Mohamed Nabeel, Ning Shang, Elisa Bertino (Purdue University) · Mohamed Nabeel, Ning Shang, Elisa...
1
IdMgr Mohamed Nabeel, Ning Shang, Elisa Bertino (Purdue University) What is policy based content dissemination? Lab Reports A H F G N M L K J I B D C A simplified Health Record (HR) Contact Info Clinical Record Medical History A receptionist can access Contact Info A data analyst can access Lab Reports A doctor can access Clinical Record Attribute Based Access Control (ABAC) A simplistic approach using encryption Lab Reports A H F G N M L K J I B D C A simplified Health Record (HR) Contact Info Clinical Record Medical History Issue #1: Privacy of the users is not preserved Issue #2: The key management does not scale “I am a doctor” Publisher “Here are the keys to decrypt Medical Records” Subscriber 1. Need to reveal credentials 2. Need a private communication channel for re-keying Only one encryption per node! Re-keying has O(n) communication overhead (n = number of users) Requirements for maximal amount of privacy & security Access Control Hidden Credentials Hidden Content Consumption Only subscribers satisfying AC policies are allowed to access Publisher does not learn the attributes of subscribers Publisher does not learn which content subscribers can access Building blocks: OCBE and BGKM schemes Commitment(“I am a doctor”) Publisher Envelope (“Here are the secrets to decrypt Medical Records”) • Publisher does not learn credentials • User can open the envelope only if her credential satisfies the condition Unconditionally hiding and computationally binding com(m) = g m h r An encrypted message Subscriber OCBE: Oblivious Commitment Based Envelope BGKM: Broadcast Group Key Management Public Info S 1 S 2 S 3 + a 1,1 a 1,2 a 1,m a 2,1 a 2,2 a 2,m a n,1 a n,2 a n,m A = Each row is constructed with secret(s) given to each Sub c 1,1 c 1,2 c 1,m K 0 0 + A random vector from the null space of A c' 1,1 c 1,2 c 1,m ACV – Access Control Vector Public Info a r,1 a r,2 a r,m KEV – Key Extraction Vector c' 1,1 c 1,2 c 1,m . a r,1 a r,2 a r,m K = Putting everything together (OCBE + BGKM) IdP Sub IdMgr Identity Token Issuance Pub Identity Token Registration Document Dissemination Sub Identity Token Issuance IdP Sub (attr 1 , val 1 ) (attr 1 , val 1 ) (Token 1 ) Identity Token Pseudonym Attribute Commitment Signature Certified Identity Attribute Example: “I am a doctor” Identity Token Registration OCBE Sub1 Pub Cond(attr 1 , val 1, , op) (Token 1 ) CSS 1 Example: age > 21 Conditional Subscription Secret Document Dissemination Document Subdocument 1 Subdocument 2 Subdocument 3 ACV 1 ACV 2 ACV 3 Document Subdocument 1 Subdocument 2 Subdocument 3 K 1 K 2 K 3 ACV 2 KEV 2 K 2 Subdocument2 K2 Subdocument2 Some selected experimental results Average computation time for running one round of GE-OCBE protocol Time to generate an ACV for different user configurations Key derivation time for different user configurations ACV generation and key derivation for different number of conditions per policy 787-BC0.pdf 1 3/18/2010 5:36:23 PM
Transcript of Mohamed Nabeel, Ning Shang, Elisa Bertino (Purdue University) · Mohamed Nabeel, Ning Shang, Elisa...
IdMgr
Mohamed Nabeel, Ning Shang, Elisa Bertino (Purdue University)
What is policy based content dissemination?
Lab Reports
A
H
F
G
NML
K
JI
B
DC
A simplified Health Record (HR)
Contact InfoClinical Record
Medical History
A receptionist can access Contact Info
A data analyst can access Lab Reports
A doctor can access Clinical Record
Attribute Based Access Control (ABAC)
A simplistic approach using encryption
Lab Reports
A
H
F
G
NML
K
JI
B
DC
A simplified Health Record (HR)
Contact InfoClinical Record
Medical History
Issue #1: Privacy of the users is not preserved
Issue #2: The key management does not scale
“I am a doctor”
Publisher
“Here are the keys todecrypt Medical Records”
Subscriber
1. Need to reveal credentials2. Need a private communication channel
for re-keying
Only one encryption per node!
Re-keying has O(n) communication overhead (n = number of users)
Requirements for maximal amount of privacy & security
Access Control Hidden Credentials
Hidden Content Consumption
Only subscribers satisfying AC policies are allowed to access
Publisher does not learn the attributes of subscribers
Publisher does not learn which content subscribers can access
Building blocks: OCBE and BGKM schemes
Commitment(“I am a doctor”)
Publisher
Envelope (“Here are the secrets todecrypt Medical Records”)
• Publisher does not learn credentials• User can open the envelope only if her credential satisfies the condition
Unconditionally hiding and computationally binding
com(m) = gmhrAn encrypted message
Subscriber
OCBE: Oblivious Commitment Based Envelope
BGKM: Broadcast Group Key Management
Public Info
S1
S2
S3
+
a1,1 a1,2 a1,m
a2,1 a2,2 a2,m
an,1 an,2 an,m
A =
Each row is constructed with secret(s) given to each Sub
c1,1 c1,2 c1,m
K 0 0
+
A random vector from the null space of A
c'1,1 c1,2 c1,m
ACV – Access Control Vector
Public Info
ar,1 ar,2 ar,m
KEV – Key Extraction Vector
c'1,1 c1,2 c1,m.
ar,1 ar,2 ar,m
K=
Putting everything together (OCBE + BGKM)
IdP
Sub
IdMgr
Iden
tity
Tok
en Is
suan
ce
Pub
Identity Token Registration
Document Dissemination
Sub
Identity Token Issuance
IdP Sub(attr1, val1)
(attr1, val1)
(Token1)
Identity Token
Pseudonym
Attribute
Commitment
Signature
Certified Identity AttributeExample: “I am a doctor”
Identity Token Registration
OCBESub1Pub
Cond(attr1, val1,, op)
(Token1)
CSS1
Example: age > 21
Conditional Subscription Secret
Document Dissemination
Document
Subdocument1
Subdocument2
Subdocument3
ACV1
ACV2
ACV3
Document
Subdocument1
Subdocument2
Subdocument3
K1
K2
K3
ACV2 KEV2K2
Subdocument2 K2 Subdocument2
Some selected experimental results
Average computation time for running one round of GE-OCBE protocol
Time to generate an ACV for different user configurations
Key derivation time for different user configurations
ACV generation and key derivation for different number of conditions per policy
787-BC0.pdf 1 3/18/2010 5:36:23 PM
coj
Typewritten Text
2010 - 787-BC0 - Preserving Privacy in Policy-Based Content Dissemination - Mohamed Nabeel - IAP
