privacy preserving access control for third party data management systems
TRANSCRIPT
![Page 1: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/1.jpg)
Mohamed Nabeel
Advisor: Prof. Elisa Bertino
7/12/2012
![Page 2: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/2.jpg)
Outline
• Introduction
• Group Key Management (GKM) – Attribute Based Systems and GKM Requirements
– Broadcast GKM (BGKM)
– Attribute-Based GKM (AB-GKM)
• Privacy Preserving Pull Based Systems – SLE (Single Layer Encryption) Approach
– TLE (Two Layer Encryption) Approach
• Privacy Preserving Subscription Based Systems
• Summary
![Page 3: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/3.jpg)
Before Data Outsourcing (and cloud computing)
Data
Organization
Bob
Alice
Tim
![Page 4: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/4.jpg)
In The Cloud Computing Era
Data
Organization
Bob
Alice
Tim Cloud
1
2
2
2
![Page 5: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/5.jpg)
Top Concerns
(Source: IDC 2009)
(Source: Lockheed Martin 2010)
![Page 6: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/6.jpg)
In Cloud Computing Era
Encrypted Data
Organization
Bob
Alice
Tim Cloud
1
2
2
2 H Encrypt & upload
Download & decrypt
![Page 7: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/7.jpg)
How to Control Access?
• Different users have access to different data
– Bob is a doctor and has access to Medical Records
– Alice is a nurse and has access to Clinical Records
MR1 MR2
MR3 MR4
MR5
CR1
CR2
CR3 CR4
Bob Alice
Key2 Key1
![Page 8: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/8.jpg)
What Cryptosystem to Use?
• Public Key Cryptosystems (PKC)
– Traditional PKC (e.g. RSA, ElGamal, etc.)
– Attribute Based Encryption (ABE)
– Proxy Re-Encryption (PRE)
• Symmetric Key Cryptosystem (SKC)
– Group key management (GKM)
![Page 9: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/9.jpg)
Traditional PKC Systems
Organization
Bob
Alice
Tim Cloud
1
H PubB
(MR1) (doctor)
(nurse)
(doctor)
PubT
(MR1) PubA
(CR1)
PubB
(MR1) PubT
(MR1) PubA
(CR1)
PubB
(MR1)
PubT
(MR1)
PubA
(CR1) 2
3
PubB/PriB
PubA/PriA
PubT/PriT
![Page 10: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/10.jpg)
Proxy Re-Encryption (PRE)
Organization
Bob
Alice
Tim Cloud
1
H PubO
(MR1) (doctor)
(nurse)
(doctor)
PubO
(CR1)
PubB
(MR1) PubT
(MR1) PubA
(CR1)
PubB
(MR1)
PubT
(MR1)
PubA
(CR1) 2
4
PubB/PriB
PubA/PriA
PubT/PriT
PubO/PriO
3
![Page 11: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/11.jpg)
Attribute Based Encryption (ABE)
Organization
Bob
Alice
Tim Cloud
1
H Doctor
(MR1) (doctor)
(nurse)
(doctor)
Nurse
(CR1)
Doctor
(MR1) Nurse
(CR1)
Doctor
(MR1)
Doctor
(MR1)
Nurse
(CR1) 2
3
PriB
PriA
PriT
![Page 12: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/12.jpg)
Symmetric Key Cryptosystems
• Orders of magnitude faster than PKC
• But traditional SKC also has limitations
• Limitations of the traditional SKC/GKM – Many symmetric keys
– Need to agree on the encryption keys “BEFORE” the secure communication
– Difficult to revoke user
• What can we do about it? – (SKC – limitations) => Broadcast group key
management
![Page 13: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/13.jpg)
Outline
• Introduction
• Group Key Management – Attribute Based Systems and GKM Requirements
– Broadcast GKM (BGKM)
– Attribute-Based GKM (AB-GKM)
• Privacy Preserving Pull Based Systems – SLE (Single Layer Encryption) Approach
– TLE (Two Layer Encryption) Approach
