Khair Eddin Sabri and Ridha Khedri Intro. Motivation and - - PowerPoint PPT Presentation

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Khair Eddin Sabri and Ridha Khedri

Foundations & Practice of Security Symposium (Oct. 2012)

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Presentation Outline 1

Introduction

2

Motivation and Contribution

3

The main idea

4

Mathematical Background Order Semiring

5

keyStructure

6

Key Assignment Schemes

7

Specifying the Akl-Taylor technique

8

Specifying the Chinese Remainder Technique

9

Verification of secrecy properties

10 Conclusion and Future Work

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Introduction

¡

Server Agent 1 Agent 2 Agent 3 Data Data Store Encrypted Data Agent 1 Agent 2 Agent 3 Data Store

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Introduction

Encrypted-data stores require Encryption of information Distribution of keys to users Cipher?

Either, a common cipher is used by all agents Or, each agent uses in a quasi-permanent way a set

• f already agreed-on ciphers

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Introduction

What governs key-assignments? Schemes for key assignments are adopted Object-based scheme: focuses on objects and the required conditions to decrypt each one of them Key-based scheme: Ð ÝOur focus

Objects are partially ordered (i.e., ď is transitive, reflexive, and antisymmetric) ci ď cj: security level cj is more sensitive than the security level ci ù ñ User at cj can also have an access to an information classified ci

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Introduction

Key-based scheme:

Dean Prof. Chair Student K1 K2 K3 K4

Key k1 can be used to derive the keys k2, k3 and k4 However, no practical way to derive a key associated to a node n from those associated to its descendants

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Motivation and Contribution

Several techniques exist in the literature to handle key assignment: rAklTaylor1983, AtallahBlantonFazio2009, KuoShenChenLai1999, Sandhu1987s Problem: Lack of formal means to proof their correctness / secrecy Several of them have been found to be flawed or very weak in preserving secrecy Crampton et al. advocate the adoption of a generic model for key assignment schemes

For evaluating proposals for key assignment schemes

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Motivation and Contribution

What do we propose? A generic model for the specification and analysis of cryptographic-key assignment schemes An analysis of two representative schemes:

Akl-Taylor key assignment rAklTaylor1983r scheme A scheme based on the Chinese remainder theorem rChenChung2002s

A generalized and extended scheme to assign more than one key to a security class The automation of the analysis of systems that use key assignment schemes (Prover9)

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

The main idea

The key-structure within a set of structures:

Message Structure Envelope Structure Key Structure Cipher Structure Secret Structure A B Structure B is a building block

• f structure A

Fundamenta Informaticae, 112(4):305–335, 2011.

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background

Order Semiring

Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Mathematical Background Order

Let C be a set. A partial order (or order) on C is a binary relation ă

• n C such that, for all x, y, z P C,

1

x ă x, Reflexive

2

x ă y ^ y ă x ù ñ x “ y, Antisym.

3

x ă y ^ y ă z ù ñ x ă z Trans.

A set equipped with a partial order is called an

• rdered set, partially ordered set, or poset

A pre-ordered set (or quasi-ordered set): satisfies

• nly (1) and (3), but not (2)

For a pre-ordered set pP, ăq, its dual pP, ăq is defined as for all x, y, we have x ă y

def

ð ñ y ă x

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background

Order Semiring

Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Mathematical Background Semiring

Definition (Semiring) Let S ‰ H be a set and ` and ¨ binary operations on S, named addition and multiplication. Then ` S, `, ¨ ˘ is called a semiring if ` S, ` ˘ is a commutative semigroup, ` S, ¨ ˘ is a semigroup, and ¨ distributes over ` on both the left and right. ` S, ` ˘ is an idempotent semigroup

❀

` S, `, ¨ ˘ an additively idempotent semiring ` S, ¨ ˘ is a commutative semigroup

❀

` S, `, ¨ ˘ a commutative semiring ` S, `, ¨ ˘ is an additively idempotent semiring

❀

there exists a natural ordering relation

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

keyStructure

A key in its most common form can be perceived as a parameter given to a cipher A key can be a string as in the Vigen` ere cipher or it can be a pair of numbers as in an RSA cipher Keys can be combined (generalization of the RSA cipher) An inverse is usually defined on keys Our representation of RSA uses one key pe, d, nq

Public key pe, nq and private key pd, nq

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

keyStructure

Definition (Key Structure) Let K def “ pK, `

k, ˚ k, 0 kq be an algebraic structure that is

an additively idempotent commutative semiring with a multiplicatively absorbing zero 0

• k. We call K a

key-structure. The operators `

k and ˚ k are both used to combine

keys

˚

k operator (two argts are used simultaneously)

`

k operator (only one argt is used to enc./decr. one

plain/cipher unit)

