1 / 49

Introduction

Seminar biometrics and cryptography. Introduction. Fuzzy Identity Based Encryption based on the paper of Amit Sahai and Brent Waters by : Guido Simon. Seminar biometrics and cryptography. Content. Motivation / Abstract Identity based encryption Fuzzyfying identities

enan
Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seminar biometricsandcryptography Introduction Fuzzy Identity Based Encryptionbased on thepaperof Amit Sahaiand Brent Watersby: Guido Simon Fuzzy Identity Based Encryption

  2. Seminar biometricsandcryptography Content • Motivation / Abstract • Identity basedencryption • Fuzzyfyingidentities • Fuzzy Identity basedencryption • Overview • Preliminaries • Shamir’sSecret Sharing • Bilinear Maps • Lagrange coefficient • Key Generation • Encryption / Decryption • Encryption • Decryption • Explanation • Extension ofthescheme • Encryption • Decryption • Security • Security model • Definitions • Proof • Conclusion Fuzzy Identity Based Encryption

  3. Seminar biometricsandcryptography Content Part 1: Motivation / Abstract Fuzzy Identity Based Encryption

  4. Seminar biometricsandcryptography 1.1 IBE Scheme Fuzzy Identity Based Encryption

  5. Seminar biometricsandcryptography 1.1 IBE Scheme • Nokeyexchange in advance Fuzzy Identity Based Encryption

  6. Seminar biometricsandcryptography 1.1 IBE Scheme • Nokeyexchange in advance • Usetheidentityofrecipientaskey Fuzzy Identity Based Encryption

  7. Seminar biometricsandcryptography IBE Scheme • Nokeyexchange in advance • Usetheidentityofrecipientaskey • Decryptbyfetching a keyfrom PKG Fuzzy Identity Based Encryption

  8. Seminar biometricsandcryptography 1.1 IBE Scheme Fuzzy Identity Based Encryption

  9. Seminar biometricsandcryptography 1.1 IBE Scheme Fuzzy Identity Based Encryption

  10. Seminar biometricsandcryptography 1.2 FuzzyfyingIdentitys • Identities becomesetsof Attributes • Example: IDenc={Student,ComputerScience,Crypto} Fuzzy Identity Based Encryption

  11. Seminar biometricsandcryptography 1.2 FuzzyfyingIdentitys • Identities becomesetsof Attributes • Example: IDenc={Student,ComputerScience,Crypto} • IDdec = {Student,Male,ComputerScience,Crypto,Graphics} Fuzzy Identity Based Encryption

  12. Seminar biometricsandcryptography 1.2 FuzzyfyingIdentitys • Onecanencryptforsomepublicidentity ⍵ • Decryptionwith an identity ⍵‘ ⧧ ⍵ possible • If ⍵ and ⍵‘ are „closeenough“ Fuzzy Identity Based Encryption

  13. Seminar biometricsandcryptography 1.2 FuzzyfyingIdentitys • Onecanencryptforsomepublicidentity ⍵ • Decryptionwith an identity ⍵‘ ⧧ ⍵ possible • If ⍵ and ⍵‘ are „closeenough“ • So there must beerrortolerance • Error tolerancemakesitsuitableforbiometrics • Usebiometricdetailsasattributes Fuzzy Identity Based Encryption

  14. Seminar biometricsandcryptography 1.3 Fuzzy IBE Scheme Fuzzy Identity Based Encryption

  15. Seminar biometricsandcryptography 1.3 Fuzzy IBE Scheme Key Attribute Comparison Fuzzy Identity Based Encryption

  16. Seminar biometricsandcryptography 1.3 Fuzzy IBE Scheme Key Attribute Comparison Fuzzy Identity Based Encryption

  17. Seminar biometricsandcryptography 1.4 Overview A shortoverview: Biometricidentitiesare PUBLIC, usedforencryption But also I usemybiometricfordecryption – Howthat? As in IBE schemeabove, the Server generates a private Key forme – togetit, i havetoauthenticatewithmy biometricidentity. Becausethis ID ispublic, theschemerelies on a „well trainedoperator“ todetectimitationsofidentites. Fuzzy Identity Based Encryption

  18. Seminar biometricsandcryptography Content Part 2: Preliminaries Fuzzy Identity Based Encryption

  19. Seminar biometricsandcryptography 2.1 Bilinear Maps Definition fromthepaper: The firstcondition will beused in thefurthersteps Fuzzy Identity Based Encryption

  20. Seminar biometricsandcryptography 2.2 Shamir‘ssecretsharing • ProposedbyShamir in 1979 • Allowstoshare ONE secretamong N paricipants • Ofwhich D manyhavetocollude in order todecrypt • Uses Lagrange polynomialinterpolation • HOW? • The „dealer“ chooses a randompolynomial p ofdegree D-1 • The absolute partof p isthesecret • He computes N randompoints p(x) anddistributes • D ofthemareneededforinterpolation Fuzzy Identity Based Encryption

  21. Seminar biometricsandcryptography 2.2 Shamir‘ssecretsharing • The „dealer“ chooses a randompolynomial p ofdegree D-1 • The absolute partof p isthesecret • He computes N randompoints p(x) anddistributes • D ofthemareneededforinterpolation Fuzzy Identity Based Encryption

  22. Seminar biometricsandcryptography 2.3 Lagrange coefficient Fuzzy Identity Based Encryption

  23. Seminar biometricsandcryptography Content Part 3: Key generation (Server-side) Fuzzy Identity Based Encryption

  24. Seminar biometricsandcryptography 3 Key generation Key Generation (Server side) Universeofidentity-attributes must bedefined Toget a uniquemapping, takethefirst Now a y ischosenrandomlyfrom Thenthepublicparametersare: Fuzzy Identity Based Encryption