• Privacy Preserving Subscription Based Systems
• Summary
![Page 14: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/14.jpg)
Attribute-Based Systems
User Attribute * *
Role = Doctor
Age = 51
Level = senior
Role = Nurse
Level = senior
Role = Doctor
Level = junior
![Page 15: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/15.jpg)
Policies over Attribute Conditions
Role = Doctor ˅ (Role =
Nurse ˄ Level >= senior) Role = Nurse
Role = Doctor ˄ Level
>= senior
![Page 16: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/16.jpg)
GKM Requirements: Backward Secrecy
Leave Time
![Page 17: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/17.jpg)
GKM Requirements: Forward Secrecy
Join
Time
![Page 18: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/18.jpg)
GKM Requirements: Collusion Resistance
![Page 19: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/19.jpg)
Outline
• Introduction
• Group Key Management – Attribute Based Systems and GKM Requirements
– Broadcast GKM (BGKM)
– Attribute-Based GKM (AB-GKM)
• Privacy Preserving Pull Based Systems – SLE (Single Layer Encryption) Approach
– TLE (Two Layer Encryption) Approach
• Privacy Preserving Subscription Based Systems
• Summary
![Page 20: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/20.jpg)
Traditional Policy Based GKM
Group 1 Group 2
Group 3
K1
K2
K3
Single Encryption
Easy to handle joins/leaves
Easy to manage keys
![Page 21: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/21.jpg)
A Key Observation
Users DO NOT require the key until they want to decrypt something
DO NOT issue decryption keys to users upfront +
Allow users to dynamically derive symmetric keys at the time of decryption
![Page 22: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/22.jpg)
Broadcast GKM (BGKM)
Instead of giving keys, give some secrets to derive the key
using public information
Public Info GC +
S1
S2
S3 Contains the policy
![Page 23: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/23.jpg)
How BGKM Works
GC (1) Issue secrets
S3
S2
(2) Using secrets generate Symmetric key K and Public Info PI
K
PI
(4) Download encrypted data and PI
Ek(Data)
PI
(3) Upload encrypted data and PI
Data
Data
(6) DK(EK(Data))
S1
S2
S3
Bob
Alice
Tim
K (5) Derive key using PI
K’ (5) Derive key using PI
![Page 24: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/24.jpg)
BGKM Algorithms
• Setup(l) → Param
• SecGen(Usri) → si
• KeyGen(S) → (k, PubInfo)
• KeyDer(PubInfo, si) → k
• Update(S’) → (k’, PubInfo’)
• Our construction: ACV-BGKM (Access
Control Vector BGKM)
![Page 25: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/25.jpg)
KeyGen and KeyDer Algorithms
1 a1,2 a1,m
1 a2,2 a2,m
1 an,2 an,m
Access Control Matrix
… …
…
ai,j = H(si || zj), j = 2, …, m
1
b1,1 b1,2 b1,m
bt,1 bt,2 bt,m
Null Space
…
…
T 2
K+c1,1 c1,2 c1,m
Access Control Vector (ACV)
… T 3
ar,1 ar,2 ar,m
1 Key Extraction Vector (KEV)
ar,j = H(sr || zj), j = 2, …, m
KEV ∙ ACV = K
2 Group key
![Page 26: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/26.jpg)
Security Analysis
• We prove that ACV-BGKM is
– Correct
– Sound
– Key hiding
– Backward key protecting
– Forward key protecting
![Page 27: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/27.jpg)
Problem: Secure but not Efficient
• KeyGen (O(n3)), KeyDer (O(n)) and PubInfo (O(n)) in the current ACV-BGKM is proportional to n (number of users)
– Does not scale!
• How to reduce the complexity and improve the efficiency?
