290 likes | 461 Views
Broadcast Encryption Scheme Based on Binary Cubes. Alexey Urivskiy JSC « InfoTeCS » , Moscow, Russia alexey.urivskiy@mail.ru. Privileged users. Revoked users. What is Broadcast Encryption?. Center. Message. Channel. Purpose.
E N D
Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru
Privileged users Revoked users What is Broadcast Encryption? Center Message Channel Alexey Urivskiy ACCT'2014
Purpose Securely broadcast a message to an arbitrary dynamically changing subset of stateless receivers. Alexey Urivskiy ACCT'2014
Typical BE-Applications • pay-TV systems; • tactical radio; • positioning systems; • digital rights management solutions; • etc. Alexey Urivskiy ACCT'2014
Preliminary Phase: Key Distribution Center 1 4 3 2 Alexey Urivskiy ACCT'2014
1 2 3 4 Alexey Urivskiy ACCT'2014
Index Ciphertexts Encryptedmessage BODY HEADER Broadcast Phase: Message Encrypted message = The Message encrypted on the Session Key Ciphertexts = The Session Key encrypted on Key Encryption Keys (KEK) Index = Information on which users are in which subset Alexey Urivskiy ACCT'2014
Performance Parameters • Transmission overheadthe header’s length • Userkey blockthe number of KEKs of the user • Processing complexity • Securityfocus only on information-theoretic secure Alexey Urivskiy ACCT'2014
Designing a good BES? Provided the BES is • secure • computationally efficient given • the network size • the number of the revoked users to balance • the size of the user key block and • the transmission overhead Alexey Urivskiy ACCT'2014
Naive Scheme 1 2 3 4 Alexey Urivskiy ACCT'2014
Properties • Transmission overheadLargest possible • User key blockSmallest possible = 1 Key • Processing complexityLow Alexey Urivskiy ACCT'2014
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Trivial Scheme 1 2 3 4 Alexey Urivskiy ACCT'2014
Properties • Transmission overheadSmallest possible = 1 KEK • User key blockLargest possible • Processing complexityLow Alexey Urivskiy ACCT'2014
The CuBES Cubes Based Broadcast Encryption Scheme Alexey Urivskiy ACCT'2014
Why we say ‘CUBES’? z (0,0,1) (0,1,1) (1,0,1) (1,1,1) y (0,0,0) (0,1,0) x (1,1,0) (1,0,0) Binary cube of dimension 3 Alexey Urivskiy ACCT'2014
0 0 0 0 1 1 1 1 1 1 1 0 1 1 1 1 0 2 1 1 1 0 3 1 1 1 0 4 1 1 0 0 5 1 1 0 0 6 1 1 0 0 7 0 1 1 0 8 1 1 0 0 9 1 1 0 0 10 1 0 0 0 11 1 0 0 0 12 0 0 0 1 13 1 0 0 0 14 15 1 2 3 4 Binary cube of dimension 4 Alexey Urivskiy ACCT'2014
1 2 3 4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 • Properties for N users • 2N -1 keys in total • 2N-1keys for every user • 1 KEK to handle any configuration of revoked users Limitation: in practice N ≤ 20 Alexey Urivskiy ACCT'2014
Approach • Partition users into small group. • Apply the trivial schemeto every group. • Apply a logical hierarchy to group of users – a tree-like construction. Alexey Urivskiy ACCT'2014
Hierarchy Example - 24 users Binary cube (keys) for 3 (virtual) users Binary cube (keys) for 4 users Binary cube (keys) for 2 (virtual) users User Alexey Urivskiy ACCT'2014
Users Key Block Example 3 Alexey Urivskiy ACCT'2014
9 15 14 13 11 10 12 1 1 1 2 2 2 3 3 3 4 4 5 5 6 6 7 7 8 Users Key Block Example 1 2 3 4 3 Alexey Urivskiy ACCT'2014
9 1 6 4 2 1 7 11 4 2 1 14 2 5 Users Key Block Example 3 Alexey Urivskiy ACCT'2014
Example 4x3x2 Coverage5 KEKs User’s storage14 KEKs Alexey Urivskiy ACCT'2014
Example 6x4 Coverage4 KEKs User’s storage47 KEKs Alexey Urivskiy ACCT'2014
Example 8x3 Coverage3 KEKs User’s storage131 KEKs Alexey Urivskiy ACCT'2014
Worst case analysis Coverage, # KEKs # Revoked users Alexey Urivskiy ACCT'2014
CuBESExample Users: N=220 Revoked users: r=216 Alexey Urivskiy ACCT'2014
Coverage, # KEKs # Revoked users 8x8x4x4x4x4x4x4x4 9x9x6x6x6x5x4x3 10x10x7x7x6x6x6 Alexey Urivskiy ACCT'2014
Thank you!Questions? Alexey Urivskiy ACCT'2014