Public Key Infrastructure:

Encryption & Decryption:

1. Bob Request Alice's Public key from KDC

Public Key Infrastructure

Alice
sen! %. Alice uses her #ri&$te key to !ecry#t mess$ges encry#te! by Bob.

Bob

2.PKI signs the Public key it to Bob

Public Key

Private Key

". Bob uses her #ublic key to encry#t mess$ge for Alice.

Disadvantage: 1. To communicate with Alice, Bob, at first, has to communicate with the PKI.

Identity Based Encryption (IDE):

In IDE, ones publicly nown i!entity "e#. email a!!ress$ is bein% use! as his&her public ey where as correspon!in% pri'ate ey is %enerate! from the nown i!entity. IDE encryption scheme is a four al%orithms&steps scheme where the al%orithms are i. Setup Al%orithm ii. Key "pri'ate ey$ Generation Al%orithm iii. Encryption Al%orithm i'. Decryption Al%orithm.

Se tup and Key Generation:

Private Key Generator (PKG)
1. Set up Algorith generate a aster !ey for Alice

Master Key
'. Alice sho( ) Prove her I"entity to PKG *. Given the i"entity+ Key Generation Algorith generate Private !ey for Alice.

I"entity #$% alice&e$a ple.org

Private Key

Encryption & Decryptio n:

1. Bob kno's uses Alice's I!entity to encry#t the mess$ge

Private Key Generator (PKG) Alice Master Key

2. Alice uses her Pri&$te Key to !ecry#t the mess$ge

Bob

I"entity #$.alice&e$a ple.org

Private Key

Advantage: 1. Bob !oes not nee! to contact KD( & (A for Alices Public Key. )e nows Alices I!entity which he uses to encrypt messa%e for Alice.

Fuzzy Identity Based Encryption (Fuzzy-IDE):

*u++y I!entity of a person is a set of !escripti'e attributes which a pre!efine! error tolerance capability. In *u++y,IDE, these attributes are use! as ones nown public ey.

Set up & Key Generation

Private Key Generator (PKG)
1. Given a #rror .olerance factor "+ set up algorith generates a Master !ey for Alice.

Master Key
'. Alice0s I"entity ( is being "eci"e"

,u--y I"entity (()

Attr1 Advantage: ... Attr/

Private Key
*. Given I"entity (+ Key Generation Algorith generates Alice0s Private !ey.

-ith her pri'ate ey, Alice can !ecrypt messa%es encrypte! with her own i!entity "w$. .he can also !ecrypt messa%es encrypte! with others i!entity "w$ if /w 0 w/ 12 !.

Encryption & Decryption in Fuzzy IDE yste!

1. 1harlie encrypt Message(M) (ith Bob0s I"entity (0 *. Alice can also "ecrypt M (ith her private Key (ith (2(3(02 45 ")

1harlie (I"entity (00)

Bob (I"entity (0)

'. Bob can "ecrypt M (ith his private Key

Alice (I"entity ()

Example: Person Alice )o* C$arlie Fuzzy Identity w={e am!committee"# c$air"# system"% w/={e am!committee"# 1aculty"# system"# usa"% w//={e am!committee"# student"# system"# usa"% d & 2 3 Comment Alice can decrypt e'eryt$in( t$at )o* + C$arile can Decrypt, )ecause -w . w/-0=& and -w . w//-0=& )o* can only decrypt messa(e encrypted wit$ C$arlie/s identity as w/ . w//-0=2 C$arlie cannot decrypt any messa(e t$at are encrypted wit$ ot$ers identity,

"ttribute-based Encryption (or Key-policy "BE):

Access Tree / Key-policy(): Access Policy to be associate! with pri'ate ey where leaf no!es are attributes comin% from fu++y i!entity.
(R 7ean 2 out of "

A)D

1o puter Science

A" ission6 co ittee

1o puter Science

A" ission6 co ittee

faculty

Account Setup & Key-generation:

Private Key Generator (PKG)

1. Setup Algorith generates Alice0s Master Key

Master Key
'. Alice0s I"entity is being "eci"e"

8. Given the Key6policy+ Key Generation Algorith generates Private !ey for Alice.

,u--y I"entity (()

Attr1 ... Attr/

Private Key
*. Alice0s Key Policy is being "eci"e" fro her i"entity

Key Policy

Encryption & Decryption:

*. Alice can "ecrypt M if her !ey policy is satisfie" (ith ! ie ( )"#

1harlie (I"entity (00)

1. 1harlie encrypt Message(M) (ith a set of attributes (not (ith anyone0s i"entity )

Bob (I"entity (0)

'. Bob can "ecrypt M if his !ey policy is satisfie" (ith ! ie ( )"#

Alice (I"entity ()

Example: Assumin%, Alice has the followin% ey policy

(R 7ean 2 out of "

