1 / 21

CRYPTO ‘05

Generic Transformation for Scalable Broadcast Encryption Schemes. CRYPTO ‘05 . Jung Yeon Hwang , Dong Hoon Lee, Jong In Lim. Contents. Broadcast Encryption (BE) Concept / Applications Related Works Our Approach for Scalability Design Principle Generic Transformation Compiled Examples

karl
Download Presentation

CRYPTO ‘05

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Generic Transformation for Scalable Broadcast Encryption Schemes CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim

  2. Contents • Broadcast Encryption (BE) • Concept / Applications • Related Works • Our Approach for Scalability • Design Principle • Generic Transformation • Compiled Examples • Concluding Remarks

  3. Contents Header Body Broadcast Encryption : Concept Message Sender Broadcast Encryption Message s : session key , m :contents Subscribers

  4. BE : Applications • Satellite-based Business • Group Communication • Digital Rights Management • Home network content protection • AACS (Advanced Access Content System) group 2004. 7. IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, Warner Bros. Studios

  5. BE : Basic Goal How to efficientlyexclude illegal users from a privileged set ? Revoked User Privileged User • Transmission Overhead (TO) • User Storage Overhead (SO) • Computation Overhead (CO) one-to-many communication : Transmission efficiency

  6. BE : Related Works • Unicast & Power-Set Solutions • Middle Ground : Revocation-state ? • Define a collection of subsets - Combinatorial Approach (collusion) - Tree Structure (SD,LSD,SSD), Line Segment(PI) • Reveal Information of Revoked Users - Secret Sharing • Accumulate Information of Privileged Users - One-Way Accumulator

  7. Problem of Scalability & Our Solution • Large Number of Users? • Impractical due to Excessive User Storage and/or Computation Overhead • Modular Approach for Scalability • Reduction in User Storage and Computation Slight Increase in Transmission Overhead • Structure Preserving - Security - Type of Key Sharing : Symmetric / Public Key - Connection State : Stateful / Stateless

  8. Our Solution : Modular Approach • Independent & Hierarchical Application of BE to small subsets • User Structure : n=ws w-ary Tree Sibling Set Sa e Height = s Se 8 1 … … … Se1 1 2 3 4 5 7 8 6 … … Se18 Users 1 4 6 5 7 8 2 3 Ue184

  9. Se Se1 Se18 Our Solution : Modular Approach • Independent & Hierarchical Application of BE Tree - Key Assignment … … … … … Ue184

  10. Our Solution : Modular Approach • Independent & Hierarchical Application of BE Tree - Revocation Se … … … Se1 … … Se18 ue115 ue182 Revoked nodes (Steiner Tree) Revoked Users (leaves)

  11. … … … Our Solution : Modular Approach • Independent & Hierarchical Application of BE Tree - Revocation Se … Se1 Se11 Se18 ue115 ue182 Revoked nodes

  12. Our Solution : Performance Analysis • User Storage Overhead • 1 + sᆞSOB(n1/s) • Preserve “log-key restriction” (1+ s log n1/s = 1+ log n) • Computation Overhead • COB(n1/s) • Transmission Overhead • ≤ sᆞTOB(n1/s) Height : s Sibling Set w=n1/s

  13. Examples • User Devices with Limited Resources • Transmission-Restricted/Low Bandwidth Application

  14. BE scheme B1 with log n +1 SO, 2 r log n /log log n TO, log n CO Example 1 : For Low Resource Environment • BE scheme B1 with log n +1 SO, 2 r TO, n CO Transformation

  15. F2(sdi) Fj-i(sdi) sdi F1(sdi) Example 1 : For Low Resource Environment • User Structure : Number line … … 1 i … … U1 U2 U3 U4 U5 U6 Ui Un-1 Un • Basic Tool : One-way chain points chain-value F:{0,1}κ→ {0,1}κ sdi ←R {0,1}κ

  16. F3(sd1) F2(sd8) F1(sd9) F20(sd32) Example 1 : For Low Resource Environment • Revocation of B1 : 2r (r : number of revoked users) • Key Assignment of B1 : 1+log n (Log-Key Restriction) sd6 chain-values F(sd5) F2(sd8) F26(sd32) F5(sd1) F10(sd16) … 8 16 n computations

  17. Example 1 : Security • Subset Cover Framework (by Naor et al.) • Subset : Interval (line segment) Existence of Pseudo-Random Sequence Number Generator Key assignment method satisfies Key Indistinguishability

  18. Example 2 : Low Bandwidth BE • Jumping One-way Chain Schemes by Jho et. al at Eurocrypt’05 Performance. TO : [r/2] +1, SO : (n2+4n)/8, CO : n/2 • Application of Different BE Schemes : B2 … … … …

  19. Performance Analysis • N=108 users and w=100 for worst case B1 B2 SD SD The gap of log key restriction B2 B1 User Storage Overhead Transmission Overhead

  20. Concluding Remarks • Average case analysis • Traitor Tracing & Other Properties • Multi-dimensional Cube

  21. Thank you

More Related