privacy preserving enforcement of sensitive …asghar/talks/pidgin.pdftop right corner for field...
TRANSCRIPT
![Page 1: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/1.jpg)
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Privacy Preserving Enforcement
of Sensitive Policies in
Distributed Environments
Muhammad Rizwan Asghar
Saarbrücken, Germany
March 20, 2014
Researcher
CREATE-NET
Italy
![Page 2: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/2.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
26.2
41.3
52.3
63.4
73.9
83
89.7
0
20
40
60
80
100
2011 2012 2013 2014 2015 2016 2017
Number of Smartphone Buyers
in millions
Growth of Smartphones
Source: EMarketer, April 2013
![Page 3: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/3.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
What is an Opportunistic Network?
A network where nodes connect intermittently and
communicate even when no direct path exists
It enables content exchange in a pub-sub fashion
– Publishers publish content
– Subscribers express interest
– Brokers disseminate and match interest and content
Typically short-range communication
E.g., Haggle (an EU project from 2006 to 2010)
DARPA - Content-Based Mobile Edge Networking (CBMEN)
Subscriber
Interest
Broker Publisher
Content Content
![Page 4: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/4.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
Use case Scenario:
Curiosity – A Military Mission
No Internet connectivity in the battlefield
Every Soldier is equipped with a smartphone
A Scout collects and shares sensitive information
– For instance, enemy positioning
Only short-range communication is possible
We can leverage opportunistic networks
– such as Haggle
Subscriber
Interest = {‘Curiosity’}
+ Broker Publisher
Tags = {‘Curiosity’}
![Page 5: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/5.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
Privacy and Confidentiality Issues
Brokers (or attackers) may easily learn
– interest of subscribers
privacy issue
– published content
confidentiality issue
Subscriber
Interest = {‘Curiosity’}
+ Broker Publisher
Tags = {‘Curiosity’}
![Page 6: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/6.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
Research Challenges
C1: In the presence of unauthorised brokers, how to
regulate access to disseminated content?
C2: Considering curious brokers, how to exchange content
without compromising privacy of subscribers?
C3: How can subscribers subscribe without exposing
interest to routing brokers?
C4: For avoiding network flooding, how do we ensure that
a subscriber receives content that she can decrypt?
C5: Assuming the loosely-coupled pub-sub model, how to
address C1-C4 without sharing keys?
![Page 7: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/7.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
Threat Model
Honest but curious brokers
Nodes may collude
– Broker-broker collusion
– Broker-subscriber collusion
– Subscriber-subscriber collusion
Trusted key management authority
– distributes key material to nodes out of the band
– can stay offline
Passive adversaries
![Page 8: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/8.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
CP-ABE Policy: Building Blocks
Ciphertext-Policy Attribute-Based Encryption (CP-ABE)
Data encrypting entity exerts control over who can gain
access
E.g., a Major or a Soldier from the Infantry unit can get
access
P =
Major
V
Soldier Infantry
Λ
{Content} P
![Page 9: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/9.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
Scheme I: Regulate Access to Content
Publishers encrypt content using CP-ABE policies
Subscribers may decrypt if they satisfy policies
It regulates access to content (C1)
Issue: subscribers may receive content that they
cannot decrypt – the network flooding issue (C4)
Subscriber
Interest = {‘Curiosity’} P =
P
+ P
Major
V
Soldier Infantry
Λ
Broker Publisher Tags = {‘Curiosity’} + + P
No Attributes = {‘Soldier’}
![Page 10: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/10.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
Scheme II: Authorisation Check
Subscribers send attributes along with interest
Brokers forward content if attributes satisfy policy, as
well as interest matches with content
It resolves the network flooding issue (C4)
Issue: cleartext interest, attributes and policy leak
privacy of subscribers (C2 & C3)
Subscriber
Interest = { ‘Curiosity’} P =
+ P
Major
V
Soldier Infantry
Λ
Broker Publisher Tags = {‘Curiosity’} +
Attributes = { ‘Soldier’, ‘Infantry’}
+
P + P
![Page 11: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/11.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
Scheme III: Hiding Private Information
using a Hash
Replace cleartext elements with hash
Brokers matches hash values
Issue: pre-computed dictionary attack
Subscriber
Interest = {H(‘Curiosity’)} P’ =
+ P
H(‘Major’)
V
H(‘Soldier’) H(‘Infantry’)
Λ
Broker Publisher Tags = {H(‘Curiosity’)} +
Attributes = {H(‘Soldier’), H(‘Infantry’)}
+
P + P’
![Page 12: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/12.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
Scheme IV: Harden against a Pre-
computed Dictionary Attack
Publishers replace each leave node with a hash of
concatenated pair of a tag and an attribute
Subscribers subscribe using the hash of a
concatenated pair of an interest item and an attribute
It decreases number of comparisons at brokers
Issue: still vulnerable to a pre-computed dictionary
attack
Subscriber
Subscription = { H(‘Curiosity’ || ‘Soldier’), H(‘Curiosity’ || ‘Infantry’)}
P’ =
+ P
H(‘Curiosity’ || ‘Major’)
V
H(‘Curiosity’ || ‘Soldier’)
H(‘Curiosity’ || ‘Infantry’)
Λ
Broker Publisher P + P’
![Page 13: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/13.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