A)D

1o puter Science

A" ission6 co ittee

1o puter Science

A" ission6 co ittee

faculty

Alice can !ecrypt a file encrypte! with the attribute set {Computer Science"# Admission committee"%. But she cannot !ecrypt another cipherte#t associate! with attributes {Computer Science"# pro(ram!committee"%,

#ariations of "BE:
$ip%ertext-&olicy A'E vs! Key-policy A'E: -hile in ori%inal ABE " ey,policy ABE$ access policy is associate! with the pri'ate ey, in (ipherte#t3policy ABE, access policy is associate! in the cipherte#t. Key,policy ABE (ipherte#t,policy ABE

Ke y sel 6polic ec t e" y AB # co po n en

1ipherte$t

Private !ey

1ipherte$t

1ip Se herte lec $ te" t6poli cy co p on A B# e nt s

ts

Private !ey

Attribute Association

Policy Association

Policy Association

Attribute Association

A'E (it% monotonic Access Structure vs! A'E (it% non-monotonic Access Structure:

4onotonic Access structure uses 5A6D %ate, 578 %ate, or 5 out of 6 threshol! %ate. 6on,4onotonic Access structure uses 4onotonic Access structure an! a!!itional 567T %ate. E#ample9 4onotoni c Access structure
1o puter Science (R 7ean 2 out of "

A)D

A" ission6 co ittee

(R A)D 7ean

1o puter Science

A" ission6 co ittee

faculty

E#ample9 6on, 4onotoni c Access structure

1o puter Science

2 out of "

A" ission6 co ittee

1o puter Science

progra 6 co ittee

)(* Stu"ent

Hierarchical ABE (HABE) :

In )ABE, the attributes are classifie! into trees accor!in% to their relationship !efine! in the access control system. E'ery no!e in this tree is associate! with an attribute, an! an ancestral no!e can !eri'e its !escen!ants ey, but the re'erse is not allowe!.

Attribute1
Attribute1 can be use" instea" of any or all the attributes of this tree

Attribute2 can be use" instea" of attribute8 or attribute 9 or both of the but not vice versa. Attribute'

Attribute*

Attribute8

Attribute9

Single Aut%ority A'E vs! )ulti-aut%ority A'E:

1. Public Key Infrastructure:Encryption & Decryption: 1. Bob Request Alices Public key Public Key Infrastructure from KD !. Alice uses "er pri#ate key to Alice $ecrypt

messa%es encrypte$ by Bob. Public Key &.PKI si%ns t"e Public key & sen$ Pri#ate Key Bob it to Bob '. Bob uses "er public key to encrypt messa%e for Alice.Disa$#anta%e: 1. (o communicate )it" Alice* Bob* at first* "as to communicate )it" t"e PKI. &. I$entity Base$ Encryption +IDE,: In IDE* one-s publicly kno)n i$entity +e.. email a$$ress, is bein% use$ as "is/"er public key )"ere ascorrespon$in% pri#ate key is %enerate$ from t"e kno)n i$entity.IDE encryption sc"eme is a four al%orit"ms/steps sc"eme )"ere t"e al%orit"ms are i. 0etup Al%orit"m ii.Key +pri#ate key, 1eneration Al%orit"m iii. Encryption Al%orit"m i#. Decryption Al%orit"m.0etup an$ Key 1eneration: Pri#ate Key 1enerator +PK1, 1. 0et up Al%orit"m %enerate a master key for Alice 2aster Key &. Alice s"o) & Pro#e "er '. 1i#en t"e i$entity* Key 1eneration Al%orit"m I$entity to PK1 %enerate Pri#ate key for Alice. I$entity Pri#ate Key E.: alice3e.ample.or%Encryption & Decryption: 1. Bob kno)s & uses Alices Pri#ate Key 1enerator I$entity to encrypt t"e messa%e +PK1, Bob Alice 2aster Key &. Alice uses "er Pri#ate Key to $ecrypt t"e messa%e I$entity Pri#ate Key E..alice3e.ample.or%A$#anta%e: 1. Bob $oes not nee$ to contact KD / A for Alice-s Public Key. 4e kno)s Alice-s I$entity )"ic" "e uses to encrypt messa%e for Alice. '. 5u66y I$entity Base$ Encryption +5u66y7IDE,:5u66y I$entity of a person is a set of $escripti#e attributes )"ic" a pre$efine$ error tolerance capability.In 5u66y7IDE* t"ese attributes are use$ as one-s kno)n public key.0etup & Key 1eneration Pri#ate Key 1enerator +PK1, 1. 1i#en a Error (olerance factor $* set up al%orit"m %enerates a 2aster key for Alice. 2aster Key &. Alices I$entity ) is bein% $eci$e$ 5u66y I$entity +), Pri#ate Key '. 1i#en I$entity )* Key 1eneration Al%orit"m %enerates Alices Pri#ate Attr1 ... Attr8 key.A$#anta%e: 9it" "er pri#ate key* Alice can $ecrypt messa%es encrypte$ )it" "er o)n i$entity +),. 0"e canalso $ecrypt messa%es encrypte$ )it" ot"er-s i$entity +)-, if :) ;)-: <= $.Encryption & Decryption in 5u66y IDE 0ystem 1. "arlie encrypt 2essa%e+2, '. Alice can also $ecrypt 2 )it" "er )it" Bobs I$entity ) pri#ate Key )it" +:);): <= $, "arlie Bob Alice +I$entity ), +I$entity ), +I$entity ), &. Bob can $ecrypt 2 )it" "is pri#ate KeyE.ample: Person 5u66y I$entity $ omment Alice )=>?e.am7committee@* ?c"air@* & Alice can $ecrypt e#eryt"in% t"at Bob & ?system@A "arile can Decrypt. Because :) ;)-:<=& an$ :) ;)--:<=& Bob )-=>?e.am7 committee@* ' Bob can only $ecrypt messa%e encrypte$ ?faculty@* ?system@* ?usa@A )it" "arlie-s i$entity as :)- ;)--:<=' "arlie )--=>?e.am7committee@* ! "arlie cannot $ecrypt any messa%e t"at ?stu$ent@* ?system@* ?usa@A are encrypte$ )it" ot"ers i$entity. !. Attribute7base$ Encryption +or Key7policy ABE,:Access (ree / Key7policy+,:Access Policy to be associate$ )it" pri#ate key )"ere leaf no$es are attributes comin% from fu66yi$entity. BR A8D Dean & out of ' omputer 0cience A$mission7 omputer 0cience A$mission7 faculty committee committeeAccount 0etup & Key7%eneration: Pri#ate Key 1enerator +PK1, 1. 0etup Al%orit"m %enerates Alices 2aster Key 2aster Key !. 1i#en t"e Key7policy* Key 1eneration Al%orit"m %enerates &. Alices I$entity is bein% $eci$e$ Pri#ate key for Alice. 5u66y I$entity +), Pri#ate Key '. Alices Key Policy is bein% $eci$e$ from "er i$entity Attr1 ... Attr8 Key PolicyEncryption & Decryption: '. Alice can $ecrypt 2 if "er key policy is satisfie$ )it" C. ie +C,=1 Bob Alice "arlie +I$entity ), +I$entity ), +I$entity ), &. Bob can $ecrypt 2 if "is 1. "arlie encrypt 2essa%e+2, key policy is satisfie$ )it" C. )it" a set of attributes C +not ie +C,=1 )it" anyones i$entity ,

