Professional Documents
Culture Documents
Cpabe
Cpabe
Attribute-Based Encryption
2
Remote File Storage:
Interesting Challenges
Scalability
Reliability
… But we also
want security
3
Remote File Storage:
Server Mediated Access Control
Sarah:
IT department,
backup manager
?
Good: Access control list:
Kevin, Dave, and
Flexible anyone
accessinpolicies
IT department
Bad:
Data vulnerable to compromise
Must trust security of server
4
Remote File Storage:
Encrypting the Files
OR
PK
IT dept. AND
manager marketing
SKSarah: SKKevin:
“manager” “manager”
“IT dept.” “sales”
7
Collusion Attacks:
The Key Threat
?
Important potential attack
Users should not be able
to combine keys AND
Essential, almost defining
property of ABE A B
Main technical trick of our
scheme: preventing
collusion
SKSarah: SKKevin:
“A”, “C” “B”, “D”
8
Collusion Attacks:
A Misguided Approach to CP-ABE
Collusion attacks rule out AND
some trivial schemes …
A B
PKA PKB PKC PKD
SKA SKB SKC SKD
M = M1 + M2
SKSarah: SKKevin:
C = (EA(M1), EB(M2)) “A”, “C” “B”, “D”
9
Highlights From Our Scheme:
Background
10
Highlights From Our Scheme:
Public Key and Master Private Key
11
Highlights From Our Scheme:
Private Key Generation
“Binds” key
components to
each other
Makes
components from
different keys
incompatible
Key to preventing
collusion attacks
12
Highlights From Our Scheme:
Policy Features
Leaf nodes:
OR Test for presence of string
attribute in key
2 of 3 AND Also numerical attributes
and comparisons
IT dept. Internal nodes:
OR
AND gates
sales manager
OR gates
exec. level >= 5 marketing Also k of n threshold
gates
hire date < 2002
13
Highlights From Our Scheme:
Encryption and Decryption
Encryption:
OR Use general secret
sharing techniques to
AND model policy
2 of 3
One ciphertext
component per leaf node
IT dept.
OR Decryption:
sales manager Uses LaGrange
interpolation “in the
exec. level >= 5 marketing
exponents”
hire date < 2002
14
Highlights From Our Scheme:
Security
Proven secure, including collusion
resistance
Assumes random oracle model
Assumes generic group model
Generic group model
“Black box” heuristic similar to random
oracle model
Good future work: scheme without this
assumption
15
Implementation:
The cp-abe Toolkit
$ cpabe-setup
16
Implementation:
Performance
Benchmarked on 64-bit AMD 3.7 GHz
workstation
Essentially no overhead beyond group
operations in PBC library
17
Implementation:
Availability
Available as GPL source at Advanced
Crypto Software Collection (ACSC)
New project to bring very recent crypto
to systems researchers
Bridge the gap between theory and
practice
Total of 8 advanced crypto projects
currently available
http://acsc.csl.sri.com
18
Attribute Based Encryption:
Related Work
Collusion Policies Policies w/ Attributes Policy
resistant w/ infinite fixed attr.
attr. space space
[1,2] Yes Single Single In ciphertext In key
thresh. thresh.
gate gate
[3] Yes Monotone All boolean In ciphertext In key
formulas formulas
This Yes Monotone All boolean In key In ciphertext
formulas formulas
20
Thanks for Listening!
bethenco@cs.cmu.edu
http://acsc.csl.sri.com
21