attribute based encryption for fine grained access control of encrypted data l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data PowerPoint Presentation
Download Presentation
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data

Loading in 2 Seconds...

play fullscreen
1 / 21

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data - PowerPoint PPT Presentation


  • 544 Views
  • Uploaded on

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. Vipul Goyal Omkant Pandey Amit Sahai Brent Waters. UCLA UCLA UCLA SRI. File 1 Owner: John. File 2 Owner: Tim. Traditional Encrypted Filesystem. Encrypted Files stored on Untrusted Server

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data' - Leo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
attribute based encryption for fine grained access control of encrypted data

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data

Vipul Goyal

Omkant Pandey

Amit Sahai

Brent Waters

UCLA

UCLA

UCLA

SRI

traditional encrypted filesystem

File 1

Owner: John

File 2

Owner: Tim

Traditional Encrypted Filesystem
  • Encrypted Files stored on Untrusted Server
  • Every user can decrypt its own files
  • Files to be shared across different users?
a new encrypted filesystem

File 1

  • “Creator: John”
  • “Computer Science”
  • “Admissions”
  • “Date: 04-11-06”
  • File 2
  • “Creator: Tim”
  • “History”
  • “Admissions”
  • “Date: 03-20-05”
A New Encrypted Filesystem
  • Label files with attributes
an encrypted filesystem

File 1

  • “Creator: John”
  • “Computer Science”
  • “Admissions”
  • “Date: 04-11-06”
  • File 2
  • “Creator: Tim”
  • “History”
  • “Admissions”
  • “Date: 03-20-05”

OR

AND

“Bob”

“Computer Science”

“Admissions”

An Encrypted Filesystem

Authority

threshold attribute based enc sw05
Threshold Attribute-Based Enc. [SW05]
  • Sahai-Waters introduced ABE, but only for“threshold policies”:
    • Ciphertext has set of attributes
    • User has set of attributes
    • If more than k attributes match, then User can decrypt.
  • Main Application- Biometrics
general attribute based encryption
General Attribute-Based Encryption
  • Ciphertext has set of attributes
  • Keys reflect a tree access structure
  • Decrypt iff attributes from CT

satisfy key’s policy

OR

AND

“Bob”

“Computer Science”

“Admissions”

central goal prevent collusions
Central goal: Prevent Collusions
  • Users shouldn’t be able to collude

AND

AND

“Computer Science”

“Admissions”

“Hiring”

“History”

Ciphertext = M, {“Computer Science”, “Hiring”}

related work
Related Work
  • Access Control [Smart03], Hidden Credentials [Holt et al. 03-04]
    • Not Collusion Resistant
  • Secret Sharing Schemes [Shamir79, Benaloh86…]
    • Allow Collusion
techniques
Techniques

We combine two ideas

  • Bilinear maps
  • General Secret Sharing Schemes
bilinear maps
Bilinear Maps
  • G , G1 : multiplicative of prime order p.
  • Def: An admissible bilinear mape: GG G1is:
    • Non-degenerate:g generates G  e(g,g) generates G1 .
    • Bilinear:e(ga, gb) = e(g,g)ab a,bZ, gG
    • Efficiently computable.
  • Exist based on Elliptic-Curve Cryptography
secret sharing ben86

y

y

r

(y-r)

Secret Sharing [Ben86]
  • Secret Sharing for tree-structure of AND + OR

Replicate secret for OR’s.

Split secrets for AND’s.

y

OR

AND

“Bob”

“Computer Science”

“Admissions”

the fixed attributes system system setup
The Fixed Attributes System: System Setup

Public Parameters

gt1, gt2,.... gtn, e(g,g)y

List of all possible attributes:

“Bob”, “John”, …, “Admissions”

encryption

File 1

  • “Creator: John” (attribute 2)
  • “Computer Science” (attribute 3)
  • “Admissions” (attribute n)
Encryption

Public Parameters

gt1, gt2, gt3,.... gtn, e(g,g)y

Select set of attributes, raise them to random s

Ciphertext

gst2 , gst3 , gstn, e(g,g)sy

M

key generation

y

OR

AND

“Bob”

y

“Computer Science”

“Admissions”

y1=

y

r

yn=

(y-r)

y3=

Key Generation

Fresh randomness used for each key generated!

Public Parameters

gt1, gt2,.... gtn, e(g,g)y

Ciphertext

gst2 , gst3 , gstn, e(g,g)sy

M

Private Key

gy1/t1 , gy3/t3 , gyn/tn

decryption
Decryption

Ciphertext

gst2, gst3, gstn, Me(g,g)sy

e(g,g)sy3

Private Key

gy1/t1 , gy3/t3 , gyn/tn

e(g,g)sy3e(g,g)syn = e(g,g)s(y-r+r)= e(g,g)sy

(Linear operation in exponent to reconstruct e(g,g)sy)

security
Security
  • Reduction: Bilinear Decisional Diffie-Hellman
    • Given ga,gb,gc distinguish e(g,g)abc from random
  • Collusion resistance
    • Can’t combine private key components
the large universe construction key idea
The Large Universe Construction: Key Idea
  • Any string can be a valid attribute

Public Parameters

Public Function T(.), e(g,g)y

Ciphertext

gs, e(g,g)syMFor each attribute i: T(i)s

e(g,g)syi

Private Key

For each attribute i gyiT(i)ri , gri

extensions
Extensions
  • Building from any linear secret sharing scheme
    • In particular, tree of threshold gates…
  • Delegation of Private Keys
delegation

OR

Bob’s Assistant

“Bob”

Year=2006

Delegation
  • Derive a key for a more restrictive policy
  • Subsumes Hierarchical-IBE [Horwitz-Lynn 02, …]

AND

“Computer Science”

“admissions”

applications targeted broadcast encryption
Applications: Targeted Broadcast Encryption
  • Encrypted stream

Ciphertext = S, {“Sport”, “Soccer”, “Germany”, “France”, “11-01-2006”}

AND

AND

“Soccer”

“Germany”

“Sport”

“11-01-2006”