dynamic credentials and ciphertext delegation for abe
play

Dynamic Credentials and Ciphertext Delegation for ABE Amit Sahai, - PowerPoint PPT Presentation

Nov 27, 2023 •28 likes •688 views

Dynamic Credentials and Ciphertext Delegation for ABE Amit Sahai, Hakan Seyalioglu, Brent Waters Attribute-Based Encryption [S-Waters 2005, GPSW06, BSW07] Different users will have credentials (attributes). Top Secret, Forensics 2

  1. Dynamic Credentials and Ciphertext Delegation for ABE Amit Sahai, Hakan Seyalioglu, Brent Waters

  2. Attribute-Based Encryption [S-Waters 2005, GPSW’06, BSW’07] Different users will have credentials (attributes). Top Secret, Forensics 2

  3. Attribute-Based Encryption [S-Waters 2005, GPSW’06, BSW’07] Different users will have credentials (attributes). Top Secret, Forensics Attribute set = Top Secret, Forensics 3

  4. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. OR AND POTUS Forensics Top Secret 4

  5. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. OR Top Secret, AND POTUS Forensics Forensics Top Secret 5

  6. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 6

  7. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 7

  8. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 8

  9. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 9

  10. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 10

  11. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 11

  12. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 12

  13. Attribute-Based Encryption has a message, wants to send it to everyone authorized to receive it. Encryption takes as input a policy. ü can decrypt OR û ü Top Secret, AND POTUS Forensics ü ü Forensics Top Secret 13

  14. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key 14

  15. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: 15

  16. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority 16

  17. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority • Unrevoked keys can be updated and can decrypt data encrypted at new time 17

  18. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority • Unrevoked keys can be updated and can decrypt data encrypted at new time 18

  19. This work: Dynamic Credentials Users’ credentials change over time If a user’s credentials change, his old key is revoked and he is issued a new key (Usual) Framework to make this possible: • Periodic broadcasts by key authority • Unrevoked keys can be updated and can decrypt data encrypted at new time 19

  20. This work: Dynamic Credentials Are the security concerns the same as Users’ credentials change over time standard revocation? If a user’s credentials change, his old key is No: standard revocation is for broadcast : you revoked and he is issued a new key only care about protecting the future (Usual) Framework to make this possible: We illustrate with a motivating example: • Periodic broadcasts by key authority Inspired by a wonderful conversation with • Unrevoked keys can be updated and can Thomas King and Daniel Manchala (Xerox LA) decrypt data encrypted at new time Our thanks to them for inspiring this work! 20

  21. Motivation Setting: Company with ABE based access control Normally, employee only accesses files he needs (enforced by access logs). 21

  22. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. 22

  23. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. Problem: He hacks into server and uses old key to decrypt old files that he didn’t download earlier. 23

  24. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. 24

  25. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. Problem: He hacks into server and uses old key to decrypt old files that he didn’t download earlier. 25

  26. Motivation Employee Termination: Employee’s key is revoked. Standard guarantee: he can’t access files added in the future. Problem: He hacks into server and uses old key to decrypt old files that he didn’t download earlier. Serious problem: balance between strict security and ease of use: Necessitates broader access policies, with countermeasures against misuse of privilege. Preventing access to old files, even if they match old access policy, is important security concern. 26

  27. Motivation What security property do we need? 27

  28. Motivation What security property do we need? After termination, employee should not be able to access anything he doesn’t already have . 28

  29. Motivation What security property do we need? After termination, employee should not be able to access anything he doesn’t already have . This breaks down into two guarantees. 29

  30. Two Security Guarantees 1. Files encrypted in the past. 30

  31. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? Looked at only to a limited extent in the past for 31

  32. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge Looked at only to a limited extent in the past for 32

  33. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for 33

  34. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for 34

  35. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for IBE/ABE [Boldyreva-Goyal-Kumar’08] Only weak notions of security achieved. 35

  36. Two Security Guarantees 1. Files encrypted in the past. How can we protect old files that the employee could access with his old key in the past? First time considered to the best of our knowledge 2. Files added to system in future Looked at only to a limited extent in the past for IBE/ABE [Boldyreva-Goyal-Kumar’08] Only weak notions of security achieved. Main Result: First ABE scheme to address both of these problems simultaneously. 36

