210 likes | 359 Views
Generic Transformation for Scalable Broadcast Encryption Schemes. CRYPTO ‘05 . Jung Yeon Hwang , Dong Hoon Lee, Jong In Lim. Contents. Broadcast Encryption (BE) Concept / Applications Related Works Our Approach for Scalability Design Principle Generic Transformation Compiled Examples
E N D
Generic Transformation for Scalable Broadcast Encryption Schemes CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim
Contents • Broadcast Encryption (BE) • Concept / Applications • Related Works • Our Approach for Scalability • Design Principle • Generic Transformation • Compiled Examples • Concluding Remarks
Contents Header Body Broadcast Encryption : Concept Message Sender Broadcast Encryption Message s : session key , m :contents Subscribers
BE : Applications • Satellite-based Business • Group Communication • Digital Rights Management • Home network content protection • AACS (Advanced Access Content System) group 2004. 7. IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, Warner Bros. Studios
BE : Basic Goal How to efficientlyexclude illegal users from a privileged set ? Revoked User Privileged User • Transmission Overhead (TO) • User Storage Overhead (SO) • Computation Overhead (CO) one-to-many communication : Transmission efficiency
BE : Related Works • Unicast & Power-Set Solutions • Middle Ground : Revocation-state ? • Define a collection of subsets - Combinatorial Approach (collusion) - Tree Structure (SD,LSD,SSD), Line Segment(PI) • Reveal Information of Revoked Users - Secret Sharing • Accumulate Information of Privileged Users - One-Way Accumulator
Problem of Scalability & Our Solution • Large Number of Users? • Impractical due to Excessive User Storage and/or Computation Overhead • Modular Approach for Scalability • Reduction in User Storage and Computation Slight Increase in Transmission Overhead • Structure Preserving - Security - Type of Key Sharing : Symmetric / Public Key - Connection State : Stateful / Stateless
Our Solution : Modular Approach • Independent & Hierarchical Application of BE to small subsets • User Structure : n=ws w-ary Tree Sibling Set Sa e Height = s Se 8 1 … … … Se1 1 2 3 4 5 7 8 6 … … Se18 Users 1 4 6 5 7 8 2 3 Ue184
Se Se1 Se18 Our Solution : Modular Approach • Independent & Hierarchical Application of BE Tree - Key Assignment … … … … … Ue184
Our Solution : Modular Approach • Independent & Hierarchical Application of BE Tree - Revocation Se … … … Se1 … … Se18 ue115 ue182 Revoked nodes (Steiner Tree) Revoked Users (leaves)
… … … … Our Solution : Modular Approach • Independent & Hierarchical Application of BE Tree - Revocation Se … Se1 Se11 Se18 ue115 ue182 Revoked nodes
Our Solution : Performance Analysis • User Storage Overhead • 1 + sᆞSOB(n1/s) • Preserve “log-key restriction” (1+ s log n1/s = 1+ log n) • Computation Overhead • COB(n1/s) • Transmission Overhead • ≤ sᆞTOB(n1/s) Height : s Sibling Set w=n1/s
Examples • User Devices with Limited Resources • Transmission-Restricted/Low Bandwidth Application
BE scheme B1 with log n +1 SO, 2 r log n /log log n TO, log n CO Example 1 : For Low Resource Environment • BE scheme B1 with log n +1 SO, 2 r TO, n CO Transformation
F2(sdi) Fj-i(sdi) sdi F1(sdi) Example 1 : For Low Resource Environment • User Structure : Number line … … 1 i … … U1 U2 U3 U4 U5 U6 Ui Un-1 Un • Basic Tool : One-way chain points chain-value F:{0,1}κ→ {0,1}κ sdi ←R {0,1}κ
F3(sd1) F2(sd8) F1(sd9) F20(sd32) Example 1 : For Low Resource Environment • Revocation of B1 : 2r (r : number of revoked users) • Key Assignment of B1 : 1+log n (Log-Key Restriction) sd6 chain-values F(sd5) F2(sd8) F26(sd32) F5(sd1) F10(sd16) … 8 16 n computations
Example 1 : Security • Subset Cover Framework (by Naor et al.) • Subset : Interval (line segment) Existence of Pseudo-Random Sequence Number Generator Key assignment method satisfies Key Indistinguishability
Example 2 : Low Bandwidth BE • Jumping One-way Chain Schemes by Jho et. al at Eurocrypt’05 Performance. TO : [r/2] +1, SO : (n2+4n)/8, CO : n/2 • Application of Different BE Schemes : B2 … … … …
Performance Analysis • N=108 users and w=100 for worst case B1 B2 SD SD The gap of log key restriction B2 B1 User Storage Overhead Transmission Overhead
Concluding Remarks • Average case analysis • Traitor Tracing & Other Properties • Multi-dimensional Cube