on symmetric key broadcast encryption
play

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and - PowerPoint PPT Presentation

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical Institute, Kolkata Elliptic Curve Cryptography (This is not) 2014 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 1 / 53


  1. On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical Institute, Kolkata Elliptic Curve Cryptography (This is not) 2014 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 1 / 53

  2. Conventional Symmetric Key Encryption Receiver Sender message M public channel ciphertext Encrypt Decrypt secret key K adversary secret key K isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 2 / 53

  3. Symmetric Key Broadcast Encryption Users Users Broadcast Users Centre isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 3 / 53

  4. Symmetric Key BE Functionality The centre pre-distributes secret information to the users. A broadcast takes place in a session. For each session: Some users are privileged and the rest are revoked. The actual message is encrypted once using a session key. The session key undergoes a number of separate encryptions. This determines the header. Only the privileged users are able to decrypt. A coalition of all the revoked users get no information about the message. isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 4 / 53

  5. Parameters of Interest Size of the header. Size of the secret information required to be stored by the users. Time required by the centre to encrypt. Time required by a user to decrypt. Hdr sz and enc time are proportional to # enc of the session key. Requirement: Reduce header size, user storage and decryption time. isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 5 / 53

  6. Applications of BE AACS standard: content protection in optical discs: Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. Pay-TV : BSkyB in UK and Ireland has a subscriber base of over 10 million; Cable Television Networks (Regulation) Amendment Act, 2011 (India). File Sharing in Encrypted File Systems. Encrypted Email to Mailing Lists. Military Broadcasts: Global Broadcast Service (US), Joint Broadcast System (Europe). . . . isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 6 / 53

  7. Subset Cover Schemes Identify a collection S consisting of subsets of users. Assign keys to each subset in S . To each user, assign secret information such that it is able to generate secret keys for each subset in S to which it belongs; and no more. During a broadcast, form a partition { S 1 , . . . , S h } of the set of privileged users with S i ∈ S . The session key is encrypted using the keys for S 1 , . . . , S h . Each privileged user can decrypt; no coalition of revoked users gains any information about the session key (or the message). isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 7 / 53

  8. Subset Difference Scheme Naor-Naor-Lotspiech (2001): patented, AACS standard. Assumes an underlying full binary tree Level Numbers 0 4 2 1 3 3 4 5 6 2 10 11 12 13 14 7 8 9 1 0 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 8 / 53

  9. Subsets in the collection S S i , j = T i \ T j : has all users that are in T i but not in T j i j Collection S : has all subsets S i , j such that j ( � = i ) is in the subtree T i . isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 9 / 53

  10. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  11. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  12. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i j Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  13. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) j Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  14. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  15. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j G R ( G L ( G L ( seed i ))) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  16. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j G R ( G L ( G L ( seed i ))) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  17. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j G R ( G L ( G L ( seed i ))) L i , j = G M ( G R ( G L ( G L ( seed i )))) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 10 / 53

  18. Assigning seeds to users isilogo Figure : From one derived seed, keys of many subsets can be generated

  19. Assigning seeds to users T i u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  20. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  21. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  22. Assigning seeds to users T i T j u T i T j u isilogo Figure : From one derived seed, keys of many subsets can be generated

  23. Assigning seeds to users T i T j u T i T j u isilogo Figure : From one derived seed, keys of many subsets can be generated Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 11 / 53

  24. Assigning seeds to users T i u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  25. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  26. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  27. Assigning seeds to users T i T j u T i u T j isilogo Figure : From one derived seed, keys of many subsets can be generated

  28. Assigning seeds to users T i T j u T i u T j isilogo Figure : From one derived seed, keys of many subsets can be generated Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 12 / 53

  29. User Storage Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  30. User Storage u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  31. User Storage seed i u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  32. User Storage seed i u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  33. User Storage seed i G R ( seed i ) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  34. User Storage seed i G L ( seed i ) G R ( seed i ) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  35. User Storage seed i G L ( seed i ) G R ( seed i ) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  36. User Storage seed i G L ( seed i ) G R ( seed i ) G R ( G L ( seed i )) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 13 / 53

  37. User Storage seed i G R ( seed i ) G R ( G L ( seed i )) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

Recommend


More recommend