Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-Based Encryption

Published byJoel Gilbert Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Attribute-Based Encryption"— Presentation transcript:

1 Attribute-Based Encryption
Brent Waters SRI International Joint work with Vipul Goyal, Omkant Pandey, and Amit Sahai

2 IBE [BF01] Is regular PKI good enough?
IBE: [BF01] Public key encryption scheme where public key is an arbitrary string (ID). Examples: user’s address Is regular PKI good enough? I am Private key encrypted using public key: Alice does not access a PKI CA/PKG Authority is offline master-key

3 Generalizing the Framework
Capability Request Private “Capability” Encrypt “Structured” Data CA/PKG Authority is offline master-key

4 Attributed-Based Encryption(ABE) [SW05]
Encrypt Data with descriptive “Attributes” Users Private Keys reflect Decryption Policies master-key CA/PKG Authority is offline Encrypt w/attributes

5 An Encrypted Filesystem
Encrypted Files on Untrusted Server Label files with attributes File 1 “Creator: bsanders” “Computer Science” “Admissions” “Date: ” File 2 “Creator: akeen” “History” “Hiring” “Date: ”

6 An Encrypted Filesystem
“Creator: bsanders” “Computer Science” “Admissions” “Date: ” Authority OR File 2 “Creator: akeen” “History” “Hiring” “Date: ” AND “bsmith” “CS” “admissions”

7 This Talk Threshold ABE & Biometrics More “Advanced” ABE Other Systems

8 A Warmup: Threshold ABE[SW05]
Data labeled with attributes Keys of form “At least k” attributes Application: IBE with Biometric Identities

9 Biometric Identities Iris Scan Voiceprint Fingerprint

10 Biometric Identities Stay with human Are unique No registration
Certification is natural

11 Biometric Identities Deviations Environment
Difference in sensors Small change in trait Can’t use previous IBE solutions!

12 Error-tolerance in Identity
k attributes must match Example: 5 attributes Public Key master-key CA/PKG Private Key 5 matches

13 Error-tolerance in Identity
k attributes must match Example: 5 attributes Public Key Private Key CA/PKG 3 matches master-key

14 Secret Sharing Split message M into shares such that need k to reconstruct Choose random k-1 degree polynomial, q, s.t. q(0)=M Need k points to interpolate

15 First Method Key Pair per Trait Encrypt shares of message
Deg. 4 (need 5 traits) polynomial q(x), such that q(0)=M Ciphertext E3(q(3))... 5 Private Key 2 7 8 11 13 16 q(x) at 5 points ) q(0)=M

16 Collusion Attack Private Key 5 6 7 9 10 8 6 8 9 7 5 10

17 Our Approach Goals Threshold Collusion Resistance Methods
Secret-share private key Bilinear maps

18 Bilinear Maps G , G1 : finite cyclic groups of prime order p.
Def: An admissible bilinear map e: GG  G is: Bilinear: e(ga, gb) = e(g,g)ab a,bZ, gG Non-degenerate: g generates G  e(g,g) generates G1 . Efficiently computable.

19 The SW05 Threshold ABE system
Public Parameters e(g,g)y 2 G1, gt1, gt2,.... gtn 2 G Private Key Random degree 4 polynomial q(x) s.t. q(0)=y gq(5)/t5 Bilinear Map e(g,g)rq(5) Ciphertext gr¢ t5 Me(g,g)ry Interpolate in exponent to get e(g,g)rq(0)=e(g,g)ry

20 Intuition Threshold Need k values of e(g,g)rq(x) Collusion resistance
Can’t combine private key components ( shares of q(x), q’(x) ) Reduction Given ga,gb,gc distinguish e(g,g)ab/c from random

21 Moving Beyond Threshold ABE
Threshold ABE not very expressive “Grafting” has limitations Shamir Secret Sharing => k of n Base new ABE off of general secret sharing schemes OR AND “ksmith” “CS” “admin”

22 Access Trees [Ben86] Secret Sharing for tree-structure of AND + OR
Replicate ORs Split ANDs s OR s AND AND OR s-s’’ s’’ Alice Bob Charlie s’ s-s’ s’’ Doug Edith

23 Key-Policy Attribute-Based Encryption [GPSW06]
Encryption similar to Threshold ABE Keys reflect a tree access structure Randomness to prevent collusion! Use Threshold Gates Decrypt iff attributes from CT satisfy key’s policy OR AND “ksmith” “CS” “admin”

24 Delegation Can delegate any key to a more restrictive policy
Subsumes Hierarchical-IBE OR AND “ksmith” Year=2005 “CS” “admin”

25 A comparison ABE [GPSW06] Arbitrary Attributes Expressive Policy
Attributes in Clear Hidden Vector Enc. [BW06] Fields Fixed at Setup Conjunctions & don’t care Hidden Attributes

26 Ciphertext Policy ABE (opposite)
Encrypt Data reflect Decryption Policies Users’ Private Keys are descriptive attributes master-key CA/PKG “Blond”, “Well-dressed”, “Age=21”, “Height=5’2” OR AND “Rhodes Scholar” “25-35” “millionaire”

27 Multi-Authority ABE [Chase07]
Authorities over different domains E.g. DMV and IRS Challenge: Prevent Collusion Across Domains Insight: Use “globally verifiable ID/attribute” to link

28 Open Problems Ciphertext Policy ABE ABE with “hidden attributes”
Policies from Circuits instead of Trees

29 Generalizing the Framework
Capability Request Private “Capability” Encrypt “Structured” Data CA/PKG Authority is offline master-key

30 Health Records Weight=125 Height = 5’4 Age = 46 Blood Pressure= 125
Partners = … If Weight/Height >30 AND Age > 45 Output Blood Pressure Private “Capability” No analogous PKI solution CA/PKG Authority is offline master-key

31 THE END

32 Related Work Secret Sharing Schemes [Shamir79, Benaloh86…]
Allow Collusion Building from IBE + Secret Sharing [Smart03, Juels] IBE gives key Compression Not Collusion Resistant

Download ppt "Attribute-Based Encryption"

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Attribute-based Encryption

Attribute-based Encryption
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.

1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption

Identity Based Encryption
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.

1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.
Security Management.

Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

Similar presentations

Ads by Google