310 likes | 335 Views
CMPE 252A : Computer Networks. Chen Qian UCSC Baskin Engineering Lecture 18. Some slides from Brent Waters and Saiyu Qi. Scalable Data Access Control in RFID-Enabled Supply Chain. Saiyu Qi 1,2 , Yuanqing Zheng 2 , Mo Li 2 , Yunhao Liu 3 , Jinli Qiu 4. HKUST 1
E N D
CMPE 252A : Computer Networks Chen Qian UCSC Baskin Engineering Lecture 18 Some slides from Brent Waters and Saiyu Qi
Scalable Data Access Control in RFID-EnabledSupply Chain Saiyu Qi1,2, Yuanqing Zheng2, Mo Li2, Yunhao Liu3 , Jinli Qiu4 HKUST1 Nanyang Technological University2 Tsinghua University3 Xi’an Jiaotong University4
Introduction of RFID technique Basic components of RFID: • RFID Tag: • low cost • limited storage ability • support wireless communication • RFID Reader: • moderate-ability • retrieve tag carried data via wireless channel • Database: • Connect with reader • store detailed tag data • tag identification/authentication The global forecast of RFID hardware, middleware and IT market --------Source from DolceraWiki
RFID-enabled supply chain 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 shared among supply chain participants
Motivation • The product data derived by RFID tags is usually sensitive • An instance: pedigree of drugs • created for each tagged drug in a pharmaceutical supply chain • be useful to verify if a drug is fake • often contains counterfeit certificate , time of delivery and manufactures suffer malicious accesses by drug counterfeiters and competitive manufacturers
The goal of this paper • Secure sharing of RFID-derived product data • A scalable data access control system for RFID-Enabled Supply Chain • an item-level data access control mechanism • an item-level privilege revocation mechanism • Advantages: • data access control in item-level • scalable to large amount of tagged products
System model product data is sensitive and may be compromised A participant only needs to contact the provider to retrieve the data of others idxi, <Enc(wit, Ki)>sig We aim to provide item-level access policy for product data defined by participants
Item-level data access control: a strawman method Not scalable to support large-scale tagged products Some participants are unknown in advance
Item-level data access control: our idea Consider a tagged product flowing through the supply chain… • Submit policy enforced encryption: • encryption associated with an access policy • Policy definition: • two types of attributes: role attribute (etc, USA, Retailer) and tag attribute (used as tag ID) • logical expression over role attributesAND tag attribute • e.g., (‘retailer’ AND (‘USA’ OR ‘France’)AND‘TagAtt’)
Item-level data access control: our idea • Decryption condition of policy enforced encryption: • a credential with satisfiable role attributes and a credential with the tag attribute • Distributed credential management: • role attributes /credentials ------a key authority • tag attributes/credentials------corresponding tags (only participants within the supply chain can acquire!) • A participant can acquire: • one credential with a set of role attributes to describe itself from the key authority • credentials of tag attributes from tags
Item-level data access control: an example role attributes published by key authority tag attribute from tag credential issuing of role attributes within the supply chain but unsatisfiable role attributes outside the supply chain Location: USA Location: France Location: USA Obligation: retailer Obligation: producer Obligation: retailer TagAtt TagAtt
Item-level data access control: advantage • Advantages: • define an access policy with role attributes (acquired from the key authority) and tag attributes (acquired from tags)---do not need knowing other participants in advance • participants acquire credentials from key authority and tags --- item-level key issuing is avoided
Item-level data access control:implementation • Policy enforced encryption: • Double encryption pattern: Ciphertext Policy-Attribute Based Encryption (CP-ABE) [Bethencourt, et al., SP '07] and Updatable Encryption (UE) scheme Symmetric encrypt the ABE encryption ABE encrypt the data Precisely enforce our desired policy: ABE to enforce role attribute part Updatable encryption to enforce tag attribute part Product data Policy enforced encryption ABE encryption • Two types of credentials: • Credentials with role attributes: ABE private keys • Credentials with tag attributes: UE private keys
Ciphertext-Policy,Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA
Remote File Storage:Interesting Challenges • Scalability • Reliability • … But we also want security
Remote File Storage:Server Mediated Access Control • Good: • Flexible access policies • Bad: • Data vulnerable to compromise • Must trust security of server Sarah: IT department, backup manager ? Access control list: Kevin, Dave, and anyone in IT department
Remote File Storage:Encrypting the Files • More secure, but loss of flexibility • New key for each file: • Must be online to distribute keys • Many files with same key: • Fine grained access control not possible
Remote File Storage:We Want It All • Wishlist: • Encrypted files for untrusted storage • Setting up keys is offline • No online, trusted party mediating access to files or keys • Highly expressive, fine grained access policies • Ciphertext-policy attribute-based encryption does this! • User private keys given list of “attributes” • Files can encrypted under “policy” over those attributes • Can only decrypt if attributes satisfy policy
OR AND IT dept. manager marketing Remove File Storage:Access Control via CP-ABE MSK PK SKSarah: “manager” “IT dept.” SKKevin: “manager” “sales”
Important potential attack Users should not be able to combine keys Essential, almost defining property of ABE Main technical trick of our scheme: preventing collusion AND A B Collusion Attacks:The Key Threat ? SKSarah: “A”, “C” SKKevin: “B”, “D”
Collusion attacks rule out some trivial schemes … AND A B Collusion Attacks: A Misguided Approach to CP-ABE PKA PKB PKC PKD SKA SKB SKC SKD M = M1 + M2 SKSarah: “A”, “C” SKKevin: “B”, “D” C = (EA(M1), EB(M2)) CP-ABE has special design to be resilient to this attack
Item-level data access control:CP-ABE ABE master key ABE private key: {USA, retailer} ABE private key: {France, manufacturer} USA Logic expression over role attributes ENC(M, ‘USA’ OR ‘CHINA’)
Item-level data access control:CP-ABE alone is ill-suited ABE master key ABE private key: {USA, retailer} ABE private key: {France, manufacturer} ABE private key: {TagAtt} ABE private key: {TagAtt} Collusion resistance: Prevent joint usage of multiple private keys for decryption Single point of failure: All participants within the supply chain must trust the key authority
Item-level data access control:Updatable Encryption • Updatable Encryption (UE): • use UE-private key to further encrypt • Generate UE private keys by themselves as tag attribute credentials • Must within the supply chain can acquire the keys to decrypt encrypt with the UE-private key Policy enforced encryption ABE encryption
Item-level data access control:Updatable Encryption • Updatable Encryption (UE): • (UE) re-key to transform an encryption under one UE-private keyto an encryption under another UE-private key without decryption Proxy re-encryption [Blaze , et al., EUROCRYPT, 1998]: • long private key (1024 bits) • not specific for supply chain setting Updatable encryption: • short private key (486 bits) to store in commercial tags (512 bits) • two security models for revoked participants and service provider • provable security under the two models
Item-level privilege revocation: basic tasks • Upstream participants cannot access the data of downstream ones • Downstream participants still can access the data of upstream ones
Item-level privilege revocation: complete the second task • A strawman method: add a tag credential each revocation old tag credential old encryption high tag storage overhead new tag credential new encryption • Our solution: re-encrypt old encryption with re-key re-key service provider old encryption only need to store the newest tag credential new tag credential new encryption
Evaluation: environment • PC configuration:16-core AMD Opteron Processor 6320 and 16GB RAM running on Ubuntu 13.10 OS • Two platforms: • Single PC • Cluster of three PCs with hadoop • Product data is randomly generated following normal distribution
Evaluation: data submission, data retrieval, and updating All the three operations for 10000 tagged products can be completed within 1 hour
Summary • Policy enforced encryption with role attributes and tag attribute • Preclude participants outside supply chain and with unsatisfiable characters • separately manage credentials of role attributes and tag attributes • Enforce item-level access control without item-level key issuing • Enable servicer provider to transform old encryptions to new encryptions by re-key without decryption • Tag only needs to store the newest tag credential