Академический Документы
Профессиональный Документы
Культура Документы
Bob
Public Key
Private Key
". Bob uses her #ublic key to encry#t mess$ge for Alice.
Disadvantage: 1. To communicate with Alice, Bob, at first, has to communicate with the PKI.
In IDE, ones publicly nown i!entity "e#. email a!!ress$ is bein% use! as his&her public ey where as correspon!in% pri'ate ey is %enerate! from the nown i!entity. IDE encryption scheme is a four al%orithms&steps scheme where the al%orithms are i. Setup Al%orithm ii. Key "pri'ate ey$ Generation Al%orithm iii. Encryption Al%orithm i'. Decryption Al%orithm.
Master Key
'. Alice sho( ) Prove her I"entity to PKG *. Given the i"entity+ Key Generation Algorith generate Private !ey for Alice.
Private Key
Bob
Private Key
Advantage: 1. Bob !oes not nee! to contact KD( & (A for Alices Public Key. )e nows Alices I!entity which he uses to encrypt messa%e for Alice.
Master Key
'. Alice0s I"entity ( is being "eci"e"
Private Key
*. Given I"entity (+ Key Generation Algorith generates Alice0s Private !ey.
-ith her pri'ate ey, Alice can !ecrypt messa%es encrypte! with her own i!entity "w$. .he can also !ecrypt messa%es encrypte! with others i!entity "w$ if /w 0 w/ 12 !.
Alice (I"entity ()
Example: Person Alice )o* C$arlie Fuzzy Identity w={e am!committee"# c$air"# system"% w/={e am!committee"# 1aculty"# system"# usa"% w//={e am!committee"# student"# system"# usa"% d & 2 3 Comment Alice can decrypt e'eryt$in( t$at )o* + C$arile can Decrypt, )ecause -w . w/-0=& and -w . w//-0=& )o* can only decrypt messa(e encrypted wit$ C$arlie/s identity as w/ . w//-0=2 C$arlie cannot decrypt any messa(e t$at are encrypted wit$ ot$ers identity,
A)D
1o puter Science
1o puter Science
faculty
Master Key
'. Alice0s I"entity is being "eci"e"
8. Given the Key6policy+ Key Generation Algorith generates Private !ey for Alice.
Private Key
*. Alice0s Key Policy is being "eci"e" fro her i"entity
Key Policy
Alice (I"entity ()
A)D
1o puter Science
1o puter Science
faculty
Alice can !ecrypt a file encrypte! with the attribute set {Computer Science"# Admission committee"%. But she cannot !ecrypt another cipherte#t associate! with attributes {Computer Science"# pro(ram!committee"%,
#ariations of "BE:
$ip%ertext-&olicy A'E vs! Key-policy A'E: -hile in ori%inal ABE " ey,policy ABE$ access policy is associate! with the pri'ate ey, in (ipherte#t3policy ABE, access policy is associate! in the cipherte#t. Key,policy ABE (ipherte#t,policy ABE
1ipherte$t
Private !ey
1ipherte$t
ts
Private !ey
Attribute Association
Policy Association
Policy Association
Attribute Association
A'E (it% monotonic Access Structure vs! A'E (it% non-monotonic Access Structure:
4onotonic Access structure uses 5A6D %ate, 578 %ate, or 5 out of 6 threshol! %ate. 6on,4onotonic Access structure uses 4onotonic Access structure an! a!!itional 567T %ate. E#ample9 4onotoni c Access structure
1o puter Science (R 7ean 2 out of "
A)D
1o puter Science
faculty
2 out of "
1o puter Science
progra 6 co ittee
)(* Stu"ent
Attribute1
Attribute1 can be use" instea" of any or all the attributes of this tree
Attribute2 can be use" instea" of attribute8 or attribute 9 or both of the but not vice versa. Attribute'
Attribute*
Attribute8
Attribute9
1. Public Key Infrastructure:Encryption & Decryption: 1. Bob Request Alices Public key Public Key Infrastructure from KD !. Alice uses "er pri#ate key to Alice $ecrypt
messa%es encrypte$ by Bob. Public Key &.PKI si%ns t"e Public key & sen$ Pri#ate Key Bob it to Bob '. Bob uses "er public key to encrypt messa%e for Alice.Disa$#anta%e: 1. (o communicate )it" Alice* Bob* at first* "as to communicate )it" t"e PKI. &. I$entity Base$ Encryption +IDE,: In IDE* one-s publicly kno)n i$entity +e.. email a$$ress, is bein% use$ as "is/"er public key )"ere ascorrespon$in% pri#ate key is %enerate$ from t"e kno)n i$entity.IDE encryption sc"eme is a four al%orit"ms/steps sc"eme )"ere t"e al%orit"ms are i. 0etup Al%orit"m ii.Key +pri#ate key, 1eneration Al%orit"m iii. Encryption Al%orit"m i#. Decryption Al%orit"m.0etup an$ Key 1eneration: Pri#ate Key 1enerator +PK1, 1. 0et up Al%orit"m %enerate a master key for Alice 2aster Key &. Alice s"o) & Pro#e "er '. 1i#en t"e i$entity* Key 1eneration Al%orit"m I$entity to PK1 %enerate Pri#ate key for Alice. I$entity Pri#ate Key E.: alice3e.ample.or%Encryption & Decryption: 1. Bob kno)s & uses Alices Pri#ate Key 1enerator I$entity to encrypt t"e messa%e +PK1, Bob Alice 2aster Key &. Alice uses "er Pri#ate Key to $ecrypt t"e messa%e I$entity Pri#ate Key E..alice3e.ample.or%A$#anta%e: 1. Bob $oes not nee$ to contact KD / A for Alice-s Public Key. 4e kno)s Alice-s I$entity )"ic" "e uses to encrypt messa%e for Alice. '. 