Establishment of Ad-Hoc Communities through Policy-Based Cryptography (Work in Progress)

1
Establishment of Ad-Hoc Communitiesthrough
Policy-Based Cryptography(Work in Progress)

• Walid Bagga , Stefano Crosta , Pietro Michiardi ,
  Refik Molva
• bagga,crosta,michiardi,molva_at_eurecom.fr

2nd Workshop on Cryptography for Ad-Hoc Networks
(WCAN06), July 16th, 2006
2
Outline

• Policy-Based Establishment of Ad-Hoc Communities
• Ad-Hoc Communities
• Current Approach
• Policy-Based Encryption
• Our Approach
• Policy-Based Encryption from Bilinear Pairings
• Policy Model
• Formal Definition
• Basic Concepts on Bilinear Pairings
• Our Policy-Based Encryption Scheme
• Summary and Future Work

3
Policy-Based Establishment of Ad-Hoc Communities
4
Ad-Hoc Communities

• Definition An ad-hoc community interconnects a
  group of devices, maintains membership and
  ensures that only entities, i.e., users or
  computing services, which possess certain
  credentials, attribute information and
  characteristics can join the community (common
  characteristics). The members of the community
  rely upon each other to provide services and
  share resources (interactions). These
  interactions are regulated through a set of
  well-defined policies that govern the access to
  the services and resources in the community.
• A security framework is needed to ensure
  trustworthy interactions within ad-hoc
  communities.

5
Current Approach Keoh et al., ACSAC04

• Scenario Alice is on a business trip for the
  collaborative project P. On the train there might
  be other colleagues from different companies
  working on the same project. Alice has some
  documents she is willing to share and possibly
  discuss only with the members of the project that
  are either from company X or from company Y.

• Bob wants to join Alices Community
• Bob gives his credentials to Alice
• Alice Checks the validity of the credentials
• Alice Checks that the credential fulfill her
  Policy
• Alice admits Bob as a member of her community

6
Policy-Based Encryption
Multiple Trusted Authorities
Policy
Credentials
1
2
3
Y
X

• Idea Encrypt a message with respect to a policy
  so that only users fulfilling the policy are able
  to decrypt the message

7
Our Approach

• Bob wants to join Alices Community

• Advantages
• Optimal number of interactions between Alice and
  Bob
• Compliance with the privacy principle of Data
  Minimization OECD Guidelines

8
Policy-Based Encryption from Bilinear Pairings
9
Policy Model

• A set of credential issuers

• A policy consists of
• conjunctions
• disjunctions

of conditions

• A condition is defined through
• A credential issuer
• An assertion

fulfilled by credential

• A policy is written in standard normal form

• Conjunctive Normal Form (CNF)
• Disjunctive Normal Form (DNF)

• A qualified set of credentials for is
  denoted

10
Formal Definition

• A Policy-Based Encryption scheme (PBE) consists
  of 5 algorithms

• Consistency constraint to be fulfilled

11
Basic Concepts on Bilinear Pairings

• Bilinear Diffie-Hellman Parameters
• Additive Group
• Multiplicative Group
• Generator
• Bilinear Pairing
• Bilinear
• Non-Degenerate
• Computable

same prime order
satisfying the following properties
12
Our PBE Scheme (1/3)

• Setup Algorithms

13
Our PBE Scheme (2/3)

• Encryption and Decryption Algorithms

14
Our PBE Scheme (3/3)

• Performance

• Provable Security for Policy-Based Encryption
• Semantic Security against Chosen Ciphertext
  Attacks (IND-Pol-CCA)
• Reductionist Security Proof

15
Summary and Future Work

• Contributions
• Novel Approach for Ad-Hoc Community Establishment
• Concrete Policy-Based Encryption Scheme
• Current and Future Work
• Improve the performance of Policy-Based
  Encryption
• Policy-Based Encryption v.s. Generalized
  Threshold Decryption
• Design and Implementation of a Proof-of-Concept