Attribute-Based Encryption - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Attribute-Based Encryption

Description:

Attribute-Based Encryption Brent Waters SRI International Joint work with Vipul Goyal, Omkant Pandey, and Amit Sahai http://www.csl.sri.com/users/bwaters/ – PowerPoint PPT presentation

Number of Views:243
Avg rating:3.0/5.0
Slides: 33
Provided by: BrentW89
Category:

less

Transcript and Presenter's Notes

Title: Attribute-Based Encryption


1
Attribute-Based Encryption
Brent Waters SRI International
Joint work with Vipul Goyal, Omkant Pandey, and
Amit Sahai
http//www.csl.sri.com/users/bwaters/
2
IBE BF01
  • IBE BF01 Public key encryption scheme where
    public key is an arbitrary string (ID).
  • Examples users e-mail address

Is regular PKI good enough?
Alice does not access a PKI
CA/PKG
master-key
Authority is offline
3
Generalizing the Framework
CA/PKG
master-key
Authority is offline
4
Attributed-Based Encryption(ABE) SW05
  • Encrypt Data with descriptive Attributes
  • Users Private Keys reflect Decryption Policies

5
An Encrypted Filesystem
  • Encrypted Files on Untrusted Server
  • Label files with attributes

6
An Encrypted Filesystem
Authority
OR
AND
bsmith
CS
admissions
7
This Talk
  • Threshold ABE Biometrics
  • More Advanced ABE
  • Other Systems

8
A Warmup Threshold ABESW05
  • Data labeled with attributes
  • Keys of form At least k attributes
  • Application IBE with Biometric Identities

9
Biometric Identities
  • Iris Scan
  • Voiceprint
  • Fingerprint

10
Biometric Identities
  • Stay with human
  • Are unique
  • No registration
  • Certification is natural

11
Biometric Identities
Deviations Environment Difference in
sensors Small change in trait
Cant use previous IBE solutions!
12
Error-tolerance in Identity
  • k attributes must match
  • Example 5 attributes

Public Key
13
Error-tolerance in Identity
  • k attributes must match
  • Example 5 attributes

Public Key
Private Key
CA/PKG
master-key
14
Secret Sharing
  • Split message M into shares such that need k to
    reconstruct
  • Choose random k-1 degree polynomial, q, s.t.
    q(0)M
  • Need k points to interpolate

15
First Method
  • Key Pair per Trait
  • Encrypt shares of message
  • Deg. 4 (need 5 traits) polynomial q(x), such that
    q(0)M

q(x) at 5 points ) q(0)M
16
Collusion Attack
Private Key
17
Our Approach
  • Goals
  • Threshold
  • Collusion Resistance
  • Methods
  • Secret-share private key
  • Bilinear maps

18
Bilinear Maps
  • G , G1 finite cyclic groups of prime order p.
  • Def An admissible bilinear map e G?G ? G1
    is
  • Bilinear e(ga, gb) e(g,g)ab ?a,b?Z,
    g?G
  • Non-degenerate g generates G ?
    e(g,g) generates G1 .
  • Efficiently computable.

19
The SW05 Threshold ABE system
Public Parameters
e(g,g)y 2 G1, gt1, gt2,.... gtn 2 G
Interpolate in exponent to get e(g,g)rq(0)e(g,g)r
y
20
Intuition
  • Threshold
  • Need k values of e(g,g)rq(x)
  • Collusion resistance
  • Cant combine private key components
  • ( shares of q(x), q(x) )
  • Reduction
  • Given ga,gb,gc distinguish e(g,g)ab/c from random

21
Moving Beyond Threshold ABE
  • Threshold ABE not very expressive
  • Grafting has limitations
  • Shamir Secret Sharing gt k of n
  • Base new ABE off of general
  • secret sharing schemes

OR
AND
ksmith
CS
admin
22
Access Trees Ben86
  • Secret Sharing for tree-structure of AND OR
  • Replicate ORs Split ANDs

s
OR
AND
AND
OR
Alice
Bob
Charlie
Doug
Edith
23
Key-Policy Attribute-Based Encryption GPSW06
  • Encryption similar to Threshold ABE
  • Keys reflect a tree access structure
  • Randomness to prevent collusion!
  • Use Threshold Gates
  • Decrypt iff attributes from CT
  • satisfy keys policy

OR
AND
ksmith
CS
admin
24
Delegation
  • Can delegate any key to a more restrictive policy
  • Subsumes Hierarchical-IBE

OR
AND
ksmith
CS
admin
25
A comparison
  • ABE GPSW06
  • Arbitrary Attributes
  • Expressive Policy
  • Attributes in Clear
  • Hidden Vector Enc. BW06
  • Fields Fixed at Setup
  • Conjunctions dont care
  • Hidden Attributes

26
Ciphertext Policy ABE (opposite)
  • Encrypt Data reflect Decryption Policies
  • Users Private Keys are descriptive attributes

27
Multi-Authority ABE Chase07
  • Authorities over different domains
  • E.g. DMV and IRS
  • Challenge Prevent Collusion Across Domains
  • Insight Use globally verifiable ID/attribute
    to link

28
Open Problems
  • Ciphertext Policy ABE
  • ABE with hidden attributes
  • Policies from Circuits instead of Trees

29
Generalizing the Framework
CA/PKG
master-key
Authority is offline
30
Health Records
Weight125 Height 54 Age 46 Blood Pressure
125 Partners
If Weight/Height gt30 AND Age gt 45 Output Blood
Pressure
No analogous PKI solution
CA/PKG
master-key
Authority is offline
31
THE END
32
Related Work
  • Secret Sharing Schemes Shamir79, Benaloh86
  • Allow Collusion
  • Building from IBE Secret Sharing Smart03,
    Juels
  • IBE gives key Compression
  • Not Collusion Resistant
Write a Comment
User Comments (0)
About PowerShow.com