Identity-Based Encryption



Similar documents
Lecture 2 August 29, 13:40 15:40

Wildcarded Identity-Based Encryption

Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions

Introduction to Cryptography

Privacy in Encrypted Content Distribution Using Private Broadcast Encryption

Lightweight Encryption for

Encryption. Discovering Reasons Behind its Lack of Acceptance

Identity-Based Encryption from the Weil Pairing

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

Overview of Public-Key Cryptography

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Certificate Based Signature Schemes without Pairings or Random Oracles

Lightweight Encryption for

Lecture 17: Re-encryption

Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions

Lecture 25: Pairing-Based Cryptography

Anonymity and Time in Public-Key Encryption

3-6 Toward Realizing Privacy-Preserving IP-Traceback

Chosen-Ciphertext Security from Identity-Based Encryption

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Privacy, Discovery, and Authentication for the Internet of Things

Cryptography for the Cloud

CS 758: Cryptography / Network Security

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

An Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment Based on RSA Signature Assumption

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *

How To Create A Cryptosystem With A Tree Access Structure

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Dedication. For the glory of God.

A SECURE FRAMEWORK WITH KEY- AGGREGATION FOR DATA SHARING IN CLOUD

SELS: A Secure List Service *

Module 7 Security CS655! 7-1!

Attribute-Based Broadcast Encryption Scheme Made Efficient

Security over Cloud Data through Encryption Standards

Chosen-Ciphertext Security from Identity-Based Encryption

Identity-Based Signatures

International Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 8, No. 2 (2014)

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Cryptanalysis of Cloud based computing

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

Experiments in Encrypted and Searchable Network Audit Logs

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Lightweight Security using Identity-Based Encryption Guido Appenzeller

Lukasz Pater CMMS Administrator and Developer

Group Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Functional Encryption for Public-Attribute Inner Products: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation

Controlled Functional Encryption

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

Semi-Trusted Authentication for Health Data in Cloud

International Journal of Advance Research in Computer Science and Management Studies

Integrating Encryption Techniques with Off-theshelf Systems*

Identity-based Encryption with Efficient Revocation

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

First Semester Examinations 2011/12 INTERNET PRINCIPLES

New Efficient Searchable Encryption Schemes from Bilinear Pairings

Simple and Efficient Public-Key Encryption from Computational Diffie-Hellman in the Standard Model

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

7! Cryptographic Techniques! A Brief Introduction

CS Network Security: Public Key Infrastructure

Recongurable Cryptography: A exible approach to long-term security

Why Password- Enabled PKI

Forward Security. Adaptive Cryptography: Time Evolution. Gene Itkis. Computer Science Department Boston University

A Privacy-Preserving Scheme for Online Social Networks with Efficient Revocation

Data Sharing on Untrusted Storage with Attribute-Based Encryption

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Enabling Public Auditing for Secured Data Storage in Cloud Computing

Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage

Identity-Based Encryption from Lattices in the Standard Model

An Introduction to Secure . Presented by: Addam Schroll IT Security & Privacy Analyst

CSCE 465 Computer & Network Security

CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring

CryptoVerif Tutorial

Searchable encryption

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Identity Based Encryption. Terence Spies VP Engineering

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method

SSARES: Secure Searchable Automated Remote

Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Getting the most from Apple Mail

The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network

Role Based Encryption with Efficient Access Control in Cloud Storage

Consolidated Hygiene and Encryption Service E-Hub. Slide 1

A framework using IBC achieving non-repudiation and privacy in vehicular network.

CS Network Security: Public Key Infrastructure

Using etoken for Securing s Using Outlook and Outlook Express

Overview. SSL Cryptography Overview CHAPTER 1

1 Signatures vs. MACs

Security - The IBE Architectural Advantage Overcoming the challenges of Symmetric and PKI-based Messaging

SMART FRAME- AN EFFICIENT SECURITY FRAMEWORK FOR BIG DATA MANAGEMENT SCHEME ON CLOUD

Security - The IBE Advantage

Professor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California,

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

Transcription:

Identity-Based ryption Gregory Neven IBM Zurich Research Laboratory gone WILD Public-key encryption PKI pk KeyGen sk M Dec M Sender (pk) Receiver (sk) 2 1

Identity-based encryption (IBE) [S84] Goal: Allow to encrypt based solely on the receiver s identity Key distribution center (msk) Setup msk KeyDer mpk ID sk ID ID, M Dec M Sender (mpk) Receiver (sk ID ) 3 Bilinear maps oncept of IBE due to Shamir (1984) First efficient implementations [SK01, BF01] based on bilinear maps, aka pairings: Elliptic-curve groups G = (g), G T of prime order p Bilinear map e : G G G T so that e(g a,g b ) = e(g,g) ab = e(g ab,g) = e(g,g ab ) = e(g a,g) b = DDH problem in G is easy: Given (g a,g b?,z), decide Z = g ab : e(g a,g b? ) = e(g,z) Bilinear DDH still assumed to be hard: Given (g a, g b, g c?, Z), decide Z = e(g,g) abc 4 2