– Bucketing
– Subset cover techniques [Naor et al. 2001]
![Page 28: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/28.jpg)
Selected Experimental Results
(a) Average time to generate keys
(b) Average time to derive keys
(c) Average time to generate keys with different bucket sizes
(d) Average time to derive keys with different bucket sizes
![Page 29: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/29.jpg)
Outline
• Introduction
• Group Key Management – Attribute Based Systems and GKM Requirements
– Broadcast GKM (BGKM)
– Attribute-Based GKM (AB-GKM)
• Privacy Preserving Pull Based Systems – SLE (Single Layer Encryption) Approach
– TLE (Two Layer Encryption) Approach
• Privacy Preserving Subscription Based Systems
• Summary
![Page 30: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/30.jpg)
Attribute Based GKM (AB-GKM)
Role = Doctor
Age = 51
Level = senior
Role = Nurse
Level = senior
Role = Doctor
Level = junior S1
S2
S3
S4
S5
S6
S7
AND
Level >= senior Role = Doctor
OR
Level >= senior Role = Nurse
Bob Alice Ted
![Page 31: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/31.jpg)
AB-GKM
• A set of secrets per identity attribute
– SecGen(Usri) SecGen(Usri, Attrj)
• Three schemes
– Inline AB-GKM
– Threshold AB-GKM
– Access tree AB-GKM
• Based on ACV-BGKM and Shamir’s secret sharing scheme [Shamir 1979]
![Page 32: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/32.jpg)
Access Tree AB-GKM - Idea
• Convert the policy into an access tree T [Benolah 1998]
OR
Role = Doctor AND
Level >= senior Role = Nurse
q1(x) = s
q2(x) = s + ax
q1(0) = s
q1(0)
q2(1) q2(2)
![Page 33: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/33.jpg)
Access Tree AB-GKM - Example
• A hypothetical policy
– Policy = “A senior nurse supporting at least two insurance plans can access Medication of any patient”
– Policy = Role = Nurse ˄ Level = Senior ˄ 2-out-of-
4 in {MedA, MedB, MedC, ACME}
![Page 34: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/34.jpg)
Access Tree AB-GKM - Example
AND
2-of-4
Plan = MedB Plan = MedA
q1(x)
Role = Nurse Level = Senior
Plan = ACME Plan = MedC
q2(x)
PubInfoNurse PubInfoSenior
PubInfoMedA PubInfoMedB PubInfoMedC PubInfoACME
KeyGen
KeyDer
Policy = Role = Nurse ˄ Level = Senior ˄ 2-out-of-4 in {MedA, MedB, MedC, ACME}
![Page 35: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/35.jpg)
Access Tree AB-GKM - Example
AND
2-of-4
Plan = MedB Plan = MedA
q1(x)
Role = Nurse Level = Senior
Plan = ACME Plan = MedC
q2(x)
PubInfoNurse PubInfoSenior
PubInfoMedA PubInfoMedB PubInfoMedC PubInfoACME
Policy = Role = Nurse ˄ Level = Senior ˄ 2-out-of-4 in {MedA, MedB, MedC, ACME}
![Page 36: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/36.jpg)
Access Tree AB-GKM - Example
Role = Doctor
Bob
Alice
Ted
Roy
Role = Doctor
Level = senior
Role = Nurse Level = senior
Role = Nurse Level = junior
Plan = MedA
Plan = MedA Plan = ACME
Plan = MedB
Plan = MedC
Bob Roy + ? Collusion Resistance!
![Page 37: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/37.jpg)
Selected Experimental Results
(a) Average time to generate keys for different group sizes
(b) Average time to generate keys for different number of attributes
![Page 38: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/38.jpg)
Outline
• Introduction
• Group Key Management – Attribute Based Systems and GKM Requirements
– Broadcast GKM (BGKM)
– Attribute-Based GKM (AB-GKM)
• Privacy Preserving Pull Based Systems – SLE (Single Layer Encryption) Approach
– TLE (Two Layer Encryption) Approach
• Privacy Preserving Subscription Based Systems
• Summary
![Page 39: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/39.jpg)
Traditional SLE (Single Layer Enc.)
Group 1 Group 2
Group 3
K1
K2
K3
![Page 40: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/40.jpg)
Traditional SLE (Single Layer Enc.)
User
Owner
Third Party Server
(1) Register
(2) Keys
(4) Download & Decrypt
(3) Selectively encrypt & upload
(5) Download to re-encrypt
![Page 41: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/41.jpg)
Issues with the Traditional Approach
• Key management does not scale
– When the group dynamics change, all users need to be rekeyed
– Rekeying requires establishing private communication channels
• Privacy of the identity attributes is not preserved
![Page 42: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/42.jpg)
Privacy Preserving of Id. Attributes
• Registration:
“I am a doctor”
“Here’s a secret”
Tim
Server
![Page 43: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/43.jpg)
Privacy Preserving of Id. Attributes
• Privacy Preserving Registration*:
Commitment(“I am a doctor”)
Server
Envelope(“Here’s a secret”)
User • Sever does not learn credentials. • User can open the envelope only if her credential satisfies the condition.
*OCBE – Oblivious Commitment Based Envelope OACerts: Oblivious Attribute Certificates by J. Li et al.