5u66y I$entity Base$ Encryption +5u66y7IDE,:5u66y I$entity of a person is a set of $escripti#e attributes )"ic" a pre$efine$ error tolerance capability.In 5u66y7IDE* t"ese attributes are use$ as one-s kno)n public key.0etup & Key 1eneration Pri#ate Key 1enerator +PK1, 1. 1i#en a Error (olerance factor $* set up al%orit"m %enerates a 2aster key for Alice. 2aster Key &. Alices I$entity ) is bein% $eci$e$ 5u66y I$entity +), Pri#ate Key '. 1i#en I$entity )* Key 1eneration Al%orit"m %enerates Alices Pri#ate Attr1 ... Attr8 key.A$#anta%e: 9it" "er pri#ate key* Alice can $ecrypt messa%es encrypte$ )it" "er o)n i$entity +),. 0"e canalso $ecrypt messa%es encrypte$ )it" ot"er-s i$entity +)-, if :) ;)-: <= $.Encryption & Decryption in 5u66y IDE 0ystem 1. "arlie encrypt 2essa%e+2, '. Alice can also $ecrypt 2 )it" "er )it" Bobs I$entity ) pri#ate Key )it" +:);): <= $, "arlie Bob Alice +I$entity ), +I$entity ), +I$entity ), &. Bob can $ecrypt 2 )it" "is pri#ate KeyE.ample: Person 5u66y I$entity $ omment Alice )=>?e.am7committee@* ?c"air@* & Alice can $ecrypt e#eryt"in% t"at Bob & ?system@A "arile can Decrypt. Because :) ;)-:<=& an$ :) ;)--:<=& Bob )-=>?e.am7 committee@* ' Bob can only $ecrypt messa%e encrypte$ ?faculty@* ?system@* ?usa@A )it" "arlie-s i$entity as :)- ;)--:<=' "arlie )--=>?e.am7committee@* ! "arlie cannot $ecrypt any messa%e t"at ?stu$ent@* ?system@* ?usa@A are encrypte$ )it" ot"ers i$entity. !. Attribute7base$ Encryption +or Key7policy ABE,:Access (ree / Key7policy+,:Access Policy to be associate$ )it" pri#ate key )"ere leaf no$es are attributes comin% from fu66yi$entity. BR A8D Dean & out of ' omputer 0cience A$mission7 omputer 0cience A$mission7 faculty committee committeeAccount 0etup & Key7%eneration: Pri#ate Key 1enerator +PK1, 1. 0etup Al%orit"m %enerates Alices 2aster Key 2aster Key !. 1i#en t"e Key7policy* Key 1eneration Al%orit"m %enerates &. Alices I$entity is bein% $eci$e$ Pri#ate key for Alice. 5u66y I$entity +), Pri#ate Key '. Alices Key Policy is bein% $eci$e$ from "er i$entity Attr1 ... Attr8 Key PolicyEncryption & Decryption: '. Alice can $ecrypt 2 if "er key policy is satisfie$ )it" C. ie +C,=1 Bob Alice "arlie +I$entity ), +I$entity ), +I$entity ), &. Bob can $ecrypt 2 if "is 1. "arlie encrypt 2essa%e+2, key policy is satisfie$ )it" C. )it" a set of attributes C +not ie +C,=1 )it" anyones i$entity ,
D. E.ample:Assumin%* Alice "as t"e follo)in% key policy BR A8D Dean & out of ' omputer 0cience A$mission7 omputer 0cience A$mission7 faculty committee committeeAlice can $ecrypt a file encrypte$ )it" t"e attribute set >? omputer 0cience@* ?A$mission committee@A.But s"e cannot $ecrypt anot"er cip"erte.t associate$ )it" attributes >? omputer 0cience@* ?pro%ram7committee@A.Eariations of ABE: ip"erte.t7 Policy ABE #s. Key7policy ABE:9"ile in ori%inal ABE +key7policy ABE, access policy is associate$ )it" t"e pri#ate key* in ip"erte.tFpolicy ABE* access policy is associate$ in t"e cip"erte.t. Key7policy ABE ip"erte.t7policy ABE pon B E s ts ip"erte.t Pri#ate key ent com y A en ip"erte.t Pri#ate key pon e$ t7polic e$ y ABE com 0el "erte. Attribute sel 7polic Policy Association Association Policy Attribute e ct e ct Association K ey ip Association G. ABE )it" monotonic Access 0tructure #s. ABE )it" non7monotonic Access 0tructure:2onotonic Access structure uses HA8D %ate-* HBR %ate-* or Hk out of 8t"res"ol$ %ate.8on72onotonic Access structure uses 2onotonic Access structure an$ a$$itional H8B( %ate-.E.ample: BR2onotonicAccess Dean & out of ' A8Dstructure omputer 0cience A$mission7 omputer 0cience A$mission7 faculty committee committeeE.ample: BR8on72onotonic A8D Dean & out of 'Accessstructure omputer 0cience A$mission7 omputer 0cience pro%ram7 8B( committee committee 0tu$ent4ierarc"ical ABE +4ABE,:In 4ABE* t"e attributes are classifie$ into trees accor$in% to t"eir relations"ip $efine$ in t"e accesscontrol system. E#ery no$e in t"is tree is associate$ )it" an attribute* an$ an ancestral no$e can $eri#eits $escen$ant-s key* but t"e re#erse is not allo)e$. Attribute1 Attribute1 can be use$ instea$ of any or all t"e attributes of t"is tree Attribute& can be use$ instea$ of attribute! or attribute D or bot" of t"em but not #ice #ersa. Attribute& Attribute' Attribute! AttributeD0in%le Aut"ority ABE #s. 2ulti7aut"ority ABE: