1 / 35

ABE Applications

ABE Applications. Present by Xiaokui Shu 09/20/2011. Privacy Preserving EHR System Using Attribute-based Infrastructure. Secret-Sharing Scheme. Persona: An Online Social Network with User-Defined Privacy. Privacy Preserving EHR System Using Attribute-based Infrastructure.

jolene
Download Presentation

ABE Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ABE Applications Present by XiaokuiShu 09/20/2011

  2. Privacy Preserving EHR System Using Attribute-based Infrastructure Secret-Sharing Scheme Persona: An Online Social Network with User-Defined Privacy

  3. Privacy Preserving EHR System Using Attribute-based Infrastructure Secret-Sharing Scheme

  4. Content • Overview • Security Goal • Assumptions • System Features • Operations • Implementation

  5. Security Goal • Confidentiality • Adversaries cannot read patients’ files • Cloud provider cannot read patients’ files • Privacy • Cloud provider not be able to infer information about the file’s content

  6. Assumptions • Trusted authority (TA) • Generates keys • Publishes public parameters • User • ID and attributes • Private key given by TA after verifying attributes • Cloud server • Trusted for performing requested operations • Should not read patients’ data

  7. System Features • Broadcast ciphertext-policy attribute-based encryption • ABE • Policy attached to the ciphertext • Revocation function • Search-index for encrypted keywords • The only not encrypted object • The access policy

  8. Operations::Store File

  9. Operations::Set Access

  10. Operations::Revocation

  11. Other Operations • Delegate • Keyword Search • The search is performed by the cloud provider on the encrypted data such that the cloud provider learns nothing about w (keyword)

  12. Implementation::ABE

  13. Implementation::Keyword Search over Encrypted Data Secure Channel Free Public-Key Encryption with Keyword Search (PEKS)

  14. Persona: An Online Social Network with User-Defined Privacy Secret-Sharing Scheme

  15. Content • Overview • Related Approaches • Persona Basis • Operations • Applications • Implementation • Evaluation

  16. Persona • Combine Public Key Cryptography (PKC) and ABE • Group-based access policies • Creative system design • Browser extension • Can be integrated into existing OSNs

  17. Public Key Cryptography (PKC) • Define a group • Group key: symmetric encryption • Distribute a message • Encrypt n-1 times with different public keys • Key re-use • Use the same group key for a session

  18. Attribute-based Encryption What if we do not know exactly who are in the group?

  19. Persona Basis • Use symmetric key to encrypt data • Use ABE to manage access control • Use PKC to aid ABE (e.g. authentication)

  20. Operations • DefineRelationship • DefineTransitiveRelationship • AssignRightsToIdentity • AssignRightsToGroup • GroupMembershipRevocation

  21. Operation:: DefineRelationship • Alice confers the attribute “friend” upon Bob KABE, “friend” Bob.TPK Alice C = EBob.TPK(KABE, “friend”) Bob

  22. Operation::DefineTransitiveRelationship • Alice defines “bob-friend” on Bob’s “friends” group KABE, “bob-friend” Bob.APK Bob Alice C = Ebob.APK(KABE, “bob-friend”) David

  23. Operation:: AssignRightsToIdentity • Alice grants Bob to put data on her storage service Alice n Bob C = Ebob.TSK(n, try) Bob.TPK

  24. Operation:: AssignRightsToGroup • Alice provides resource access to a group Alice C = Egroup.attr(TPK, TSK) attr

  25. Operation::GroupMembershipRevocation • Re-key • all remaining group members must be given a new key • nominal overhead is linear • Time Attribute • Year < 2011 • Year == 2011

  26. Publishing and Retrieving Data • Every User has a storage service (SS) • Retrieving data • Satisfy ABE access control with attributes • Discovery group key • Encrypt the group key with its TPK in its SS for future use • Publishing data • Search its SS for previous group key • Create a new group key • Retrieve a pre-existing key on others’ SS

  27. Applications::Storage Service • Trust a storage service to reliably store data, provide it upon request, and protect it from overwrite or deletion by unauthorized users • Do not trust a storage service to keep data confidential, relying instead on encryption to guard private information • Two operations to SS • put • get

  28. Applications::Collaborative Data • A collaborative multi-reader/writer application • The Wall in Facebook • Doc: a multi-reader multi-writer application in Persona • Users create a Page • Metadata: References to encrypted data • The application: display, updates reference • Reading the Page • DefineRelationship(Alice; attrs; Bob) • Writing to the Page • AssignRightsToIdentity(Alice; write; Bob:TPK; D; Doc)

  29. Applications::Wall & Chat • Persona Wall is distributed • Inherit Doc • It allows users to choose where the Wall metadata is stored • Posts and comments are stored on storage servers owned by the poster/commenter • Chat application • Inherit Doc • On-the-fly UI • Profile, Photos, Groups and Events • Inherit Doc

  30. Applications::Selective Revelation • Given ASK to applications • Where I've Been in Facebook • Allow a specific group of people to retrieve part data

  31. Applications::Social Graph • Graph of social connections • People You May Know in Facebook • Private in Persona • 2 approaches • Directly grant access • Inherently private application

  32. Implementation *(@#$@# This is … • Data reference resolution • Replacement of special tags • Caching

  33. Evaluation

  34. Thank you! Secret-Sharing Scheme

More Related