1 / 17

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. 20103350 An, Sanghong KAIST 2010 2010. 3. 11. Contents. Introduction Background Construction for Access Trees Proof of Security Large Universe Construction Delegation of Private Keys Applications.

buck
Download Presentation

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data 20103350 An, Sanghong KAIST 2010 2010. 3. 11.

  2. Contents • Introduction • Background • Construction for Access Trees • Proof of Security • Large Universe Construction • Delegation of Private Keys • Applications KAIST CS

  3. Introduction • How can we control access with fine-grained manner? • Just encrypting data is not enough • Needs of restrictive access(Audit log access, IP log access…) • Keywords • Fine-grained Access Control • Secret-Sharing Scheme KAIST CS

  4. Background • Definition : Access Structure • A set of parties: P = {P1, P2, … , Pn} • A monotone collection A ⊆2P,{Φ}∈/A • Authorized set S : S∈A • Attributes = parties KAIST CS

  5. Background • Attribute Based Encryption scheme • Selective-Set Model for ABE • CPA(Chosen-Plaintext Attack) PK Setup A : Access Structure PK : Public parameter MK : Master Key E : Ciphertext D : Decryption Key(Private Key) Message m Encryption Set of Attributes γ MK E PK Key Generation D M if γ ∈A Decryption A KAIST CS

  6. Background • Bilinear Map • G1, G2 : multiplicative cyclic groups of prime order p • g : generator of G1 • e : bilinear map, e: G1 X G1  G2 • e(ua,ub) = e(u,v)ab, e(g,g) ≠ 1 • Decisional Bilinear-Diffie-Hellman Assumption KAIST CS

  7. Construction for Access Tree • Access Tree T • Non-leaf node x : (kx,n) , t : threshold value n : # of children • Leaf node described by an attribute • att(x) : attribute associated with leaf node x • index(x) : unique index value for node x • Tx(γ) = 1 if γ satisfies the access tree Tx • At least kx children returns 1 for Tx’(γ), Tx(γ) = 1 • For leaf node, Tx(γ) = 1 iffatt(x) ∈ γ KAIST CS

  8. Construction for Access Tree • Init • G1: multiplicative cyclic groups of prime order p • g : generator of G1 • e : bilinear map • Δi,Sfor i∈Zp : Lagrange Coefficient • S⊆Zp KAIST CS

  9. Construction for Access Tree • Setup • U : universe of attributes = {1,2,…,n} • ti : Randomly generated for i ∈ U, from Zp • y = Randomly generated number from Zp • Public Parameter PK • Ti = g^ti, Y = e(g,g)y • Master Key MK • t1, … , t|U|, y KAIST CS

  10. Construction for Access Tree • Encryption(M,γ, PK) • M∈G2, γ : a set of attributes • s : Randomly generated number from Zp • Ciphertext E • E = (γ, E’ = MYs, {Ei = Tis}i∈γ) KAIST CS

  11. Construction for Access Tree • Key Generation(T, PK) • Generate a Key that decrypt encrypted message when Tr(γ) = 1 • For each node x • Degree dx of polynomial qx • dx = kx -1 • qr(0) = y, a proper polynomial qr for dr • qx(0) = qparent(x)(index(x)) • Decryption Key D = {D1, … Dn} • Dx = g^(qx(0)/ti), where i = att(x) KAIST CS

  12. Construction for Access Tree • Decryption(E, D) • Recursive Algorithm DecryptNode(E,D,x) • For leaf node • DecryptNode(E,D,x) = e(Dx, Ei) = e(g,g)s qx(0) if i∈γ = ┴, otherwise • For non-leaf node • DecryptNode(E,D,x) = Fx • For all x’schilderen z, Fz= DecryptNode(E,D,z) • If Fz≠┴, put z into a set S KAIST CS

  13. Proof of Security • Reduce Selective-set model to Decisional BDH • Thm. If an adversary can break the scheme in the Attribute-based Selective-Set model, then a simulator can be constructed to play the Decisional BDHgame with a non-negligible advantage. • Pf) Reduction to absurdity • SSM advantage = ε, but D-BDH advantage = ε/2 KAIST CS

  14. Large Universe Construction • Hash function and arbitrary strings KAIST CS

  15. Delegation of Private Keys • Delegate Key for sharing • T’ : more restrictive than T (T’ ⊆ T) • Adding a new trivial gate to T • Manipulating existing (t,n)-gate in T • To (t+1, n)-gate with (t+1)≤n • To (t+1, n+1)-gate • To (t, n-1)-gate with t≤(n-1) • Re-randomizing the obtained key KAIST CS

  16. Applications • Audit Log Application • Can’t collude to try to extract unauthorized information from the audit log • Targeted Broadcast • Broadcast with a label with attributes about the program • User subscribes “packages” which have attributes of a program • Selective broadcast KAIST CS

  17. References • V.Goyal and O.Pandey. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, 2006 • A.Sahai and B.Water. Fuzzy Idnetity Based Encryption. In Advances in Cryptology –Eurocrypt, 2005 KAIST CS

More Related