Applications of IBE rypt email to ID = bob@ibm.com Temporary keys, key revocation: ID = bob@ibm.com, 2007 User credentials: ID = bob@ibm.com, role=adminstrator redential is a decryption key cryptographic policy enforcement rypting to the future: ID = release-date Trusted clock publishes sk date on date Searchable encryption 5 Searchable encryption (SE) [BDOP04] PKI pk KeyGen sk W Test t W Trapd W W =W? Sender (pk) Mail server Receiver (sk) high bandwidth low bandwidth 6 3

Searchable encryption from IBE [BDOP04, AB+05] Generic construction of SE from IBE: SE.KeyGen = IBE.Setup SE.Trapd = IBE.KeyDer so t W = sk ID=W SE.(W) = ( M, IBE.(ID=W,M) ) for random M SE.Test(t W, (M,)) = ( IBE.Dec(t W,) = M ) Security relies on anonymity of IBE meaning ciphertext does not reveal ID? 7 Hierarchical IBE (HIBE) [GS02] Root (msk) msk KeyDer ID 1 sk (ID1) ID 1 Receiver 1 (sk ID1 ) KeyDer ID 2 sk (ID1,ID2) ID 2 Receiver 2 (sk (ID1,ID2) ) Dec M mpk, (ID 1,ID 2 ), M Sender (mpk) 8 4

Application to encrypted email Email addresses as hierarchical identities bob@cs.univ.edu = (edu, univ, cs, bob) (edu, univ) can derive keys for @.univ.edu (edu, univ, cs) can derive keys for @cs.univ.edu 9 Temporarily searchable encryption [AB+05] Restrict validity of trapdoor in time Trivial solution: encrypt to ID = W time ; t W = (sk W 1,, sk W n ) Logarithmic-size construction from HIBE: = t W valid for time periods 1,..,7 encrypt to ID = (W,, i) t W[1,7] W W 1 2 3 4 5 6 7 8 10 5

ERYPT publications Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. M. Abdalla, M. Bellare, D. atalano, E. Kiltz, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi. rypto 2005, Journal of ryptology 2008 Institutions involved: ENS, USD, DTU, U. Bristol, KUL, Gemalto 11 IBE with wildcards (WIBE) [AD+05] Allow wildcards in recipient identity E.g., send encrypted email to entire department: @cs.univ.edu entire university: @.univ.edu all computer scientists: @cs..edu all heads of department: head@.univ.edu the world: @.. 12 6

WIBE constructions Generic WIBE from any HIBE: Dedicated wildcard string any WIBE.sk (ID1,ID2) = ( HIBE.sk (ID1,ID2), HIBE.sk ( any,id2), HIBE.sk (ID1, any ), HIBE.sk ( any, any ) ) WIBE.((ID 1, ), M) = HIBE.((ID 1, any ), M) WIBE.Dec : select correct sk (.,.) and HIBE.Dec Disadvantage: WIBE.sk = O(2 L ) Direct constructions with WIBE.sk = O(L) 13 ERYPT publications Identity-based encryption gone wild. M. Abdalla, D. atalano, A. Dent, J. Malone-Lee, G. Neven, and N. Smart. IALP 2006 Efficient chosen-ciphertext secure identity-based encryption with wildcards. J. Birkett, A. Dent, G. Neven, and J. Schuldt. AISP 2007 Institutions involved: ENS, RHUL, U. Bristol, KUL 14 7

Wicked IBE [AKN07] IBE with wildcard key derivation = WKD-IBE = wicked IBE dual of WIBE with wildcards in decryption keys e.g., derive keys for anyone: @.. entire university: @.univ.edu all system admininstrators: sysadmin@.univ.edu Applications to identity-based broadcast encryption ombination: wildcards in keys and ciphertext 15 ERYPT publications Generalized key delegation for hierarchical identity-based encryption. Michel Abdalla, Eike Kiltz and Gregory Neven. ESORIS 2007 Institutions involved: ENS, WI, KUL 16 8

Identity-based traitor tracing [ADM+07] Key distribution center (msk) Sender (mpk) KeyDer msk Setup mpk List 1, M List 1,ID 1 sk ID1 List 1 List 2 Dec M Receiver DecID 1 M (sk ID1 ) Receiver ID 2 (sk ID2 ) Receiver ID 3 (sk ID3 ) 17 Identity-based traitor tracing [ADM+07] Key distribution center (msk) Sender (mpk) KeyDer msk Setup mpk List 1, M List 1,ID 1 sk ID1 List 1 List 2 Dec M Receiver DecID 1 M (sk ID1 ) Receiver ID 2 (sk ID2 ) Trace ID 2,ID 3 Receiver ID 3 (sk ID3 ) 18 9

ERYPT publications Identity-based traitor tracing. M. Abdalla, A. Dent, J. Malone-Lee, G. Neven, D. Phan, and N. Smart. PK 2007 Institutions involved: ENS, RHUL, U. Bristol, KUL, France Télécom 19 onclusions Several extensions to identity-based encryption searchable encryption wildcards traitor tracing Research retreats work top-level research international collaborations 20 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information