1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant...
-
Upload
brianna-richardson -
Category
Documents
-
view
232 -
download
1
Transcript of 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant...
![Page 1: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/1.jpg)
1
Attribute-Based Encryption for Fine-Grained Access
Control of Encrypted Data
Vipul Goyal
Omkant Pandey
Amit Sahai
Brent Waters
UCLA
UCLA
UCLA
SRI
![Page 2: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/2.jpg)
2
Traditional Encrypted Filesystem
File 1Owner: John
File 2Owner: Tim
Encrypted Files stored on Untrusted Server
Every user can decrypt its own files
Files to be shared across different users?
![Page 3: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/3.jpg)
3
A New Encrypted Filesystem
File 1•“Creator: John”
•“Computer Science”
•“Admissions”
•“Date: 04-11-06”
File 2•“Creator: Tim”
•“History”
•“Admissions”
•“Date: 03-20-05”
Label files with attributes
![Page 4: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/4.jpg)
4
An Encrypted Filesystem
File 1•“Creator: John”
•“Computer Science”
•“Admissions”
•“Date: 04-11-06”
File 2•“Creator: Tim”
•“History”
•“Admissions”
•“Date: 03-20-05”
Authority
OR
AND
“Computer
Science”
“Admissions”
“Bob”
![Page 5: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/5.jpg)
5
Threshold Attribute-Based Enc. [SW05]
Sahai-Waters introduced ABE, but only for“threshold policies”:•Ciphertext has set of attributes •User has set of attributes• If more than k attributes match, then User
can decrypt.
Main Application- Biometrics
![Page 6: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/6.jpg)
6
General Attribute-Based Encryption
Ciphertext has set of attributes
Keys reflect a tree access structure
Decrypt iff attributes from CT
satisfy key’s policy
OR
AND
“Computer
Science”
“Admissions”
“Bob”
![Page 7: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/7.jpg)
7
Central goal: Prevent Collusions
Users shouldn’t be able to collude
AND
“Computer
Science”
“Admissions”
AND
“History”
“Hiring”
Ciphertext = M, {“Computer Science”, “Hiring”}
![Page 8: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/8.jpg)
8
Related Work
Access Control [Smart03], Hidden Credentials[Holt et al. 03-04]
•Not Collusion Resistant
Secret Sharing Schemes [Shamir79, Benaloh86…]•Allow Collusion
![Page 9: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/9.jpg)
9
Techniques
We combine two ideas
Bilinear maps
General Secret Sharing Schemes
![Page 10: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/10.jpg)
10
Bilinear Maps
G , G1 : multiplicative of prime order p.
Def: An admissible bilinear map e: GG
G1 is:
– Non-degenerate: g generates G e(g,g) generates G1 .
– Bilinear: e(ga, gb) = e(g,g)ab a,bZ, gG
– Efficiently computable.
– Exist based on Elliptic-Curve Cryptography
![Page 11: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/11.jpg)
11
Secret Sharing [Ben86]
Secret Sharing for tree-structure of AND + OR
OR
AND
“Computer
Science”
“Admissions”
“Bob”
y
y
y
r(y-r)
Replicate secret for OR’s.
Split secrets for AND’s.
![Page 12: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/12.jpg)
12
The Fixed Attributes System: System Setup
Public Parameters
gt1, gt2,.... gtn, e(g,g)y
“Bob”, “John”, …, “Admissions”List of all possible attributes:
![Page 13: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/13.jpg)
13
Encryption
Public Parameters
gt1, gt2, gt3,.... gtn, e(g,g)y
Ciphertext gst2 , gst3 , gstn, e(g,g)sy
Select set of attributes, raise them to random s
M
File 1•“Creator: John” (attribute 2)
•“Computer Science” (attribute 3)
•“Admissions” (attribute n)
![Page 14: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/14.jpg)
14
Key Generation
Public Parameters
Private Key gy1/t1 , gy3/t3 , gyn/tn
gt1, gt2,.... gtn, e(g,g)y
Fresh randomness used for each key generated!
Ciphertext gst2 , gst3 , gstn, e(g,g)sy M
OR
AND
“Computer
Science”
“Admissions”
“Bob”
y
y
y
r(y-r)y3= yn=
y1=
![Page 15: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/15.jpg)
15
Decryption
e(g,g)sy3e(g,g)syn = e(g,g)s(y-r+r) = e(g,g)sy
(Linear operation in exponent to reconstruct e(g,g)sy)
Ciphertext gst2, gst3, gstn, Me(g,g)sy
Private Key gy1/t1 , gy3/t3 , gyn/tn
e(g,g)sy
3
![Page 16: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/16.jpg)
16
Security
Reduction: Bilinear Decisional Diffie-Hellman
Given ga,gb,gc distinguish e(g,g)abc from random
Collusion resistance
Can’t combine private key components
![Page 17: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/17.jpg)
17
The Large Universe Construction: Key Idea
Public Function T(.), e(g,g)y
Private Key
Any string can be a valid attribute
Ciphertext gs, e(g,g)syMFor each attribute i: T(i)s
For each attribute i gyiT(i)ri , gri
e(g,g)syi
Public Parameters
![Page 18: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/18.jpg)
18
Extensions
Building from any linear secret sharing scheme
In particular, tree of threshold gates…
Delegation of Private Keys
![Page 19: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/19.jpg)
19
Delegation
AND
“Computer
Science”
“admissions”
OR
“Bob”
Derive a key for a more restrictive policy
Year=2006
Subsumes Hierarchical-IBE [Horwitz-Lynn 02, …]
Bob’s Assistant
![Page 20: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/20.jpg)
20
Applications: Targeted Broadcast Encryption
Encrypted stream
AND
“Soccer” “Germany”
AND
“Sport” “11-01-2006”
Ciphertext = S, {“Sport”, “Soccer”, “Germany”, “France”, “11-01-2006”}
![Page 21: 1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.](https://reader034.fdocuments.net/reader034/viewer/2022050809/56649eb25503460f94bb90ec/html5/thumbnails/21.jpg)
21
Thank You