Unconditionally hiding and computationally binding
com(m) = gmhr
An encrypted message
Server
![Page 44: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/44.jpg)
Overall Scheme
• Identity Token Issuance
• Identity Token Registration
• Data Management
![Page 45: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/45.jpg)
Our SLE (Single Layer Enc.) Approach
User
Owner Cloud
(4) Download & Decrypt
(3) Selectively encrypt (AB-GKM) & upload
(5) Download to re-encrypt
User IdP
(1) Identity Attribute
(2) Identity Token
(1) Register identity token
(2) Envelope (Secret)
OCBE
![Page 46: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/46.jpg)
Extending the SLE Approach
• In the SLE approach
1. The Owner has to manage all the identity attributes and perform the fine grained encryption
2. If the user credentials or access control policies change, the owner has to download, decrypt, rekey, re-encrypt and upload
![Page 47: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/47.jpg)
Can we reduced the load at Owner?
• How can we delegate the access control enforcement to the cloud?
– Use two layer encryption
• A naïve approach
– The owner encrypts each data item according to the ACPs
– The Cloud re-encrypts according to the ACPs again
![Page 48: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/48.jpg)
Two Layer Encryption
• In order to reduce the load at the Owner, the ACPs should be decomposed to two such that – The owner performs a coarse-grained encryption
– The cloud performs a fine-grained encryption
• At the same time – The confidentiality of the data should be assured
– The two layers together should enforce the ACP • ACP = ACP1 ˄ ACP2
Data
Owner
Cloud
![Page 49: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/49.jpg)
Policy Decomposition Problem
• In order to minimize the load at the Owner – The Owner should manage only the minimum of
number of attributes
• Policy Cover Problem: Find the minimum number of attribute conditions in ACPs that assures the confidentiality from the Cloud. – NP-complete (Proof in the thesis)
– Two approximation algorithms • Random
• Greedy
![Page 50: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/50.jpg)
A Simplified Example
ACP1 = (“role = doc” ˅ (“role = nur” ˄ “type >= junior”), CI) ACP2 = (“role = doc” ˄ “yos >= 5”, BI) ACP3 = (“role = doc” ˄ “ip = 2-out-4”, CR) ACP4 = (role = nur” ˄ “type = senior”, TR)
All ACPs 1
type =
senior
role =
nur
role =
doc
ip =
2-out-4
yos >= 5
type > =
junior
Policy Graph 2
Minimal ACC = {“role = doc”, “role = nur” }
Greedy Policy Cover 3
ACP11 = (“role = doc” ˅ “role = nur”, CI) ACP21 = ACP31 = (“role = doc”, BI, CR) ACP41 = (role = nur”, TR)
ACP12 = (“role = doc” ˅ “type >= junior”, CI) ACP22 = (“yos >= 5”, BI) ACP32 = (“ip = 2-out-4”, CR) ACP42 = (“type = senior”, TR)
Owner enforced sub ACPs
Cloud enforced sub ACPs
Decomposed ACPs
4
![Page 51: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/51.jpg)
Overall Scheme
• Identity token issuance
• Policy decomposition
• Identity token registration
• Data management
![Page 52: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/52.jpg)
Two Layer Encryption Approach
User
Owner Cloud
(6) Download & Decrypt twice
(4) coarse-grained enc. &
upload docs & modified policies
(1) Decompose policies
(5) Re-encrypt to enforce policies
User IdP
(1) Identity Attribute
(2) Identity Token
(2) Register identity token
(3) Secrets
OCBE
(2) Register identity token
OCBE
(3) Secrets
![Page 53: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/53.jpg)
Selected Experimental Results
(a) Size of ACCs for 1000 attributes (b) Size of ACCs for 1500 attributes
(c) Average time to generate keys for SLE vs. TLE
(d) Average time to derive keys for SLE vs. TLE
![Page 54: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/54.jpg)
Outline
• Introduction
• Group Key Management – Attribute Based Systems and GKM Requirements
– Broadcast GKM (BGKM)
– Attribute-Based GKM (AB-GKM)
• Privacy Preserving Pull Based Systems – SLE (Single Layer Encryption) Approach
– TLE (Two Layer Encryption) Approach
• Privacy Preserving Subscription Based Systems
• Summary
![Page 55: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/55.jpg)
Publish Subscribe Systems
Notification
Subscription
Third party broker network
Data owners
Users
Pub1
Pub2
Bro1
Bro2
Bro3
Bro4
Bro5 Sub1
Sub3
Sub2
![Page 56: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/56.jpg)
Notifications and Subscriptions
• Notifications
– Produced by publishers
– Consist of set of attribute-value pairs
– Example: { symbol = ”MSFT”, price = 30.9, size = 1000 }
• Subscriptions
– Produced by subscribers
– Specify a condition on one or more attributes in a notification
– Examples: (symbol = ”GOOG” AND price > 578), (1000 <= size <= 2000)
![Page 57: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/57.jpg)
Security and Privacy
• Publication confidentiality
– Hide the notifications from brokers
• Subscription confidentiality
– Hide subscriptions from brokers
• Challenge: How to allow matching at third party brokers while assuring confidentiality?