  25. Seminar biometricsandcryptography 3 Key generation Togeneratethekeyfor ⍵ a polynomial q ofdegree d-1 ischosenrandomly. Thenthe private keyis: q(0) must beequalto y Fuzzy Identity Based Encryption

  26. Seminar biometricsandcryptography 3 Key generation Togeneratethekeyfor ⍵ a polynomial q ofdegree d-1 ischosenrandomly. Thenthe private keyis: Thisisonekeyforeachattribute D1 D2 D3 D4 D5 D6 Fuzzy Identity Based Encryption

  27. Seminar biometricsandcryptography 3 Key generation Danger: Collusionattacks Message isencryptedfor d>=4 Attributes usedfor ENC User 1 User 2 User 1 & User 2, d>=4 Fuzzy Identity Based Encryption

  28. Seminar biometricsandcryptography 3 Key generation Danger: Collusionattacks Message isencryptedfor d>=4 Attributes usedfor ENC User 1 User 2 User 1 & User 2, d>=4 Topreventcollusionattacks, choose a different polynomial q foreachidentity Fuzzy Identity Based Encryption

  29. Seminar biometricsandcryptography Toyexample Fuzzy Identity Based Encryption

  30. Seminar biometricsandcryptography Content Part 4: Encryption / Decryption(clientside) Fuzzy Identity Based Encryption

  31. Seminar biometricsandcryptography 4.1 Encryption (smalluniverse) Rememberthepublic Key: Fuzzy Identity Based Encryption

  32. Seminar biometricsandcryptography 4.2 Decryption(clientside) Fuzzy Identity Based Encryption

  33. Seminar biometricsandcryptography 4.2 Decryption(clientside) • Notation spy: • E‘=MYs • Ei=Tis • i= Attr. index • S=subsetof ID • q()=rnd. Poly. • Di=priv. keys • s randomfixed • y randomfixed • M message • Δ: lagrangecoeff. Fuzzy Identity Based Encryption

  34. Seminar biometricsandcryptography 4.3 Explanation • Notation spy: • E‘=MYs • Ei=Tis • i= Attr. index • S=subsetof ID • q()=rnd. Poly. • Di=priv. keys • s randomfixed • y randomfixed • M message • Δ: lagrangecoeff. Fuzzy Identity Based Encryption

  35. Seminar biometricsandcryptography 4.3 Explanation Nowthepolynomialinterpolationtakesplace in theexponent: • Notation spy: • E‘=MYs • Ei=Tis • i= Attr. index • S=subsetof ID • q()=rnd. Poly. • Di=priv. keys • s randomfixed • y randomfixed • M message • Δ: lagrangecoeff. Fuzzy Identity Based Encryption

  36. Seminar biometricsandcryptography 4.4 Extension ofthescheme In priorconstructionsizeofpublicparameters (Universeandt‘s) growlinearlywiththenumberofattributes in theuniverse Modificationoftheschemethatuses all elementsofasuniverse, andonlygrows in parameter n, whichdenotesthe max. size Identity wecanuse Usefullsideeffect: Onecanuseanystringasattribute Forthatweonlyneed a hash-functiontomap a stringtotheuniverse: The constructionissimilartotheconstructionbefore Fuzzy Identity Based Encryption

  37. Seminar biometricsandcryptography 4.4 Extension oftheScheme Fuzzy Identity Based Encryption

  38. Seminar biometricsandcryptography 4.4 Extension oftheScheme The private keyconsistsoftwosets Fuzzy Identity Based Encryption

  39. Seminar biometricsandcryptography 4.5 Encryption ischosenrandomly Fuzzy Identity Based Encryption

  40. Seminar biometricsandcryptography 4.6 Decryption Fuzzy Identity Based Encryption

  41. Seminar biometricsandcryptography Content Part 5: Security Fuzzy Identity Based Encryption

  42. Seminar biometricsandcryptography 5.1 Definitions • sdfsdfsd Fuzzy Identity Based Encryption

  43. Seminar biometricsandcryptography 5.2 Security Model • sdfsdfsd Fuzzy Identity Based Encryption

  44. Seminar biometricsandcryptography 5.3 Proof Fuzzy Identity Based Encryption

  45. Seminar biometricsandcryptography Content Part 6: Conclusion Fuzzy Identity Based Encryption

  46. Seminar biometricsandcryptography 6 Conclusion • Public keyencryptionwithoutpriorkeyexchange • Onlyusersidentityisneeded • Identities must beunique • Identities consistofattributes – whichmaybearbitrarystrings, but also biometricsarepossible Fuzzy Identity Based Encryption

  47. Seminar biometricsandcryptography 6 Conclusion • Public keyencryptionwithoutpriorkeyexchange • Onlyusersidentityisneeded • Identities must beunique • Identities consistofattributes – whichmaybearbitrarystrings, but also biometricsarepossible • Relies on a PKG, which must be a fullytrustedserver • Biometricauthenticationtoobtainthe private keys Fuzzy Identity Based Encryption

  48. Seminar biometricsandcryptography 6 Conclusion • Public keyencryptionwithoutpriorkeyexchange • Onlyusersidentityisneeded • Identities must beunique • Identities consistofattributes – whichmaybearbitrarystrings, but also biometricsarepossible • Relies on a PKG, which must be a fullytrustedserver • Biometricauthenticationtoobtainthe private keys • Relies on a well trainedofficertodetectimitations • Theoreticalsecurityisproven • Schemecouldbebrokenbyattackingtheofficer Fuzzy Identity Based Encryption

  49. Seminar biometricsandcryptography 2.1 Standard Identity based Encryption Fuzzy Identity Based Encryption

More Related