attribute based encryption for ndnex
play

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA - PowerPoint PPT Presentation

Jan 08, 2024 •258 likes •466 views

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to transplat open mHealth to NDN network. The goal is to design a physical activity data ecosystem. Following is the data conceptual block diagram of

  1. Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA

  2. Background - NDNEx NDNEx tries to transplat open mHealth to NDN network. The goal is to design a physical activity data ecosystem. Following is the data conceptual block diagram of NDNex. FITNESS MOBILE TRACE PERSONAL DATA LOCATION ACTIVITY VISUALIZER CAPTURE REPOSITORY ANONYMIZATION CLASSIFICATION (NO LOC. DATA) Ohmage on Android DSU DPU DPU DVU GEOFENCING PATH VISUALIZER FILTER (LOC. DATA) DPU DVU LOCATION-BASED NDN Open mHealth Use Case Scenario for 2014 CONTENT EMITTER NDNEx Concept Design Discussion DVU November 13, 2014 jburke@ucla.edu DSUs, DVUs, and DPUs are potentially run by different entities. (Personal) DSU is used to store a user’s data. The user’s DSU (thus the user) 2 should have fully control of her data.

  3. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  4. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  5. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  6. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  7. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  8. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  9. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  10. Data flow There are there kinds of data flows: 1. A user’s (Personal) DSU pulls data from the user’s mobile app and (personal) DPU+DVU; mobile app and personal DPU+DVU pull data from DSU. 2. A user may authorize other users’ DPUs and DVUs to read part of her data from her DSU. 3. The user may join some groups, in which case the user should authorize these groups’ DPUs and DVUs to read part of her data from her DSU. Besides these, the user wants no one else get access to her data. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 3 DPU and DVU DPU and DVU

  11. Data access control requirement Requirement - Fine-Grained Access Control Different data consumers should read different parts of the user’s data. But how? 1. Encrypt data for every consumer, respectively? If there are many consumers, the workload of encrypting is really heavy. 2. Encrypt different data chucks with different keys, and distribute these keys to consumers according to access control list? It’s hard to decide when to update the key. Every five hours, Or every second? When I go back home from campus, should I change my key? How to authorize new consumers to read historical data? The data generated between 7am and 8am are encrypted with the same key, but we want to authorize new consumers to read the data generated between 7am and 7:30am. ABE – Attribute-Based Encryption Encrypt data only once. Each data consumer owns one specific decryption key which is generated according to her access privilege. Data consumers 4 having different decryption keys could decrypt different data chucks.

  12. ABE - Attribute-Based Encryption Two kinds of ABEs: key-policy ABE and ciphertext-policy ABE 5

  13. Improvement 1. The combination of key-policy ABE and ciphertext-policy ABE ( Joseph A. Akinyele, Christoph U. Lehmanny, Matthew D. Green, Matthew W. Pagano, Zachary N. J. Petersonz, Aviel D. Rubin ) They provide a design and implementation of self-protecting electronic medical records (EMRs) using the combination of these two kinds of attribute-based encryption. Key-policy ABE is used to grant a limited access to the data. Ciphertext-policy ABE is used for individuals whose access privileges change infrequently. See their code: http://code.google.com/p/libfenc/ 6

  14. Improvement 2. Use different encryption algorithms for different data flows Based on the result of Joseph A. Akinyele, etc. the encryption and decryption processing of ABE are quite time consuming, especially for ARM CPU on mobile device. So (1) Traditional symmetric encryption algorithm is used for data flow between personal DSU and mobile device. (2) ABE is used to for other data flows. User 1’s Group 1s’ Personal DPU DPU and DVU DPU and DVU and DVU Personal DSU User 2’s Group 1’s Mobile APP 7 DPU and DVU DPU and DVU

  15. The access control and group information Namespace for repo The public key of this user for signature The name for raw data and classified data The name for readers and publishers’ public keys, used for signature checking and decryption key distribution 8

  16. Namespace and ABE 1. Encryption Data’s name prefix is the combination of data’s attributes, which is used for key-policy ABE. …/haitao/ndnex/sample/physical_activity/ucla/irl/020320151000/02032015 1005/…  Attributes list: ucla, irl,, Feb 3 2015 10:00am – 10:05am There are also access attributes list in the namespace specifying the authorized consumers’ attributes, which is used for ciphertext-policy ABE. …/haitao/ndnex/sample/physical_activity/ucla/irl/020320151000/02032015 1005/ access attributes list/ 𝑉𝐷𝑀𝐵 and ( 𝑗𝑠𝑚 or 𝑠𝑓𝑛𝑏𝑞 )) …  Attributes list: 𝑉𝐷𝑀𝐵 and ( 𝑗𝑠𝑚 or 𝑠𝑓𝑛𝑏𝑞 ) 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based Encryption 2 Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 Identity-Based Encryption In PKE, KeyGen produces a random

1.47k views • 114 slides
Unbounded ABE via Bilinear Entropy Expansion, Revisited Jie Chen Junqing Gong Lucas Kowalczyk

Unbounded ABE via Bilinear Entropy Expansion, Revisited Jie Chen Junqing Gong Lucas Kowalczyk

Unbounded ABE via Bilinear Entropy Expansion, Revisited Jie Chen Junqing Gong Lucas Kowalczyk Hoeteck Wee ECNU ENS de Lyon Columbia University ENS & CNRS attribute-based encryption (ABE) [SW05, GPSW06] 1 attribute-based encryption