  37. Two Security Guarantees • Assume we have security for new files: can only be decrypted by users with secret key for time ≥ t . (e.g., user with credential for time t+2 can decrypt) • How can we get security for old files? 37

  38. Solution ideas Decrypting and Re-encrypting: Every night, re-encrypt all files on server 38

  39. Solution ideas Decrypting and Re-encrypting: Every night, re-encrypt all files on server 39

  40. Solution ideas Decrypting and Re-encrypting: Every night, re-encrypt all files on server Decrypt and re-encrypt for time t+1 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dynamic Delegation of Experimentation Yingni Guo Northwestern University ngni Guo (NU)

Dynamic Delegation of Experimentation Yingni Guo Northwestern University ngni Guo (NU)

Dynamic Delegation of Experimentation Yingni Guo Northwestern University ngni Guo (NU) Delegation of Experimentation 1 / 55 Introduction Delegating Experimentation I study how to manage innovation in a hierarchical organization. A principal

1.68k views • 119 slides
CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun ) reference materials used to support applications for employment or graduate study BENEFITS OF CREATING A FILE Compile all of your resources in the Career

677 views • 21 slides
DELEGATION readysetpresent.com Delegation Program Objectives ( 1 of 3 ) Understand the

DELEGATION readysetpresent.com Delegation Program Objectives ( 1 of 3 ) Understand the

DELEGATION readysetpresent.com Delegation Program Objectives ( 1 of 3 ) Understand the benefits of delegation. Define delegation, and identify its benefits and uses. Explain the basic methods involved in successful delegation. Explore the

1.79k views • 149 slides
Outline n Introduction Proxy Dynamic Delegation in Grid Gateway n Is there the need for a

Outline n Introduction Proxy Dynamic Delegation in Grid Gateway n Is there the need for a

Outline n Introduction Proxy Dynamic Delegation in Grid Gateway n Is there the need for a Web portal to access Grid? n Grid Gateway (L-GRID) n Architecture n Dynamic Delegation inside GRID GW n Access Grid via Web n Job

491 views • 12 slides
Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

959 views • 57 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores

A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores

Motivation Most client-server applications on the Internet A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores / banking for WWW Credentials web-based e-mail virtual market places,

69 views • 5 slides
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove youre over 21, or verify your address

659 views • 48 slides
RSA Cryptography basics of security / cryptography Bob encrypts message M into ciphertext

RSA Cryptography basics of security / cryptography Bob encrypts message M into ciphertext

RSA Cryptography basics of security / cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret) M = S(C) anyone else

796 views • 16 slides
Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva,

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva,

Ciphertext Fragmentation and Related Problems Formalizing Fragmentation Security Notions Constructions and Comparison Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva, Jean Paul Degabriele , Kenny

924 views • 43 slides
CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may

CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may

CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may elect to rely on a Credentials Verification Organization (CVO) to conduct primary source verification of an applicants credentials. * Prior to

467 views • 21 slides
The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role

The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role

The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role do three factors play in the evaluation of educational credentials: 1. Immigrant status 2. Accreditation (or not) of foreign credentials 3. Race

547 views • 15 slides
Delegation: Delegation: Responsibilities of the Responsibilities of the Nurse Nurse Joyce

Delegation: Delegation: Responsibilities of the Responsibilities of the Nurse Nurse Joyce

Delegation: Delegation: Responsibilities of the Responsibilities of the Nurse Nurse Joyce Winstead, MSN, RN , FRE Mission Statement Mission Statement The mission of the North Carolina Board of Nursing is to protect the public by

388 views • 12 slides
Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud

Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud

Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud Developer at SUSE cmurphy @_colleenm Overview Why we needed application credentials What are application credentials? (with demo!)