D. E.ample:Assumin%* Alice "as t"e follo)in% key policy BR A8D Dean & out of ' omputer 0cience A$mission7 omputer 0cience A$mission7 faculty committee committeeAlice can $ecrypt a file encrypte$ )it" t"e attribute set >? omputer 0cience@* ?A$mission committee@A.But s"e cannot $ecrypt anot"er cip"erte.t associate$ )it" attributes >? omputer 0cience@* ?pro%ram7committee@A.Eariations of ABE: ip"erte.t7 Policy ABE #s. Key7policy ABE:9"ile in ori%inal ABE +key7policy ABE, access policy is associate$ )it" t"e pri#ate key* in ip"erte.tFpolicy ABE* access policy is associate$ in t"e cip"erte.t. Key7policy ABE ip"erte.t7policy ABE pon B E s ts ip"erte.t Pri#ate key ent com y A en ip"erte.t Pri#ate key pon e$ t7polic e$ y ABE com 0el "erte. Attribute sel 7polic Policy Association Association Policy Attribute e ct e ct Association K ey ip Association G. ABE )it" monotonic Access 0tructure #s. ABE )it" non7monotonic Access 0tructure:2onotonic Access structure uses HA8D %ate-* HBR %ate-* or Hk out of 8t"res"ol$ %ate.8on72onotonic Access structure uses 2onotonic Access structure an$ a$$itional H8B( %ate-.E.ample: BR2onotonicAccess Dean & out of ' A8Dstructure omputer 0cience A$mission7 omputer 0cience A$mission7 faculty committee committeeE.ample: BR8on72onotonic A8D Dean & out of 'Accessstructure omputer 0cience A$mission7 omputer 0cience pro%ram7 8B( committee committee 0tu$ent4ierarc"ical ABE +4ABE,:In 4ABE* t"e attributes are classifie$ into trees accor$in% to t"eir relations"ip $efine$ in t"e accesscontrol system. E#ery no$e in t"is tree is associate$ )it" an attribute* an$ an ancestral no$e can $eri#eits $escen$ant-s key* but t"e re#erse is not allo)e$. Attribute1 Attribute1 can be use$ instea$ of any or all t"e attributes of t"is tree Attribute& can be use$ instea$ of attribute! or attribute D or bot" of t"em but not #ice #ersa. Attribute& Attribute' Attribute! AttributeD0in%le Aut"ority ABE #s. 2ulti7aut"ority ABE: