Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.

Published byGriselda Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen."— Presentation transcript:

1 Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen

2  Abstract  Introduction  The Proposed Key Assignment Scheme ◦ Key generation phase ◦ Key derivation phase ◦ A small example  Dynamic Key Management ◦ Adding a security class, Deleting a security class, Creating a new relationship, Revoking an existing relationship, Changing a secret key.  Security Analysis  Performance Analysis  Conclusions

3  The proposed scheme is secure against some potential attacks only based on the intractability of reversing one-way hash function.  The proposed scheme can efficiently deal with dynamic access control problems.  The storage required for public and private parameters is significantly reduced.

4  [4] Y.F. Chung, H.H. Lee, F. Lai, “Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem,” Information Sciences, Vol. 178, pp. 230-243, 2008.  This will reduce the key management costs. Performance of the proposed scheme is more efficient than that of the Chung et al. scheme in terms of the computational complexities and storage of public and private parameters.

5  Let SC={SC 1, SC 2, …, SC n } be a user hierarchy with n disjoint sets of security classes which are partially ordered by binary relation “ ≦ ”.  Let ID i be the identity for the security class SC i.  The proposed scheme requires a central anthority (CA) to maintain all public system parameters and functions.  CA selects and publishes a large prime p and a one- way hash function h( ).

6  CA randomly chooses a distinct secret key sk i and a random number R i for each security class SC i in the hierarchy, i=1, 2, …, n.  Any higher security class SC l to derive the encryption key h(sk i ∥ R i ). For each security class SC i.  CA computes the polynomial f i (x) over GF(p) by  Finally CA sends the secret key sk i to the security class SC i via a secure channel and publishes (f i (x), R i ).

7  Step 1. Use its secret key sk i, identity ID i, SC j ’s identity ID j, and SC j ’s public random number R j to compute  Step 2. Use and the public polynomial f j (x) to derive SC j’s encryption key h(sk j ∥ R j ) as h(sk j ∥ R j ) =f j ( )

8  Suppose there are a set of six disjoint security classes in a hierarchy as Fig.1  CA chooses a distinct secret key sk i and a random number R i for each security class SC i in the hierarchy, where i=1, 2, …, n.  When the security SC 2 wants to derive the encryption key h(sk 4 ∥ R 4 ) of the class SC 4, it can use the secret key sk 2 and public information to calculate and then compute the polynomial f j (x) for each security class by the following equations:

9

10  When the security class SC 2 wants to derive the encryption key h(sk 4 || R 4 ) of the class SC 4, it can use the secret key sk 2 and the public information to calculate and then compute h(sk 4 || R 4 ) = f 4 ( )

11  Adding  Deleting  Creating a new relationship  Revoking an existing relationship  Changing a secret key

12  Step 1.Assign a secret key sk k and random number R k for the security class SC k.  Step 2.For each SC j (where SC j ≦ SC k ≦ SC i ), replace the public function f j (x) with f’ j (x) where  Step 3.Construct the public polynomial f k (x) using h(sk i ∥ R k ∥ ID i ∥ ID j ) by where ∥ is a bit concatenation operator  Step 4.finally, CA sends the secret key sk k to SC k via a secure channel and publishes the public information (R k, f k (x), f’ j (x))

13 Update New

14 Step 1. Assign a secret key sk 7 and a random number R 7 for the security class SC 7. Step 2. Replace the public polynomial f 6 (x) with f 6 ′ (x) as f 6 ′ (x) = (((x − h(sk 1 || R 6 || ID 1 || ID 6 ))(x − h(sk 3 || R 6 || ID 3 || ID 6 )) ((x − h(sk 7 || R 6 || ID 7 || ID 6 ))) + h(sk 6 || R 6 ) mod p Note that before SC 7 is added into in the hierarchy, the public polynomial f 6 (x) is formed as f6 (x) = (((x − h(sk 1 || R 6 || ID 1 || ID 6 )) (x − h(sk 3 || R 6 || ID 3 || ID 6 )))+ h(sk 6 || R 6 )mod p Step 3. Construct the public polynomial f 7 (x) using h(sk 1 || R 7 || ID 1 || ID 7 ) by f 7 (x) = ((x − h(sk 1 || R 7 || ID 1 || ID 7 )) + h(sk 7 || R 7 )mod p Step 4. Replace f 6 (x) with f 6 ′ (x). Step 5. Publish ( f 7 (x), R 7 ) and send sk 7 to the security class SC 7 via a secure channel.

15  Step 1.Renew a random number R j as R’ j of SC i for all the successors SC j of SC k (SC k ≧ SC j )  Step 2.compute the public polynomial f’ j (x) as and replace f j (x) with f’ j (x).  Step 3.delete the security class SC k from the hierarchy and discard the secret key and public parameters of SC k.

16 Update New

17  Step 1. Renew two random numbers R 5 ′ and R 6 ′ for the security class SC 5 and SC 6, respectively.  Step 2. Replace the public function f 5 (x) with f 5 ′ (x) as f 5 ′ (x) = (((x − h(sk 1 || R 5 ′ || ID 1 || ID 5 )) (x − h(sk 2 || R 5 ′ || ID 2 || ID 5 ))+ h(sk 5 || R 5 ′ )mod p  Step 3. Replace the public function f 6 (x) with f 6 ′ (x) as f 6 ′ (x) = ((x − h(sk 1 || R 6 ′ || ID 1 || ID 6 )) + h(sk 6 || R 6 ′ )mod p  Step 4. Publish ( f 5 ′ (x), f 6 ′ (x),R 5 ′,R 6 ′ ).

