Reducing Data Decryption Cost
by Broadcast Encryption and Account Assignment
                           for Web Applicatio...
Background
       Web Applications                                                                       etc.
          ...
Can we trust providers?
       Of course No!
       Data encryption keeps contents confidential.
            Original da...
Social information
       For example:                                   Access control list by plain text

             ...
Encryption of social information
       We must hide social information.
            How do we keep social information c...
Naïve method
       Alice stores a data1 and grants Bob access
       She encrypts
           the data1 by a common key...
Naïve method

Authority information
Authority information is a list, which is the individually
encrypted ke with the publi...
Problems
Key chains (as an authority information) are too long.

    Encpub1(ke)         Encpub2(ke)                      ...
Decryption cost and Authority precision
       The decryption cost of u: cost(u)
           cost(u) = # of data user u h...
Cost and Precision of Naïve method
                                                  How much is their cost?
            ...
Overview of our method
                     Service Provider                          1) Authority information
           ...
Pairing based broadcast encryption†



           Alic’s public key: pubAlice
                                            ...
Pairing based broadcast encryption
    Applying broadcast encryption

         Encke(e)        Encpub1(ke)               ...
Account assignment
       Authority information is not leaked directly.
       Reducing decrypt candidate data.
        ...
Account assignment
    Increase of decryption candidate data.
        When a account is added to account list.
        ...
Example of our method
             Service Provider                      How much is their cost?
                        ...
Experiment
       Simulation experiment
           Using a model based on BA-model† to reflect the people's
            ...
Experiment result
     Number Number                   Naïve method                       Our method
     of users of grou...
Experiment result




                   100 users                                          10,000 users


    The precis...
Summary and Applications
    ACLs are encrypted for social information preservation.
    To reduce decryption cost, we i...
Upcoming SlideShare
Loading in...5
×

Reducing Data Decryption Cost by Broadcast Encryption and Account Assignment for Web Applications

438

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
438
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Reducing Data Decryption Cost by Broadcast Encryption and Account Assignment for Web Applications"

