Analysis User Storage Overhead 1 + s ᆞ SO B (n 1/s ) Preserve “log-key restriction” (1+ s log n 1/s = 1+ log n) Computation Overhead CO B (n 1/s ) Transmission Overhead ≤ s ᆞ TO B (n 1/s ) Sibling Set Height : s w=n 1/s

13 13 Examples User Devices with Limited Resources Transmission-Restricted/Low Bandwidth Application

14 14 Example 1 : For Low Resource Environment BE scheme B1 with log n +1 SO, 2 r TO, n CO Transformation BE scheme B1 with log n +1 SO, 2 r log n /log log n TO, log n CO

15 15 Example 1 : For Low Resource Environment User Structure : Number line U1U1 U2U2 U3U3 UnUn U n-1 U4U4 UiUi … … Basic Tool : One-way chain points chain-value F: {0,1} κ → {0,1} κ U5U5 U6U6 F 1 (sd i ) F 2 (sd i )F j-i (sd i ) sd i sd i ← R {0,1} κ i 1 … …

16 16 Example 1 : For Low Resource Environment Revocation of B1 : 2r (r : number of revoked users) F 3 (sd 1 )F 2 (sd 8 ) F 1 (sd 9 )F 20 (sd 32 ) Key Assignment of B1 : 1+log n (Log-Key Restriction) chain-values F 2 (sd 8 ) F(sd 5 ) F 10 (sd 16 ) sd 6 F 5 (sd 1 ) F 26 (sd 32 ) … n computations 168

17 17 Example 1 : Security Subset Cover Framework (by Naor et al.) Subset : Interval (line segment) Existence of Pseudo-Random Sequence Number Generator Key assignment method satisfies Key Indistinguishability

18 18 Example 2 : Low Bandwidth BE Jumping One-way Chain Schemes by Jho et. al at Eurocrypt’05 Application of Different BE Schemes : B2 Performance. TO : [r/2] +1, SO : (n 2 +4n)/8, CO : n/2 … ………

19 19 Performance Analysis N=10 8 users and w=100 for worst case Transmission Overhead User Storage Overhead The gap of log key restriction SD B1 B2 B1 B2 SD

20 20 Concluding Remarks Average case analysis Traitor Tracing & Other Properties Multi-dimensional Cube

21 21 Thank you

Download ppt "Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes."

Similar presentations

A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.

Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,
Broadcast Encryption – an overview Niv Gilboa – BGU 1.

Broadcast Encryption – an overview Niv Gilboa – BGU 1.
Yan (Lindsay) Sun and K. J. Ray Liu IEEE/ACM Transactions on Networking, Dec. 2007. Presented by Seo Bon Keun, 2008.

Yan (Lindsay) Sun and K. J. Ray Liu IEEE/ACM Transactions on Networking, Dec Presented by Seo Bon Keun, 2008.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim.

Broadcast Encryption and Traitor Tracing Jin Kim.
On The Algebraic Structure of Combinatorial Broadcast Encryption Schemes and Applications Serdar Pehlivanoglu (pay-live-a-no-glue) Joint work with Aggelos.

On The Algebraic Structure of Combinatorial Broadcast Encryption Schemes and Applications Serdar Pehlivanoglu (pay-live-a-no-glue) Joint work with Aggelos.
1 Trace, Revoke and Self Enforcement Mechanisms for Protecting Information Moni Naor Weizmann Institute of Science.

1 Trace, Revoke and Self Enforcement Mechanisms for Protecting Information Moni Naor Weizmann Institute of Science.
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.

1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.
Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)

Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)
Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy Miodrag Mihaljevic ASIACRYPT 2003 December 1,

Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy Miodrag Mihaljevic ASIACRYPT 2003 December 1,
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Similar presentations

Ads by Google