360 likes | 507 Views
An Efficient Key-Management Scheme for Hierarchical Access Control Based on Elliptic Curve Cryptosystem. Author: F.G. Jeng and C.M. Wang Citation: Journal of Systems and Software. Outline. Introduction Elliptic Curve Cryptosystem Proposed Scheme Analysis of Security
E N D
An Efficient Key-Management Scheme for Hierarchical Access Control Based on Elliptic Curve Cryptosystem Author: F.G. Jeng and C.M. Wang Citation: Journal of Systems and Software
Outline • Introduction • Elliptic Curve Cryptosystem • Proposed Scheme • Analysis of Security • Analysis of Time Complexity • Analysis of Storage Complexity • Conclusion • Idea
President Office of Academic Affairs Office of Student Affairs Office of General Affairs Teachers Library Students Introduction • Hierarchical access control problems : • access rights among a group of users in an organization • higher level user can access lower level user’s data • lower level user can not access higher level user’s data
Introduction • Two Types of Hierarchies • Tree hierarchy • Each class (except root class) has only one parent class. • Partially ordered hierarchy • Each class (except root class) could have more than one parent class.
A tree hierarchy Ci Cj C1 C2 C4 C3 C5 C6 C7 C8 Introduction • Tree hierarchy • The users are divided into a set of disjoint security classes C = {C1, C2, …, Cn}. • Each class has its own cryptographic key. • Each class (except root class) has only one parent class. • Cj ≤ Ci : Cican read or store information in Cj, but the opposite is not allowed. • Cican derive the key of Cj.
A partially ordered hierarchy Ci Ci C1 C2 C3 C4 C5 C6 C7 Introduction • Partially ordered hierarchy • The users are divided into a set of disjoint security classes C = {C1, C2, …, Cn}. • Each class has its own cryptographic key. • Each class (except root class) could have more than one parent classes. • Cj ≤ Ci : Cican read or store information in Cj, but the opposite is not allowed • Cican derive the key of Cj.
Introduction • Types of public-key cryptosystem • Integer Factorization System • n= pq, where p and q are two primes. • It’s hard to factorize n. • Discrete Logarithm System • rx≡ h (mod p) • It’s hard to find x. • Elliptic Curve Cryptosystem • Q = aP, where P and Q are two points over an elliptic curve. • It’s hard to find a.
Introduction • Goals of a Key-Management Scheme • The scheme should be secure. • The key-derivation process should be efficient. • The scheme should have the dynamic access property . • The scheme should require low-cost computation overhead and less storage. • The scheme should be flexible on selection of user’s own secret key.
Elliptic Curve Cryptosystem • Advantages of ECC (Elliptic Curve Cryptosystem) • ECC provides greater efficiency roughly 10 times than either integer factorization systems or discrete logarithm systems in terms of computational overheads, key sizes and bandwidth. • a key size of 4096 bits for RSA gives the same level of security as 313 bits in an ECC
y2 = x3 + x+ 1 Elliptic Curve Cryptosystem • Mathematics Backgrounds on the ECC • Elliptic curve equation E over Zp • Zp = {0, 1, 2, …, p-1} • Ep(a, b) : y2=x3+ax+b (mod p), where a and b Zp, and 4a3+27b2 0 • A finite abelian group, which defined over Ep(a, b)
Elliptic Curve Cryptosystem • Mathematics Backgrounds of ECC • Operations of points in the ECC • If P = (xp, yp), then P +(xp, –yp) = O. The point(xp, –yp) is the negative of P, denoted as –P. • Example • Let P = (6, 4), then, –P = (6, –4). Since –4 mod 23 19, –P = (6, 19) over E23(1,1).
Elliptic Curve Cryptosystem • Mathematics Backgrounds of ECC • Multiplication by an integer is defined by repeated addition; for example, 2P = P + P . • xr = (2 xp xq) mod p • yr = ( (xp xr) yp)mod p • Example • P = (6, 4); λ=5, xr=13, yr=7, 2P = (13, 7)over E23(1, 1)
Elliptic Curve Cryptosystem • Mathematics Backgrounds on ECC • Addition operation of two different points over Ep(a, b). • If P= (xp, yp) and Q= (xq, yq) in which P Q, then R = P + Q= (xr, yr). • xr = (2 xp xq) mod p • yr = ( (xp xr) yp)mod p, • Example • P = (6, 4), Q = (7, 11), λ=7, xr=13, yr=16, R = P + Q = (13, 16) over E23(1,1).
160 Elliptic Curve Cryptosystem
Proposed Scheme • Key-management Scheme for Tree Hierarchy • Mathematics background • A function H: A→ B is a one-way hash function, it is a one-to-one function and implies that • For every x in A, H(x) can be computed easily; • For every y = H(x) in B, it is infeasible to compute x
Proposed Scheme • Key Generation Algorithm • Step 1 • CA determines Ep (a, b) : y2 = x3 + ax + b (mod p) • p is a large prime number • 4a3 + 27b2 ≠ 0 mod p. • CA picks a base point G = (x, y) with the order n such that nG = O. • CA publishes Ep(a, b), G and n.