PEKS: Building Blocks
Public-key Encryption with Keyword Search (PEKS)
contains four algorithms
– Keygen generates public ( ) and private ( ) keys
– Etag encrypts tag given a public key
– Trapdoor transforms a keyword into trapdoor using a
private key
– Test checks whether an encrypted tag matches with the
trapdoor
It performs encrypted matching without revealing
plaintext values
xSoldier hSoldier
![Page 14: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/14.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
14
Proposed Scheme: PIDGIN
PIDGIN: Privacy Preserving Interest anD content
sharinG in opportunIstic Networks [Asghar et al. ASIACCS’14]
The main idea is to employ PEKS for protecting
policies, tags and subscriptions (C2 & C3)
Publishers encrypt leaf nodes in a policy using Etag
Subscribers protect subscription using Trapdoor
Brokers perform matching using Test
Subscriber
Subscription = { Trapdoor(‘Curiosity’, xSoldier), Trapdoor(‘Curiosity’, xInfantry)}
P’ =
+ P
Etag(‘Curiosity’, hMajor)
V
Etag(‘Curiosity’, hSoldier)
Etag(‘Curiosity’, hInfantry)
Λ
Broker Publisher P + P’
![Page 15: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/15.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
15
Complex Policies
Policy with multiple tags
E.g., ‘Curiosity’ and ‘Urgent’
Λ
Etag(‘Urgent’, hMajor)
Etag(‘Curiosity’, hMajor)
V
Etag(‘Urgent’, hSoldier)
Etag(‘Curiosity’, hSoldier)
V
Etag(‘Urgent’, hInfantry)
Etag(‘Curiosity’, hInfantry)
V
Λ
![Page 16: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/16.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
16
PIDGIN – Implementation Details
We developed a prototype of PIDGIN in C
– Using open source libraries: libfenc and pbc
We tested PIDGIN on Samsung Galaxy SIII
– Cross-compiled gmp, pbc, libfenc and PIDGIN
– Ported libraries and binaries on smartphone
Content is encrypted with a symmetric key
Symmetric key is encrypted under a policy
Policy is encrypted using PEKS
{Content} K
{K} P
{P} PEKS
![Page 17: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/17.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
17
PIDGIN – Overhead
We ran PIDGIN on Samsung
Galaxy SIII
– Operating system: Android
4.1.2
– Processor: 1.4 GHz
– RAM: 1 GB
We considered
– Content: 200 KB file
– Policy: (Soldier Λ Infantry) V
Major
– Attributes: {Soldier, Infantry}
– Tags/Interest items: {Curiosity}
Publisher’s encryption incurs < 0.3 s
Subscriber’s encryption incurs < 0.04 s
Broker’s matching takes ~0.04 s
Subscriber’s decryption takes < 0.05 s
![Page 18: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/18.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
18
Evaluation: Key Generation
Key generation authority generates search and
decryption keys
Complexity
– Linear
– O ( |Attributes| )
![Page 19: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/19.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
19
Evaluation: Content Encryption and
Decryption
Encryption and decryption of content using a
symmetric key
Complexity
– Linear
– O ( |Content| )
![Page 20: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/20.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
20
Performance Analysis: Publisher’s Encryption
Encrypting symmetric key with policy and then
extending policy with tags
– Each Etag is of 256 bytes
Complexity
– Quadratic
– O ( |Tags| *
|Attributes-Pub| )
![Page 21: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/21.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
21
Performance Analysis: Subscriber’s Encryption
Effect of number of interest items and attributes on
subscriber’s encryption time
– Each Trapdoor of interest item/attribute is of 128 Bytes
Complexity
– Quadratic
– O ( |Interest-Items| *
|Attributes-Sub| )
![Page 22: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/22.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
22
Performance Analysis: Broker’s Matching
Effect of number of interest items and tags on broker’s
matching time
Complexity
– O ( |Tags| *
|Interest-Items| *
|Attributes-Pub| *
|Attributes-Sub| )
![Page 23: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/23.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
23
Related Work
Search on encrypted data
– Symmetric encryption schemes are not suitable in opportunistic
environments
– Public-key encryption schemes do not support expressive policies
Attribute-Based Encryption (ABE) support expressive access
control polices
– CP-ABE and KP-ABE reveal policies and attributes, respectively
Predicate encryption and hidden vector schemes assume end-to-
end communication
Shikfa et al. propose content dissemination in opportunistic
networks
– Only uni-directional communication from publishers
![Page 24: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/24.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
24
Discussion
Optimisation
– Short-circuit evaluation
Scalability
– Time to live
– Content creation time
– Content received time
Key management
– Deployment in practical scenarios
– Distributed authorities
![Page 25: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/25.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
25
Summary
We proposed PIDGIN that regulates access to content
In PIDGIN, brokers enforce sensitive policies
without compromising privacy of subscribers
Publishers and subscribers do not share keys
We implemented a prototype and measured
performance by running on Samsung Galaxy SIII
It can be applied to a number of other application
scenarios, e.g.,
– Reporting and controlling crimes
– Offloading content delivery networks
![Page 26: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide](https://reader033.vdocuments.us/reader033/viewer/2022043000/5f7457c3b9d01337bc723d74/html5/thumbnails/26.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
26
http://disi.unitn.it/~asghar/