dynamic credentials and ciphertext delegation for abe
play

Dynamic Credentials and Ciphertext Delegation for ABE Amit Sahai, - PowerPoint PPT Presentation

Dynamic Credentials and Ciphertext Delegation for ABE Amit Sahai, Hakan Seyalioglu, Brent Waters Attribute-Based Encryption [S-Waters 2005, GPSW06, BSW07] Different users will have credentials (attributes). Top Secret, Forensics 2


  1. Dynamic Credentials and Ciphertext Delegation for ABE Amit Sahai, Hakan Seyalioglu, Brent Waters

  2. Attribute-Based Encryption [S-Waters 2005, GPSW’06, BSW’07] Different users will have credentials (attributes). Top Secret, Forensics 2

  3. Attribute-Based Encryption [S-Waters 2005, GPSW’06, BSW’07] Different users will have credentials (attributes). Top Secret, Forensics Attribute set = Top Secret, Forensics 3

  4. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. OR AND POTUS Forensics Top Secret 4

  5. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. OR Top Secret, AND POTUS Forensics Forensics Top Secret 5

  6. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 6

  7. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 7

  8. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 8

  9. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 9

  10. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 10

  11. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 11

  12. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 12

  13. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 13

  14. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key 14

  15. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: 15

  16. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority 16

  17. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority • Unrevoked keys can be updated and can decrypt data encrypted at new time 17

  18. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority • Unrevoked keys can be updated and can decrypt data encrypted at new time 18

  19. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority • Unrevoked keys can be updated and can decrypt data encrypted at new time 19

  20. This work: Dynamic Credentials Are the security concerns the same as Users’ credentials change over time standard revocation? If a user’s credentials change, his old key is No: standard revocation is for broadcast : you revoked and he is issued a new key only care about protecting the future (Usual) Framework to make this possible: We illustrate with a motivating example: • Periodic broadcasts by key authority Inspired by a wonderful conversation with • Unrevoked keys can be updated and can Thomas King and Daniel Manchala (Xerox LA) decrypt data encrypted at new time Our thanks to them for inspiring this work! 20

  21. Motivation Setting: Company with ABE based access control Normally, employee only accesses files he needs (enforced by access logs). 21

  22. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. 22

  23. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. Problem: He hacks into server and uses old key to decrypt old files that he didn’t download earlier. 23

  24. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. 24

  25. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. Problem: He hacks into server and uses old key to decrypt old files that he didn’t download earlier. 25

  26. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. Problem: He hacks into server and uses old key to decrypt old files that he didn’t download earlier. Serious problem: balance between strict security and ease of use: Necessitates broader access policies, with countermeasures against misuse of privilege. Preventing access to old files, even if they match old access policy, is important security concern. 26

  27. Motivation What security property do we need? 27

  28. Motivation What security property do we need? After termination, employee should not be able to access anything he doesn’t already have . 28

  29. Motivation What security property do we need? After termination, employee should not be able to access anything he doesn’t already have . This breaks down into two guarantees. 29

  30. Two Security Guarantees 1. Files encrypted in the past. 30

  31. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? Looked at only to a limited extent in the past for 31

  32. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge Looked at only to a limited extent in the past for 32

  33. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for 33

  34. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for 34

  35. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for IBE/ABE [Boldyreva-Goyal-Kumar’08] Only weak notions of security achieved. 35

  36. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for IBE/ABE [Boldyreva-Goyal-Kumar’08] Only weak notions of security achieved. Main Result: First ABE scheme to address both of these problems simultaneously. 36

  37. Two Security Guarantees • Assume we have security for new files: can only be decrypted by users with secret key for time ≥ t . (e.g., user with credential for time t+2 can decrypt) • How can we get security for old files? 37

  38. Solution ideas Decrypting and Re-encrypting: Every night, re-encrypt all files on server 38

  39. Solution ideas Decrypting and Re-encrypting: Every night, re-encrypt all files on server 39

  40. Solution ideas Decrypting and Re-encrypting: Every night, re-encrypt all files on server Decrypt and re-encrypt for time t+1 40

Recommend


More recommend