Key Generation Algorithm Step 2 CA selects Ã: (x, y) → v, v is an integer number. The CA makes à public. CA chooses a secret parameter nca and makes Pcapublic, where Pca= ncaG. Private parameter of the CA : nca Public parameter of the CA : point Pca Proposed Scheme
Key Generation Algorithm Step 3 Class Ci chooses secret key Ki, 1 ≤ Ki≤p-1 Class Ci chooses secret parameter ni. ni ≤n Pi= niG is public Ci sends (Ki, ni) to CA secretly Private parameters of Ci :Ki , ni Public parameter of Ci : point Pi = niG Proposed Scheme
Key Generation Algorithm Step 4 CA constructs a polynomial Hi(x) for Ci. For the root class, H(x) = nil. H1(x) = nil For non-root class, Hi(x) = where Ci≤Ct. C1 C2 C3 C4 C5 C6 C7 Proposed Scheme
Key Generation Algorithm Example • H2(x)=(x - Ã(n2P1)) + K2 • H3(x) =(x - Ã(n3P1)) + K3 C1 C1 C2 C2 C3 C3 C4 C4 C5 C5 C6 C6 C7 C7 Proposed Scheme
Key Generation Algorithm • Example • H5(x) =(x - Ã(n5P1)) (x - Ã(n5P2)) + K5 • H4(x) = (x - Ã(n4P1)) + K4 C1 C1 C2 C2 C3 C3 C4 C4 C5 C5 C6 C6 C7 C7 Proposed Scheme
Key Generation Algorithm • Example • H6(x) =(x - Ã(n6P1)) (x - Ã(n6P2)) (x - Ã(n6P3)) (x - Ã(n6P4)) + K6 • H7(x) =(x - Ã(n7P1)) (x - Ã(n7P4)) + K7. C1 C1 C2 C2 C3 C3 C4 C4 C5 C5 C6 C6 C7 C7 Proposed Scheme
Key Derivation Algorithm Step 1. Ci derives the key of Cj. Ci gets the public polynomial Hj(x) and Pj. Example C1 derives the key of C6. C1 knows : P6 and H6(x) C1 C2 C3 C4 C5 C6 C7 Proposed Scheme
Key Derivation Algorithm Step 2. CiComputes Hj(Ã(niPj)) Ci obtains Kj H6(x) =(x - Ã(n6P1)) (x - Ã(n6P2)) (x - Ã(n6P3)) (x - Ã(n6P4)) + K6 Example H6(Ã(n1P6)) = (Ã(n1P6) - Ã(n6P1))(Ã(n1P6) - Ã(n6P2)) (Ã(n1P6) - Ã(n6P3)) (Ã(n1P6) - Ã(n6P4)) + K6 =(Ã(n1 n6G) - Ã(n6 × n1G))(……) + K6 =K6 || 0 C1 C2 C3 C4 C5 C6 C7 Proposed Scheme
Proposed Scheme • Problems of Dynamic Access Control • Addition of a new security class • Deletion of a security class
C1 C2 C3 C4 C8 C5 C6 C7 C1 C2 C3 C4 C5 C6 C7 Proposed Scheme • Addition of a new security class • Class C8 is added to the hierarchy, C8 has private parameters (n8, K8) and public parameter P8 = n8G. • The CA constructs H8(x) for C8, H8(x) = (x - Ã(n8P1)) (x - Ã(n8P4)) + K8
Deletion of a Security Class Class C3 is removed from the hierarchy. Only, the CA deletes K3, n3, P3 and H3(x). C1 C2 C3 C4 C8 C5 C6 C7 C1 C2 C4 C8 C5 C6 C7 Proposed Scheme
C5 public parameters (P5, H5(x)) private parameters (n5, K5) C6 public parameters (P6, H6(x)) private parameters (n6, K6) C5, C6 know P2 , H2(x) n2P2 = n2G H2(x) = (x - Ã(n2P1)) + K2 H2(Ã(n2P1)) = (Ã(n2P1) - Ã(n2P1)) + K2 hard C1 C1 C2 C2 C3 C3 C4 C4 C5 C5 C6 C6 C7 C7 Analysis of Security : Conspiracy
Conclusions • The problem of hierarchical access control is discussed and solved. • ECC is more efficient than other cryptosystems. • It is efficient in our key generation and key derivation based on ECC. • The proposed scheme achieves the dynamic access property. • Addition of a new class • Deletion of an old class • The proposed scheme has low computational overhead and less storage based on ECC. • The proposed scheme is flexible on selection of user’s own secret key.
具有優先權概念之不擴展漸進式視覺密碼 • 漸進式且具有不同權限等級的不擴展視覺密碼分享方法 (n, n)-PPSM (n, n)-priority and progressive sharing model • 現行的漸進式視覺密碼的分享機制下,無法根據參與者的重要性來賦予適當的權限等級 • n個機密分享參與者,都擁有不同權限
實驗結果與分析討論 • 圖 5:圖 4 分享影像的重疊結果 • 左:疊合五張分享影像→ (NC = 0.74) 才能隱約看到機密影像的輪廓 • 右:疊合三張分享影像→ (NC = 0.72),即可隱約看到機密影像的輪廓 疊合四張分享影像→ (NC = 0.78),即可清晰地看到機密影像的內容 • 該研究的機密分享矩陣確實能給予分享者不同的機密復原能力
實驗結果與分析討論 • 圖 7:圖 6 所產生的彩色分享影像 • 權限高→疊合分享影像→較少張→輪廓 • 權限低→疊合分享影像→較多張→輪廓 • 圖 5 , 7 實驗結果可發現,機密影像的還原結果是根據參與者的權限等級高低
老師補充 • 想法:是否可以金鑰可以用群組的概念來作為分享影像的作法?