– Existing approaches have limitations (e.g. False positive, limited expressiveness, and so forth.)
![Page 58: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/58.jpg)
Two “Encryptions” Approach
Value
Blinded Value
Enc Value
Broadcast encryption based on AB-GKM
Modified Paillier encryption
Matching Access Control
![Page 59: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/59.jpg)
An Example
• The original notification: Symbol = MSFT Price = 31
• Blinded/Encrypted notification: Symbol = blind(MSFT) Price = blind(31) encryptK(Symbol = MSFT, Price = 31)
![Page 60: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/60.jpg)
Modified Paillier Cryptosystem
1. Shifting the computation so that matching and covering operations at brokers are efficient
2. Allowing Publishers and Subscribers to blind without having to share secret keys
3. Not allowing to decrypt individual values, but allowing to compute the difference by simply multiplying a notification and a subscription
4. Allowing brokers to compute only a randomized difference
![Page 61: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/61.jpg)
Randomized Matching x = notification v = subscription
x >= v not utilized x < v n/2 n - 2l 0 2l
n
x – v in (0, 2l ) x – v in (n - 2l , n)
(a) Deterministic matching
x >= v x < v
(b) Randomized matching
n/2 n - 2l 0 2l n
x – v in (0, 2l ) x – v in (n - 2l , n)
Diff Decision
<= 2l x >= v
> n – 2l x < v
Randomized Diff
Decision
<= n/2 x >= v
> n/2 x < v
Broker learns the difference
Broker does not learn the difference
![Page 62: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/62.jpg)
Overall System
Pub1 Bro1
Sub1
TTP
Manages Keys and MPC
(1) Register
(2) Secret + MPC parameters
(1) MPC parameters
(2) Secrets of all Subs + MPC parameters
(4) Notification
Blinded AVPs Encrypted payload
(6) Encrypted payload
(7) Derive key & Decrypt
(3) Subscription
(5) Match
![Page 63: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/63.jpg)
Selected Experimental Results
(a) Blinding for different n (a) Blinding for different domain size l
(a) Match/Cover for different n (a) Match/Cover for different domain size l
![Page 64: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/64.jpg)
In Summary
• Defended the thesis that with novel AB-GKM scheme and cryptographic techniques can be used to construct privacy preserving access control on third party data management systems – Assure the confidentiality of the data – Preserve the privacy of identity attributes
• Two models – Pull model – Subscription model
• The techniques proposed have applications outside of the thesis – AB-GKM – Modified Paillier cryptosystem
![Page 65: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/65.jpg)
Publications Related to the Thesis
Thesis sub topic Publications
Group Key Management ICDE2010 CCS2011 (Poster paper) IEEE TDSC (Submitted for publication) IEEE TKDE (Submitted for publication)
Privacy Preserving Pull Based Systems SIGMOD2010 (Demo paper) CollaborateCom2011 Invited Paper, IEEE IRI2012 IEEE TKDE (Submitted for publication)
Privacy Preserving Subscription Based Systems
SACMAT2012 ICDE2013 (Under preparation)
![Page 66: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/66.jpg)
Future and On-going Work
• Key management and authentication in smart grids
• Secure data sharing in public clouds using certificateless cryptography
• Oblivious classification in public clouds
• Privacy preserving relational data management in public clouds
![Page 67: Privacy Preserving Access Control for Third Party Data Management Systems](https://reader034.vdocuments.us/reader034/viewer/2022052619/5561650fd8b42a5f4b8b4f74/html5/thumbnails/67.jpg)
Q&A
Thank You!