slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CRYPTO ‘05 PowerPoint Presentation
Download Presentation
CRYPTO ‘05

Loading in 2 Seconds...

play fullscreen
1 / 21

CRYPTO ‘05 - PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on

Generic Transformation for Scalable Broadcast Encryption Schemes. CRYPTO ‘05 . Jung Yeon Hwang , Dong Hoon Lee, Jong In Lim. Contents. Broadcast Encryption (BE) Concept / Applications Related Works Our Approach for Scalability Design Principle Generic Transformation Compiled Examples

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CRYPTO ‘05' - karl


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Generic Transformation for Scalable Broadcast Encryption Schemes

CRYPTO ‘05

Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim

contents
Contents
  • Broadcast Encryption (BE)
    • Concept / Applications
    • Related Works
  • Our Approach for Scalability
    • Design Principle
    • Generic Transformation
    • Compiled Examples
  • Concluding Remarks
broadcast encryption concept

Contents

Header

Body

Broadcast Encryption : Concept

Message Sender

Broadcast Encryption Message

s : session key , m :contents

Subscribers

be applications
BE : Applications
  • Satellite-based Business
  • Group Communication
  • Digital Rights Management
    • Home network content protection
    • AACS (Advanced Access Content System) group

2004. 7. IBM, Intel, Microsoft, Panasonic, Sony, Toshiba,

Disney, Warner Bros. Studios

be basic goal
BE : Basic Goal

How to efficientlyexclude illegal users from a privileged set ?

Revoked User

Privileged User

  • Transmission Overhead (TO)
  • User Storage Overhead (SO)
  • Computation Overhead (CO)

one-to-many communication : Transmission efficiency

be related works
BE : Related Works
  • Unicast & Power-Set Solutions
  • Middle Ground : Revocation-state ?
    • Define a collection of subsets

- Combinatorial Approach (collusion)

- Tree Structure (SD,LSD,SSD), Line Segment(PI)

    • Reveal Information of Revoked Users

- Secret Sharing

    • Accumulate Information of Privileged Users

- One-Way Accumulator

problem of scalability our solution
Problem of Scalability & Our Solution
  • Large Number of Users?
    • Impractical due to

Excessive User Storage and/or Computation Overhead

  • Modular Approach for Scalability
    • Reduction in User Storage and Computation

Slight Increase in Transmission Overhead

    • Structure Preserving

- Security

- Type of Key Sharing : Symmetric / Public Key

- Connection State : Stateful / Stateless

our solution modular approach
Our Solution : Modular Approach
  • Independent & Hierarchical Application of BE to small subsets
  • User Structure : n=ws

w-ary Tree

Sibling Set Sa

e

Height = s

Se

8

1

Se1

1

2

3

4

5

7

8

6

Se18

Users

1

4

6

5

7

8

2

3

Ue184

our solution modular approach1

Se

Se1

Se18

Our Solution : Modular Approach
  • Independent & Hierarchical Application of BE

Tree

- Key Assignment

Ue184

our solution modular approach2
Our Solution : Modular Approach
  • Independent & Hierarchical Application of BE

Tree

- Revocation

Se

Se1

Se18

ue115

ue182

Revoked nodes (Steiner Tree)

Revoked Users (leaves)

our solution modular approach3

Our Solution : Modular Approach
  • Independent & Hierarchical Application of BE

Tree

- Revocation

Se

Se1

Se11

Se18

ue115

ue182

Revoked nodes

our solution performance analysis
Our Solution : Performance Analysis
  • User Storage Overhead
    • 1 + sᆞSOB(n1/s)
    • Preserve “log-key restriction”

(1+ s log n1/s = 1+ log n)

  • Computation Overhead
    • COB(n1/s)
  • Transmission Overhead
    • ≤ sᆞTOB(n1/s)

Height : s

Sibling Set

w=n1/s

examples
Examples
  • User Devices with Limited Resources
  • Transmission-Restricted/Low Bandwidth Application
example 1 for low resource environment

BE scheme B1 with

log n +1 SO, 2 r log n /log log n TO, log n CO

Example 1 : For Low Resource Environment
  • BE scheme B1 with

log n +1 SO, 2 r TO, n CO

Transformation

example 1 for low resource environment1

F2(sdi)

Fj-i(sdi)

sdi

F1(sdi)

Example 1 : For Low Resource Environment
  • User Structure : Number line

1

i

U1

U2

U3

U4

U5

U6

Ui

Un-1

Un

  • Basic Tool : One-way chain

points

chain-value

F:{0,1}κ→ {0,1}κ

sdi ←R {0,1}κ

example 1 for low resource environment2

F3(sd1)

F2(sd8)

F1(sd9)

F20(sd32)

Example 1 : For Low Resource Environment
  • Revocation of B1 : 2r (r : number of revoked users)
  • Key Assignment of B1 : 1+log n (Log-Key Restriction)

sd6

chain-values

F(sd5)

F2(sd8)

F26(sd32)

F5(sd1)

F10(sd16)

8

16

n computations

example 1 security
Example 1 : Security
  • Subset Cover Framework (by Naor et al.)
    • Subset : Interval (line segment)

Existence of Pseudo-Random Sequence Number Generator

Key assignment method satisfies Key Indistinguishability

example 2 low bandwidth be
Example 2 : Low Bandwidth BE
  • Jumping One-way Chain Schemes by Jho et. al at Eurocrypt’05

Performance. TO : [r/2] +1, SO : (n2+4n)/8, CO : n/2

  • Application of Different BE Schemes : B2

performance analysis
Performance Analysis
  • N=108 users and w=100 for worst case

B1

B2

SD

SD

The gap of log key restriction

B2

B1

User Storage Overhead

Transmission Overhead

concluding remarks
Concluding Remarks
  • Average case analysis
  • Traitor Tracing & Other Properties
  • Multi-dimensional Cube