  1. 1. Reducing Data Decryption Cost by Broadcast Encryption and Account Assignment for Web Applications Junpei Kawamoto, Qiang Ma, Masatoshi Yoshikawa (Kyoto University, JAPAN)
  2. 2. Background  Web Applications etc.  facilitate data sharing and collaboration.  have become notable platforms for the innovative service and CGMs.  User data are stored and managed by service providers.  Can we trust providers? 2 the Ninth International Conference on Web-Age Information Management 2008/7/22
  3. 3. Can we trust providers?  Of course No!  Data encryption keeps contents confidential. Original data: e Encrypted data: Encke(e) e common key encryption: ke Encke(e) Encrypt user data in client site. Server  However data encryption is not enough.  Social information is leaked. 3 the Ninth International Conference on Web-Age Information Management 2008/7/22
  4. 4. Social information  For example: Access control list by plain text Enck1(data1) Alice Bob Enck1(data2) Alice Enck1(data3) Bob Carol Enck1(data4) Bob Carol  There are at least two groups:  {Alice, Bob} and {Bob, Carol}  Bob is a key person probably. 4 the Ninth International Conference on Web-Age Information Management 2008/7/22
  5. 5. Encryption of social information  We must hide social information.  How do we keep social information confidential?  We will introduce two methods. 1. Naïve method  has high decryption cost and low authority precision. 2. Our method  by Broadcast encryption and Account Assignment.  has low decryption cost and high authority precision. 5 the Ninth International Conference on Web-Age Information Management 2008/7/22
  6. 6. Naïve method  Alice stores a data1 and grants Bob access  She encrypts  the data1 by a common key k1  the k1 by her public key and Bob’s public key Enck1(data1) EncAlice(k1) EncBob(k1)  Bob gets the above data.  He decrypts the key data for Bob.  He gets the common key k1  He can decrypt and get the data1 Server 6 the Ninth International Conference on Web-Age Information Management 2008/7/22
  7. 7. Naïve method Authority information Authority information is a list, which is the individually encrypted ke with the public key of users who are permitted. Encpub1(ke) Encpub2(ke) Encpub n(ke) Only authorized user can decrypt ke and thus get the original data e. Encke(e) and the key chain are stored in the server. 7 the Ninth International Conference on Web-Age Information Management 2008/7/22
  8. 8. Problems Key chains (as an authority information) are too long. Encpub1(ke) Encpub2(ke) Encpub n(ke) Neither user knows which data he/she can decrypt. Therefore they must try to decrypt until successful. If they do not have authority, they need to attempt to decrypt all data. There are many decryption candidate data. query ○ × × The result are many data to which result the user dose not access. 8 the Ninth International Conference on Web-Age Information Management 2008/7/22
  9. 9. Decryption cost and Authority precision  The decryption cost of u: cost(u)  cost(u) = # of data user u has to try decryption  Precision of access authority of u: r(u)  r(u) = Auth(u) / Check(u)  Auth(u) : # of data u has authority to  Check(u): # of data u must check permission for 9 the Ninth International Conference on Web-Age Information Management 2008/7/22
  10. 10. Cost and Precision of Naïve method  How much is their cost? Service Provider  The cost of three users is 7. Enck1(data1) EncAlice(k1) EncBob(k1) Enck2(data2) EncAlice(k2)  How much is their precision? Enck3(data3) EncBob(k3) EncCarol(k3)  r(Alice) = 2 / 4 = 0.5 Enck4(data4) EncBob(k4) EncCarol(k4)  r(Bob) = 3 / 4 = 0.75  r(Carol) = 2 / 4 = 0.5 Alice Bob Carol 10 the Ninth International Conference on Web-Age Information Management 2008/7/22
  11. 11. Overview of our method Service Provider 1) Authority information by broad cast encryption Account 1 Account 2 Enck1(data1) Enck3(data3) Users have to decrypt only one to use the data. Enck2(data2) Enck4(data4) 2) Account assignment •Authority information is not leaked directly. •Reducing the data possibly Alice Bob Carol requires decryption. Account List: A1 Account List: A1, A2 Account List: A2 11 the Ninth International Conference on Web-Age Information Management 2008/7/22
  12. 12. Pairing based broadcast encryption† Alic’s public key: pubAlice create Broadcast key: K Bob’s public key: pubBob The data encrypted by this key are decrypted by each private key of Alice, Bob and Carol. Carol’s public key: pubCarol † D. Boneh et al, “Collusion resistant broadcast encryption with short cipher texts and private keys,” Lecture Notes in Computer Science, 3621:258–275, November 2005. 12 the Ninth International Conference on Web-Age Information Management 2008/7/22
  13. 13. Pairing based broadcast encryption  Applying broadcast encryption Encke(e) Encpub1(ke) Encpub n(ke) Encke(e) EncK(ke) Encrypted user data Encrypted authority information  This approach  keeps who has authority confidential.  keeps how many user have authority confidential.  needs only one decryption when user access a data. 13 the Ninth International Conference on Web-Age Information Management 2008/7/22
  14. 14. Account assignment  Authority information is not leaked directly.  Reducing decrypt candidate data. Service Provider Alice has to get and decrypt Account 1 Account 2 data only in the account1. Enck1(data1) Enck3(data3) Bob does not has authority Enck2(data2) Enck4(data4) for data2. Alice Bob Carol Account List: A1 Account List: A1, A2 Account List: A2 14 the Ninth International Conference on Web-Age Information Management 2008/7/22
  15. 15. Account assignment  Increase of decryption candidate data.  When a account is added to account list.  the data included in the account is added to decryption candidate data.  The increase of account a for group S is defined:  IncreaseS(a) = d×Δ  d : # of users whose account list includes a.  Δ: # of users is S whose account list dose not include a.  When a new data is added,  the increase of each account is calculated.  the data is stored in the account with the lowest increase. 15 the Ninth International Conference on Web-Age Information Management 2008/7/22
  16. 16. Example of our method Service Provider  How much is their cost?  Cost(Alice) = 2 Account 1 Account 2  Cost(Bob) = 4 Enck1(data1) Enck3(data3)  Cost(Carol) = 2 Enck2(data2) Enck4(data4)  How much is their precision?  r(Alice) = 2 / 2 = 1  r(Bob) = 3 / 4 = 0.75  r(Carol) = 2 / 2 = 1 Alice Bob Carol 16 the Ninth International Conference on Web-Age Information Management 2008/7/22
  17. 17. Experiment  Simulation experiment  Using a model based on BA-model† to reflect the people's relationship  Please refer to the paper for details. † Albert-László et al, “Emergence of scaling in random networks,” Science, vol. 286, no. 5439, pp. 509- 512, October 1999. 17 the Ninth International Conference on Web-Age Information Management 2008/7/22
  18. 18. Experiment result Number Number Naïve method Our method of users of groups Key chain avg. Precision Key chain avg. Precision 100 112 19.0 0.190 1 0.982 1,000 1034 27.3 0.0273 1 0.988 10,000 10563 42.5 0.00425 1 0.988  Our method’s  key chain length keeps only one.  average of precision is higher than naïve method’s one.  average of precision is independent on the # of users. 18 the Ninth International Conference on Web-Age Information Management 2008/7/22
  19. 19. Experiment result 100 users 10,000 users  The precision for most users is high.  Most users can avoid useless decryptions. 19 the Ninth International Conference on Web-Age Information Management 2008/7/22
  20. 20. Summary and Applications  ACLs are encrypted for social information preservation.  To reduce decryption cost, we introduced 1. Authority information by broad cast encryption 2. Reducing decryption candidate data by account assignment  Our method  dose not demand any function on the part of servers.  can be applied to usual DBMS.  requires re-encryption when authority is reset.  is effective to the applications to which authority is not updated often. (e.g. social calendar etc.) 20 the Ninth International Conference on Web-Age Information Management 2008/7/22

×