1.21k views • 81 slides
Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography Identity-Based Encryption Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair

1.65k views • 115 slides
Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work with Tatsuaki Okamoto 1 and Katsuyuki Takashima 2 1 NTT Secure Platform Laboratories 3-9-11 Midori-cho, Musashino-shi, Tokyo, 180-8585 Japan 2

611 views • 29 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Certificate Retrieval from OpenLDAP The X.509 attribute Parsing Server (XPS)

Certificate Retrieval from OpenLDAP The X.509 attribute Parsing Server (XPS)

Certificate Retrieval from OpenLDAP The X.509 attribute Parsing Server (XPS) d.w.chadwick@salford.ac.uk The Problem PKI clients cannot search for specific X.509 attributes stored in LDAP directories, e.g. Find the encryption PKC for

667 views • 23 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

511 views • 34 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University, Israel 2012 Lattice-Based Encryption Schemes 1. NTRU [Hoffstein,

849 views • 47 slides
PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry Khovratovich University of Luxembourg 12 October 2014 Authenticated encryption Simple encryption If you just want to protect confidentiality of your

991 views • 32 slides
MDL-Based Unsupervised Attribute Ranking Zdravko Markov Computer Science Department Central

MDL-Based Unsupervised Attribute Ranking Zdravko Markov Computer Science Department Central

MDL-Based Unsupervised Attribute Ranking Zdravko Markov Computer Science Department Central Connecticut State University New Britain, CT 06050, USA http://www.cs.ccsu.edu/~markov/ markovz@ccsu.edu MDL-Based Unsupervised Attribute Ranking

251 views • 23 slides
CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27,

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27,

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 2951U Spring 20 1 / 8 Course Overview (1/2)

739 views • 20 slides
A Domain-Specific Interpreter for Parallelising a Large Mixed-Language Visualisation Application

A Domain-Specific Interpreter for Parallelising a Large Mixed-Language Visualisation Application

A Domain-Specific Interpreter for Parallelising a Large Mixed-Language Visualisation Application Karen Osmond, Olav Beckmann, Anthony J. Field and Paul H. J. Kelly Department of Computing, Imperial College London, 180 Queens Gate, London SW7

636 views • 20 slides
Some ideas for DUNE DAQ Architecture, Triggering, Reduction (focus on single-phase) Brett Viren

Some ideas for DUNE DAQ Architecture, Triggering, Reduction (focus on single-phase) Brett Viren

Some ideas for DUNE DAQ Architecture, Triggering, Reduction (focus on single-phase) Brett Viren Physics Department DUNE FD DAQ Workshop Columbia, 30-31 OCT 2017 Outline Some Numbers Conceptual Design Collection Plane Triggering To Do

463 views • 22 slides
Introduction to Machine-Independent Optimizations - 2 Data-Flow Analysis Y.N. Srikant

Introduction to Machine-Independent Optimizations - 2 Data-Flow Analysis Y.N. Srikant

Introduction to Machine-Independent Optimizations - 2 Data-Flow Analysis Y.N. Srikant Department of Computer Science and Automation Indian Institute of Science Bangalore 560 012 NPTEL Course on Principles of Compiler Design Y.N. Srikant

537 views • 21 slides
Physics Computing at CERN Helge Meinhard CERN, IT Department OpenLab S tudent Lecture 21 July

Physics Computing at CERN Helge Meinhard CERN, IT Department OpenLab S tudent Lecture 21 July

Physics Computing at CERN Helge Meinhard CERN, IT Department OpenLab S tudent Lecture 21 July 2011 Location (1) Building 513 (opposite of restaurant no. 2) Building 513 (1) Large building with 2700 m 2 surface for computing equipment,

821 views • 45 slides
COMP 590-154: Computer Architecture Core Pipelining Generic Instruction Cycle Steps in

COMP 590-154: Computer Architecture Core Pipelining Generic Instruction Cycle Steps in

COMP 590-154: Computer Architecture Core Pipelining Generic Instruction Cycle Steps in processing an instruction: Instruction Fetch ( IF_STEP ) Instruction Decode ( ID_STEP ) Operand Fetch ( OF_STEP ) Execute ( EX_STEP )

600 views • 48 slides
Introduction to Data Flow Analysis GCC Resource Center (www.cse.iitb.ac.in/grc) Department of

Introduction to Data Flow Analysis GCC Resource Center (www.cse.iitb.ac.in/grc) Department of

Workshop on Essential Abstractions in GCC Introduction to Data Flow Analysis GCC Resource Center (www.cse.iitb.ac.in/grc) Department of Computer Science and Engineering, Indian Institute of Technology, Bombay 1 July 2012 1 July 2012

807 views • 43 slides
Gesture Recognition Adrian Kndig adkuendi@student.ethz.ch Datum Informatik II Samstag, 27.

Gesture Recognition Adrian Kndig adkuendi@student.ethz.ch Datum Informatik II Samstag, 27.

Gesture Recognition Adrian Kndig adkuendi@student.ethz.ch Datum Informatik II Samstag, 27. April 13 1 The beginning of gestures based interfaces Samstag, 27. April 13 2 Gesture Recognition 1970 Myron W. Krueger and VideoPlace

747 views • 62 slides

More recommend