637 views • 25 slides
Nurse Delegation Updates May 12 th 2020 Doris Barret RN Marlo Moss RN CONTRACT CHANGE DSHS MUST

Nurse Delegation Updates May 12 th 2020 Doris Barret RN Marlo Moss RN CONTRACT CHANGE DSHS MUST

Nurse Delegation Updates May 12 th 2020 Doris Barret RN Marlo Moss RN CONTRACT CHANGE DSHS MUST BE LISTED AS AN ADDITIONAL INSURED ON ALL NURSE DELEGATION CONTRACTS EMERGENCY RULES NURSE DELEGATION Nurse Delegation Emergency Rules 1. Basic

309 views • 6 slides
Delegation procedure: lack of transparency Delegation procedure: lack of transparency or European

Delegation procedure: lack of transparency Delegation procedure: lack of transparency or European

Brussels, 26th May 2015 Delegation procedure: lack of transparency Delegation procedure: lack of transparency or European democracy at risk? or European democracy at risk? Daniel Guguen Delineation between delegated and implementing acts?

61 views • 5 slides
CEM: A Matching Method for Observational Data in the Social Sciences S.M. Iacus (Univ. of Milan)

CEM: A Matching Method for Observational Data in the Social Sciences S.M. Iacus (Univ. of Milan)

CEM: A Matching Method for Observational Data in the Social Sciences S.M. Iacus (Univ. of Milan) & G. King (Harvard Univ.) & G. Porro (Univ. of Trieste) Rennes, useR! 2009, July 8th - 10th 1 / 11 The problem of matching Estimation of

255 views • 14 slides
1 The National Rural Recruitment and Retention Network 3R Net Members are state based

1 The National Rural Recruitment and Retention Network 3R Net Members are state based

1 The National Rural Recruitment and Retention Network 3R Net Members are state based non-profit agencies in 49 states, CNMI and the Cherokee Nation (RI is not a member) Supported by a contract from the Office of Rural Health Policy,

293 views • 27 slides
The Electoral Impact of a Conditional Cash Transfer: The Case of Mexicos

The Electoral Impact of a Conditional Cash Transfer: The Case of Mexicos

The Electoral Impact of a Conditional Cash Transfer: The Case of Mexicos Progresa-Oportunidades programme Alma Sof a Santill an Hern andez Joint work with Dragan Filipovich and Miguel Ni no-Zaraz ua July 5, 2017 Objective

389 views • 18 slides
MODIS Atmosphere Products MODIS Atmosphere Products Michael D. King Michael D. King NASA

MODIS Atmosphere Products MODIS Atmosphere Products Michael D. King Michael D. King NASA

MODIS Atmosphere Products MODIS Atmosphere Products Michael D. King Michael D. King NASA Goddard Space Flight Center NASA Goddard Space Flight Center MODIS atmosphere products MODIS atmosphere products Contents and changes in

1.06k views • 32 slides
Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client

Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client

Kipper a Grid bridge to Identity Federation Andrey Kiryanov Brief The Kipper client software combines tools and utilities to extend a Web Application to: Enable login via federated SSO like eduGAIN Retrieve a SAML2 Identity Assertion

385 views • 24 slides
Baby Penguin Slips and Slides Baby Penguin Slips and Slides Filesize: 5.48 MB Reviews Reviews

Baby Penguin Slips and Slides Baby Penguin Slips and Slides Filesize: 5.48 MB Reviews Reviews

GC3FOHZ9OIHW < PDF / Baby Penguin Slips and Slides Baby Penguin Slips and Slides Baby Penguin Slips and Slides Filesize: 5.48 MB Reviews Reviews An extremely wonderful pdf with perfect and lucid information. Better then never, though i am

511 views • 3 slides
Baby Penguin Slips and Slides Baby Penguin Slips and Slides Filesize: 7.62 MB Reviews Reviews

Baby Penguin Slips and Slides Baby Penguin Slips and Slides Filesize: 7.62 MB Reviews Reviews

GZCJHGZULGBB Doc Baby Penguin Slips and Slides Baby Penguin Slips and Slides Baby Penguin Slips and Slides Filesize: 7.62 MB Reviews Reviews An extremely wonderful pdf with lucid and perfect explanations. I could possibly comprehended every

199 views • 4 slides
Baby Penguin Slips and Slides Baby Penguin Slips and Slides Book Review Book Review Most of

Baby Penguin Slips and Slides Baby Penguin Slips and Slides Book Review Book Review Most of

[PDF] Baby Penguin Slips and Slides Baby Penguin Slips and Slides Baby Penguin Slips and Slides Book Review Book Review Most of these ebook is the perfect publication readily available. it had been writtern very properly and helpful. You wont

286 views • 3 slides

More recommend