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

keyStructure

Table: Vigen` ere Table

a b c d e f g h i j k l m n o p q r s t u v w x y z a a b c d e f g h i j k l m n o p q r s t u v w x y z b b c d e f g h i j k l m n o p q r s t u v w x y z a c c d e f g h i j k l m n o p q r s t u v w x y z a b d d e f g h i j k l m n o p q r s t u v w x y z a b c e e f g h i j k l m n o p q r s t u v w x y z a b c d f f g h i j k l m n o p q r s t u v w x y z a b c d e g g h i j k l m n o p q r s t u v w x y z a b c d e f h h i j k l m n o p q r s t u v w x y z a b c d e f g i i j k l m n o p q r s t u v w x y z a b c d e f g h j j k l m n o p q r s t u v w x y z a b c d e f g h i k k l m n o p q r s t u v w x y z a b c d e f g h i j l l m n o p q r s t u v w x y z a b c d e f g h i j k m m n o p q r s t u v w x y z a b c d e f g h i j k l n n o p q r s t u v w x y z a b c d e f g h i j k l m

• p q r s t u v w x y z a b c d e f g h i j k l m n

p p q r s t u v w x y z a b c d e f g h i j k l m n o q q r s t u v w x y z a b c d e f g h i j k l m n o p r r s t u v w x y z a b c d e f g h i j k l m n o p q s s t u v w x y z a b c d e f g h i j k l m n o p q r t t u v w x y z a b c d e f g h i j k l m n o p q r s u u v w x y z a b c d e f g h i j k l m n o p q r s t v v w x y z a b c d e f g h i j k l m n o p q r s t u w w x y z a b c d e f g h i j k l m n o p q r s t u v x x y z a b c d e f g h i j k l m n o p q r s t u v w y y z a b c d e f g h i j k l m n o p q r s t u v w x z z a b c d e f g h i j k l m n o p q r s t u v w x y Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Key Assignment Schemes

Definition (Key assignment scheme) We call a key-assignment scheme the system pK, C, ă, aq, where: K is a key-structure, pC, ăq is a poset, and a : K Ñ C is a surjective (onto) function. C and a are respectively identified as the set of security classes, and the assignment function. The poset pC, ăq is said to be the poset of the scheme S.

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Key Assignment Schemes

Usually, keys are assigned to users (and users are assigned to security classes) For x and y users, x ău y ô the security class of x is lower than the security class of y The structure pU, ăuq is a poset Findings:

There is an order isomorphism between pC, ăq and pU, ăuq It is the map s : U Ý Ñ C such that x ău y ô spxq ă spyq Assumption: @pc | c P C : spcq ­“ H q A class can be assigned several keys

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Key Assignment Schemes

On dom(a), we define a relation ăd a : K Ñ C k1 ăd k2: part of the information that can be revealed by using k1 can be also revealed by using k2 pdompaq, ădq is a pre-order (quasi-order) as it not necessarily antisymmetric

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Key Assignment Schemes

The structure K is an additively idempotent commutative semiring It has a natural order relation ď inherent to it x ď y ð ñ x `

k y “ y

k1 ď k2: the key k1 is a sub-key of the key k2 We have also Ď defined as: a Ď b

def

ð ñ Dpc | c P K : a ď b ˚

k c q

The relation Ď is a pre-order (ñ can be used as ă)

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Key Assignment Schemes

Proposition (HofnerKhedriMoller2006) Let K “ pK, `

k, ˚ k, 0 k, 1 kq be a key structure with an

identity 1

• k. Let k1, k2 P K be keys. We have:

1

k1 ď

k k2 ù

ñ k1 Ď k2

2

k1 ˚

k k2 Ď k2 3

k1 Ď k2 ù ñ k1 `

k k3 Ď k2 ` k k3 4

k1 Ď k2 ù ñ k1 ˚

k k3 Ď k2 ˚ k k3 5

k Ď 1

k Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Key Assignment Schemes

Definition Let S def “ pK, C, ă, aq be a key-assignment scheme. Given a key-derivation relation ăd defined on dompaq, the scheme S is said to be cluster-secure with regard to ăd iff @pki, kj | ki, kj P dompaq ^ pki ­“ kjq ^ papkiq ă apkjqq : pkj ăd kiq q.

j

a(k ) a(k )

i

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

What can we do with this theory? Evaluate proposals for key assignment schemes Akl-Taylor: It assigns to each user a key ki

ki “ κtipmod mq κ is a private number m is a public number that is the product of two large prime numbers ti is a public number formed from a multiplication of prime numbers

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

Key-derivation:

Fact: k

tj{ti i

“ pκtiqtj{tipmod mq “ κtjpmod mq “ kj Consequence: A key kj can be derived from ki iff tj is divisible by ti

Example: Let m “ 11 ˆ 17 “ 187 and κ “ 13

User 1:

Public number t1 “ 5 ˆ 7 “ 35 The key becomes 1335pmod 187q “21

User 2:

Public number t2 “ 7 (It divides 35) The key becomes 137pmod 187q “106

The key 106 can be used to derive the key 21 p1065pmod 187q “ 21q

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

Once κ is fixed, the exponent ti determines the key log ki log κ “ ti ti is the product of a set of distinct prime numbers Generalization:

Keys are sets of products of distinct elements from I Np Products of prime number can be considered as subsets of I Np

ti “ 2 ˆ 3 ˆ 7 can be represented as tt2, 3, 7uu

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

P def “ tp1 ˆ ¨ ¨ ¨ ˆ pn | all pi are prime and differentu A bijective function rep: rep : P Ñ PpPpI Npqq reppp1 ˆ p2 ˆ ¨ ¨ ¨ ˆ pnq def “ ttp1, p2, ¨ ¨ ¨ , pnuu . F F def “ pPpPpI Npqq, `

k, ˚ k, 0, 1q

˚

k

˚

k : PpPpI

Npqq ˆ PpPpI Npqq Ñ PpPpI Npqq A ˚

k B def

“ ta Y b : a P A, b P Bu . `

k

`

k : PpPpI

Npqq ˆ PpPpI Npqq Ñ PpPpI Npqq A `

k B def

“ A Y B ,

F F is a key structure with an identity

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

The system pF F, C, ă, aq presents a generalization of the Akl-Taylor technique A key in our case is not a single key but a set of keys e.g., tκ2ˆ3, κ5ˆ7u In the Akl-Taylor technique, pC, ăq has to be a tree In our framework, pC, ăq can be a forest We may need this generalization, if a user

is involved in more than one scheme needs to combine several keys to build a useful one

Key-derivation is nothing but, the relator Ď❀ We get for free several identities

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

Example:

¡

κ κ2 κ3 κ2×3 κ2×3×7 κ3×11 {∅} {{2}} {{3}} {{2, 3}} {{2, 3, 7}} {{3, 11}} (a) (b) c1 c2 c3 c4 c5 c6

pF F, C, ă, aq C “ tc1, c2, c3, c4, c5, c6u such that c4 ă c2, c5 ă c2, c5 ă c3, c6 ă c3, c2 ă c1, c3 ă c1 PLUS the properties of an order a “tpH, c1q, ptt2uu, c2q, ptt3uu, c3q, ptt2, 3uu, c4q, ptt2, 3, 7uu, c5q, ptt3, 11uu, c6qu

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Akl-Taylor technique

The key κ2ˆ3 is derived from κ2.

κ2ˆ3 ăd κ2 ð ñ x A key is determined by its exponent & k1 is derived from k2 iff k1 Ď k2, and log ki

log κ “ ti y

repp2 ˆ 3q Ď repp2q ð ñ x Definition of the function rep, and Defini- tion of Ď y Dpc | c P PpI Npq : tt2, 3uu ď tt2uu ˚

k c q

ð ñ x Definition of x ď y for x and y elements of an idempotent commutative semiring y Dpc | c P PpI Npq : tt2, 3uu `

k tt2uu ˚ k c “ tt2uu ˚ k c q

ð ñ x Definition of `

k on the structure F

F y Dpc | c P PpI Npq : tt2, 3uu Y tt2uu ˚

k c “ tt2uu ˚ k c q

ð ù x c “ tt3uu P PpI Npq, and the definition of ˚

k

• n the structure F

F y Dpc | c P PpI Npq : tt2, 3uu Y tt2, 3uu “ tt2, 3uu q ð ñ x Idempotence of Y, c P PpI Npq, and Dpc |: true q ” true y true

The above scheme is cluster-secure: pci ă cj ù ñ papciq Ď apcjqqq

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Specifying the Chinese Remainder Technique

[ChenChung2002] Similar treatment as for Akl-Taylor technique ď is Ď a Ď b

def

ð ñ Dpc | c P PpPpFqq : a Ď b ˚

k c q

k1 ăd k2

def

ð ñ k2 Ď k1 (It is the dual to that of Akl-Taylor)

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Verification of secrecy properties

We can easy verify properties such as

the ability of a user to get an information intended for a higher class the ability of using several keys to reveal an information that can be revealed by using another key

The proof of the above properties involve the axioms

• f the key-structure

We use Prover9 to verify each property In the paper, you find an example illustrating the above points

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTOGRAPHIC-KEY ASSIGNMENT SCHEMES

Conclusion and Future Work

We presented a generic model for key assignment schemes (based on the key-structure) This model does not depend on a specific crypto-system The proofs for security properties are performed in an algebraic calculational way (easily automated) Future work: investigate other key assignment schemes to assess their strengths and weaknesses

Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO

A GENERIC ALGEBRAIC MODEL

FOR THE ANALYSIS OF

CRYPTOGRAPHIC- KEY ASSIGNMENT SCHEMES Speaker: Ridha Khedri Intro. Motivation and Contribution The main idea Mathematical Background Key Structure Key Assignment Schemes Specifying the Akl-Taylor technique Specifying the Chinese Remainder Speaker: Ridha Khedri A GENERIC ALGEBRAIC MODEL FOR THE ANALYSIS OF CRYPTO