Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology,

Published byDerick Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology,"— Presentation transcript:

1 Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology, Beijing University of Technology, Beijing, China 2 State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, China 3 Key Laboratory of Information and Network Security, 3rd Research Institute, Ministry of Public Security, Shanghai, China liyue_mail@163.com, zhaoyonge_mail@sina.com, tekkman_blade@126.com Abstract. An encryption extensions model based on hidden attribute certificate is proposed in this paper, which can represent any key by using "and", "or" logic and the threshold monotony of the access rules, and in order to resist the collusion attack, multiple users use a combination of their keys to decrypt the ciphertext, it virtually eliminates the possibility of a conspiracy to know the key. Keywords: identity-based; attribute-based; hidden attribute; certificate 1 Introduction In the cross-domain large Internet network, in order to ensure users’ own security, before the communication with others, users must first assume whether the others are potentially malicious objects, only after the full test of the mutual contact and authorization certificates interaction, communication and transactions subjects can establish trusted relationships in distributed environment. The existing hidden certificates has obvious drawbacks in the following: in an open environment such as the Internet when users cooperate with unfamiliar parties (such as permission for access to resources), it often based on the requesting party of some vague set of features, but the identity of the requesting party is not clear. To solve the problems above, this paper proposed an improved ABE program, which can represent any key by using "and", "or" logic and the threshold monotony of the access rules. In order to resist the collusion attack, multiple users use a combination of their keys to decrypt the ciphertext, each attribute certification body has a pseudo-random function PRF for random distribution of keys. In this way, it virtually eliminates the possibility of a conspiracy to know the key. 134

2 2 System Construction is the attribute set of, is the user’s attribute set which is used to generate ciphertext. A hidden certificate extended model includes the following: 1.System configure function: Setup, which is run by the authority center, it will generate the public parameter params and the main key master-key; 2.Certificate distribution function: CA_Issue, which is run by the authority center, it will random select polynomials to create the certificate for each user and issue the certificate to each user, each certificate component correspond to a user’s attribute; when user acquires the certificate from the authority center, the user can use the only disguise name nym; 3.The encryption function:CT=HCE(R, nym, ), which is run by the authority center, it uses as the public key to encrypt the resource, the receiver of is nym, CT is the ciphertext, is the access control policy, it is contained in CT; 1.The decryption function: R=HCD (CT, Cred), which is run by the authority center, it decrypt the ciphertext CT, the public key of the certificate cred is, and if and only if is true, it can decrypt the resource, is the determined threshold. It is worth noting that this system does not give the user a certificate issued for each attribute, but the system issues the certificate for each user, a certificate for each component corresponds to an attribute of the user. If the "issuing a certificate for each attribute" method is used, multiple users will be easy to collude with their attributes that they cannot decrypt the certificate to decrypt the ciphertext alone, the system will be vulnerable to collusion attack. 3 Trust negotiation process of multi-sides Trust negotiation process of multi-sides based on ABE hidden certificate (User A requests a file which satisfies the access control policy from all the users) is shown in Figure 1: 1.A sends Ta=HEs(request, Prequest) to every user ; 2.When the user who receives the request can not satisfies Prequest. It will not decrypt the request, and it can not acquire the access control information, the certificate set of B is CB, and the certificate set of D is CD, if B an D satisfies Prequest, it can decrypt request=HDs(Ta, CB) =HDs(Ta, CD); 1.B sends Tb=HEs(Rb, PRb) to A, D sends the resources Td=HEs(Rd, PR d); 2.The certificate set of A is CA, if A can satisfies PRb, it can decrypt Rb=HDs(Tb, CA), if A satisfies PRd, it can decrypt Rd=HDs(Td, CA) 135

3 1.Ta=HCE(request,Prequest) B 2.request=HCD(Ta,CB) Prequest D 2.request=HCD(Ta,CD) 3.Tb=HCE(Rb,PR) A B 4.HCD(Tb,CA) 4.R=HCD(Td,CA) 3.Td=HCE(Rb,PR) D Fig. 1. Trust negotiation process of multi-sides C 2.CC does not satisfy A Trust negotiation and trust of both parties in the process of encryption and decryption of the request, encryption and decryption resources use the basic ABE technology. 4 Conclusion In this paper based on IBE / ABE's Web security technology, we proposed an improved ABE scheme which can represent any key by using "and", "or" logic and the threshold monotony of the access rules. In hidden the ABE certificate extended model, since each user only has a certificate, it needs only one chance to decrypt the information; it increases the efficiency of the system. Acknowledgements. This research is funded by Open Research Project of State Key Laboratory of Information Security in Institute of Software Chinese Academy of Sciences, the program "Core Electronic Devices, High-end General Purpose Chips and Basic Software Products" in China (No. 2010ZX01037-001-001), Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011009) and Doctor Launch Fund in Beijing University of Technology (X00700054R1764). References 1.Liu Hong-yue, Fan Jiu-lun, Ma Jian-feng. Research Advances on Access Control[J]. MINI-MICRO SYSTEM S, 2004, 25(1) : 56-59. 2.Ravi S, Sandhu, Edward J. Coyne, Hal L Feinstein, et a1. Role-based access control models[J]. IEEEComputer, 1996, 29(2):38~47. 3.Barlow T, Hess A, Seamons KE. Trust negotiation in electronic markets. In Proc of 8th Research Symp in Emerging Electronic Markets. Maastricht, 2001. http://isr1.cs.byu.edu/pubs/rseem200l.pdf. 136

Download ppt "Encryption Extensions Model based on Hidden Attribute Certificate LI Yu 1,2,3, ZHAO Yong 1,2,3, GONG Bei 1 1 College of Computer Science and Technology,"

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Operating System Security

Operating System Security
Attribute-based Encryption

Attribute-based Encryption
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,

RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

Similar presentations

Ads by Google