18  Step 1. Randomly choose a public number R l and a secret key sk l for SC l  Step 2. For all SC i ≥ SC l if {SC i | (SC i,SC l )} ∈ R i,l does not hold until SC k ≥ SC l is created such that SC i ≥ SC k ≥ SC l ≥ SC j compute h(sk i ||R l ||ID i ||ID j ) and h(sk k ||R l ||ID k ||ID l ) end if end for  Step 3. Construct the public polynomial f l (x) as

19  Step 4. For all SC i ≥ SC l if {SC i | (SC i,SC l )} ∈ R i,l does not hold until SC k ≥ SC l is created such that SC i ≥ SC k ≥ SC l ≥ SC j for all {SC i | (SC i,SC j )} ∈ R i,j compute h(sk i ||R j ||ID i ||ID j ), h(sk k ||R j ||ID k ||ID j ) and h(sk l ||R j ||ID l ||ID) end for end if end for

20  Step 5. Construct the public polynomial f j ′ (x) as where || is a bit concatenation operator and h( ⋅ ) be a one-way hash function.  Step 6. Replace f j (x) with f j ′ (x)  Step 7. Publish f j ′ (x) and f l (x)

21 Update New

22  Step 1. Renew a random number R 6 ′ for the security class SC 6.  Step 2. Replace f 6 (x) with f 6 ′ (x) as f 6 ′ (x) = ((x − h(sk 1 || R 6 ′ || ID 1 || ID 6 ))(x − h(sk 2 || R 6 ′ || ID 2 || ID 6 ))((x − h(sk 3 || R 6 ′ || ID 3 || ID 6 ))((x − h(sk 5 || R 6 ′ || ID 5 || ID 6 )))+ h(sk 6 || R 6 ′ )mod p  Step 3. Publish ( f 6 ′ (x),R 6 ′ ).

23  Step 1. For all SC i ≥ SC l Renew a random number R l as R l ′ Construct the public polynomial f l ′ (x) as end for  Step 2. For all SC k ≥ SC j Renew a random number R j as R ′ j Construct the public polynomial f j ′ (x) as end for  Step 3. Revoke the relationship SC k ≥ SC l and publish (R l ′, R j ′, f l ′ (x), f j ′ (x)).

24 Update New

25  Step 1. Renew the random number R 5 with R 5 ′.  Step 2. Renew the public polynomial f 5 (x) with f 5 ′ (x) as f 5 ′ (x) = ((x − h(sk 1 || R 5 ′ || ID 1 || ID 5 ))(x − h(sk 3 || R 5 ′ || ID 3 || ID 5 )))+ h(sk5 || R5′ )mod p  Step 3. Revoke the relationship SC 2 ≥ SC 5 and publish ( f 5 ′ (x),R 5 ′ ).

26  It is necessary to change the derivation key for some security consideration. When a security class SC i wants to change its secret key sk i to sk i ′,  CA needs to update the public functions of SC j ( SC j ≤ SC i ) and all other keys or information items do not need to be changed.

27  Compromising Attack  Equation Attack  Collaborative Attack  Interior Collecting Attack  Exterior Collecting Attack

28  Consider the scenario that a successor SC j (SC j ≤ SC i ) who knows the public parameters (ID i, R j, f j (x)) attempts to derive SC i ’s secret key sk i.  even if h(sk i || R j || ID i || ID j )is known to the adversary, it is also difficult to compute the secret key sk i of the security class SC i because of the fact that it is computationally infeasible to invert the one-way hash function.

29  If two security classes have the common successor(s), one of them might attempt to use the public polynomial(s) of the common successor(s) for deriving unauthorized secret keys.

30 we use the example depicted in Fig. 1 to demonstrate that the relationships SC 2 ≥ SC 5 and SC 3 ≥ SC 5. SC 2 might attempt to obtain SC 3 ’s secret key sk 3 through SC 5 ’s public information f 5 (x). Let x = 0, then It can be seen that the derivation of SC 3 ’s secret key sk 3 is based on the difficulty of solving one-way hash function.

31  Consider the scenario that two or more security classes at lower level in the user hierarchy want to derive a secret key at higher level.  Let SC j, SC k, and SC l be the successors of SC i.  For these above equations, deriving sk i is based on the difficulty of solving one-way hash function.

32  Consider the scenario that there is a lower-level security class SC j with m predecessors, which are SC i, SC i+1, …, and SC i+m−1.  solving sk i is based on the difficulty of solving one-way hash function. …

33  Assume that an intruder comes from outside the system, he may try to compute the secret key sk i of a security class by using only the public parameters.  solving sk i is based on the difficulty of solving one-way hash function.

34

35  The secret key for each security class is reusable for dynamic access control problems. Key management costs of the proposed scheme are smaller than that of Chung et al.’s scheme.  The proposed scheme can efficiently deal with dynamic access control problems.  The storage required for public and private parameters is significantly reduced.  Performance of the proposed scheme is more efficient than that of Chung et al.’s schemes in terms of the computational complexities and the storage.

Download ppt "Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen."

Similar presentations

Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.

Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.

Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.

KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

Similar presentations

Ads by Google