Upload
mateus-s-h-cruz
View
72
Download
1
Embed Size (px)
Citation preview
Realizing Fine-Grained andFlexible Access Control to
Outsourced Data withAttribute-Based Cryptosystems
Fangming Zhao, Takashi Nishide, and Kouichi Sakurai
International Conference on Information Security Practice and ExperienceGhuangzhou, China, May 2011
SWIM SeminarMarch 9, 2016Mateus Cruz
Introduction ABE/ABS Proposal Performance Analysis Conclusion
OUTLINE
1 Introduction
2 ABE/ABS
3 Proposal
4 Performance Analysis
5 Conclusion
Introduction ABE/ABS Proposal Performance Analysis Conclusion
OUTLINE
1 Introduction
2 ABE/ABS
3 Proposal
4 Performance Analysis
5 Conclusion
Introduction ABE/ABS Proposal Performance Analysis Conclusion
BACKGROUND
Outsourcing of data storageI Cloud storage
Privacy concernsI Untrusted server
Encrypt data before uploadingI Access controlled by keys
1 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
CONTRIBUTIONS
Flexible and fine-grained access controlI read-only and read-write differentiation
Data confidentialityLower cost of key distributionIntegrity verification
2 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
SECURITY ASSUMPTIONS
Semi-trusted storage serversI Tries to obtain informationI Does not tamper with the data
Trusted attribute authority (TA)I Manage attributes and related keys
UsersI Readers (read-only )I Writers (read-write)I Can collude to obtain more information
3 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
OUTLINE
1 Introduction
2 ABE/ABS
3 Proposal
4 Performance Analysis
5 Conclusion
Introduction ABE/ABS Proposal Performance Analysis Conclusion
ATTRIBUTE-BASED ENCRYPTION
Private key associated with attributesAccess tree Tdecrypt
I Defines access policies over attributesI Encrypt using access structureI Decrypt if structure is satisfied
Example
“Directors or managers ora specifically appointedperson (trustee) canaccess the data”
5 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
ATTRIBUTE-BASED SIGNATUREUsers can sign resources
I Signatures are based on users’ attributes
Users verify signatures
Example
“Only director-managerusers or a specificallyappointed person (trustee)can access the data”
6 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
OUTLINE
1 Introduction
2 ABE/ABS
3 Proposal
4 Performance Analysis
5 Conclusion
Introduction ABE/ABS Proposal Performance Analysis Conclusion
DATA ACCESS PROCEDURES
Create fileI Encrypt phaseI Sign phaseI Upload phase
Read fileI Verify phaseI Decrypt phase
Update file
7 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
CREATE FILE
Encrypt phaseSign phaseUpload phase
8 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
ENCRYPT PHASEThe owner encrypts a file for sharing
I Based on ABEI Decryption policy based on the tree Tdecrypt
CT = Enc(PKE ,M,Tdecrypt)
Notation Description
CT : ciphertextEnc: encryption algorithmPKE : public key for encryptionM: message
Tdecrypt : access tree
9 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
SIGN PHASEThe owner signs the ciphertext using ABSUsed to differentiate readers and writers
SG = Sign(PKS,SKS,h(CT )||t ,Tsign)
Notation Description
SG: signatureSign: sign algorithmPKS: public key for signing
h: hash functionCT : ciphertextt : timestamp
Tsign: access tree
10 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
UPLOAD PHASEThe owner uploads CT , SG, tThe server checks signature
I Accept or reject upload
R0 = Verify(PKS,h(CT )||t ,Tsign,SG)
Notation Description
R0: boolean verification valueVerify : verification algorithmPKS: public key for signing
h: hash functionCT : ciphertextt : timestamp
Tsign: access treeSG: signature
11 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
READ FILE
Verify phaseDecrypt phase
12 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
VERIFY PHASEA user obtains CT , SG, t , TsignObtain public key PKS from trusted authorityVerifies if the signature is valid
R1 = Verify(PKS,h(CT )||t ,Tsign,SG)
Notation Description
R1: boolean verification valueVerify : verification algorithmPKS: public key for signing
h: hash functionCT : ciphertextt : timestamp
Tsign: access treeSG: signature
13 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
DECRYPT PHASE
Decrypts ciphertext using SKU
M = Decrypt(CT ,SKU)
Notation Description
M: messageDecrypt : decryption algorithm
CT : ciphertextSKU : key corresponding to attributes U
14 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
UPDATE FILE
A user...I Updates M to M1I Encrypts message:
CT1 = Enc(PKE ,M1,Tdecrypt1)I Signs ciphertext:
SG1 = Sign(PKS,SKS,h(CT1)||t1,Tsign)I Uploads CT1, SG1, t1, Tsign
The server...I Verifies the new signature
– Check writer’s attributesI Accepts or rejects the update
15 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
WRITER-READER DIFFERENTIATION
Users differentiated by ABSI Writers can produce a valid signature
Differentiation done at attribute levelI Scales better than at user level
16 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
INTEGRITY
ABS offers integrityI Hash ciphertext before signing
The integrity can be verified by...I ServerI Valid users
17 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
OUTLINE
1 Introduction
2 ABE/ABS
3 Proposal
4 Performance Analysis
5 Conclusion
Introduction ABE/ABS Proposal Performance Analysis Conclusion
COMPUTATIONAL OVERHEAD
Create and UpdateI One encryption operationI One sign operationI Cost grows with access structure matrix
ReadI One decryption operationI One verify operationI Cost grows with attributes satisfiedI Cost mainly generated by pairing computations
18 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
OUTLINE
1 Introduction
2 ABE/ABS
3 Proposal
4 Performance Analysis
5 Conclusion
Introduction ABE/ABS Proposal Performance Analysis Conclusion
SUMMARY
Secure data sharing schemeFine-grained accessMany-read-many-writeIntegrity verification
19 / 21
Introduction ABE/ABS Proposal Performance Analysis Conclusion
FUTURE WORK
Use search on encrypted dataI Many-read-many-write-many-search
Implementation to verify usability
20 / 21
Detailed Analysis
COMPLEXITY ANALYSIS
Create fileI O(E1 × log p) + O(l × E0 × log p)
Read fileI O(l×L)+O(|U|×E1× log p)+O(l×E0× log p)
Update fileI O(E1 × log p) + O(l × E0 × log p)
Notation Description
E0 Cost of exponentiation operations in G0E1 Cost of exponentiation operations in G1L Cost of bilinear pairingp Prime order of G0 and G1U The attribute set in the access treel , t The matrix l × t of the monotone span program which is con-
verted from its corresponding access structure