• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
195
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Fuzzy Identity Based Encryptionbased on thepaperof Amit Sahaiand Brent Watersby: Guido Simon
    1
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Introduction
  • 2. 2
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Motivation / Abstract
    Identity basedencryption
    Fuzzyfyingidentities
    Fuzzy Identity basedencryption
    Overview
    Preliminaries
    Shamir’sSecret Sharing
    Bilinear Maps
    Lagrange coefficient
    Key Generation
    Encryption / Decryption
    Encryption
    Decryption
    Explanation
    Extension ofthescheme
    Encryption
    Decryption
    Security
    Security model
    Definitions
    Proof
    Conclusion
  • 3. 3
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Part 1:
    Motivation / Abstract
  • 4. 4
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.1 IBE Scheme
  • 5. 5
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.1 IBE Scheme
    • Nokeyexchange in advance
  • 6
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.1 IBE Scheme
    • Nokeyexchange in advance
    • 6. Usetheidentityofrecipientaskey
  • 7
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    IBE Scheme
    • Nokeyexchange in advance
    • 7. Usetheidentityofrecipientaskey
    • 8. Decryptbyfetching a keyfrom PKG
  • 8
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.1 IBE Scheme
  • 9. 9
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.1 IBE Scheme
  • 10. 10
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.2 FuzzyfyingIdentitys
    • Identities becomesetsof Attributes
    • 11. Example: IDenc={Student,ComputerScience,Crypto}
  • 11
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.2 FuzzyfyingIdentitys
    • Identities becomesetsof Attributes
    • 12. Example: IDenc={Student,ComputerScience,Crypto}
    • 13. IDdec = {Student,Male,ComputerScience,Crypto,Graphics}
  • 12
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.2 FuzzyfyingIdentitys
    • Onecanencryptforsomepublicidentity ⍵
    • 14. Decryptionwith an identity ⍵‘ ⧧ ⍵ possible
    • 15. If ⍵ and ⍵‘ are „closeenough“
  • 13
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.2 FuzzyfyingIdentitys
    • Onecanencryptforsomepublicidentity ⍵
    • 16. Decryptionwith an identity ⍵‘ ⧧ ⍵ possible
    • 17. If ⍵ and ⍵‘ are „closeenough“
    • 18. So there must beerrortolerance
    • 19. Error tolerancemakesitsuitableforbiometrics
    • 20. Usebiometricdetailsasattributes
  • 14
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.3 Fuzzy IBE Scheme
  • 21. Key Attribute Comparison
    15
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.3 Fuzzy IBE Scheme
  • 22. Key Attribute Comparison
    16
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.3 Fuzzy IBE Scheme
  • 23. 17
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    1.4 Overview
    A shortoverview:
    Biometricidentitiesare PUBLIC, usedforencryption
    But also I usemybiometricfordecryption – Howthat?
    As in IBE schemeabove, the Server generates a private
    Key forme – togetit, i havetoauthenticatewithmy
    biometricidentity.
    Becausethis ID ispublic, theschemerelies on a „well
    trainedoperator“ todetectimitationsofidentites.
  • 24. 18
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Part 2:
    Preliminaries
  • 25. 19
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    2.1 Bilinear Maps
    Definition fromthepaper:
    The firstcondition will beused in thefurthersteps
  • 26. 20
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    2.2 Shamir‘ssecretsharing
    • ProposedbyShamir in 1979
    • 27. Allowstoshare ONE secretamong N paricipants
    • 28. Ofwhich D manyhavetocollude in order todecrypt
    • 29. Uses Lagrange polynomialinterpolation
    • 30. HOW?
    • 31. The „dealer“ chooses a randompolynomial p ofdegree D-1
    • 32. The absolute partof p isthesecret
    • 33. He computes N randompoints p(x) anddistributes
    • 34. D ofthemareneededforinterpolation
  • 21
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    2.2 Shamir‘ssecretsharing
    • The „dealer“ chooses a randompolynomial p ofdegree D-1
    • 35. The absolute partof p isthesecret
    • 36. He computes N randompoints p(x) anddistributes
    • 37. D ofthemareneededforinterpolation
  • 22
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    2.3 Lagrange coefficient
  • 38. 23
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Part 3:
    Key generation (Server-side)
  • 39. 24
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    3 Key generation
    Key Generation (Server side)
    Universeofidentity-attributes must bedefined
    Toget a uniquemapping, takethefirst
    Now a y ischosenrandomlyfrom
    Thenthepublicparametersare:
  • 40. 25
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    3 Key generation
    Togeneratethekeyfor ⍵ a polynomial q ofdegree d-1
    ischosenrandomly. Thenthe private keyis:
    q(0) must beequalto y
  • 41. 26
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    3 Key generation
    Togeneratethekeyfor ⍵ a polynomial q ofdegree d-1
    ischosenrandomly. Thenthe private keyis:
    Thisisonekeyforeachattribute
    D1 D2 D3 D4 D5 D6
  • 42. 27
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    3 Key generation
    Danger: Collusionattacks
    Message isencryptedfor d>=4
    Attributes usedfor ENC
    User 1
    User 2
    User 1 & User 2, d>=4
  • 43. 28
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    3 Key generation
    Danger: Collusionattacks
    Message isencryptedfor d>=4
    Attributes usedfor ENC
    User 1
    User 2
    User 1 & User 2, d>=4
    Topreventcollusionattacks, choose a
    different polynomial q foreachidentity
  • 44. 29
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Toyexample
  • 45. 30
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Part 4:
    Encryption / Decryption(clientside)
  • 46. 31
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.1 Encryption (smalluniverse)
    Rememberthepublic Key:
  • 47. 32
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.2 Decryption(clientside)
  • 48. 33
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.2 Decryption(clientside)
    Notation spy:
  • 34
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.3 Explanation
    Notation spy:
  • 35
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.3 Explanation
    Nowthepolynomialinterpolationtakesplace in theexponent:
    Notation spy:
  • 36
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.4 Extension ofthescheme
    In priorconstructionsizeofpublicparameters (Universeandt‘s)
    growlinearlywiththenumberofattributes in theuniverse
    Modificationoftheschemethatuses all elementsofasuniverse,
    andonlygrows in parameter n, whichdenotesthe max. size
    Identity wecanuse
    Usefullsideeffect: Onecanuseanystringasattribute
    Forthatweonlyneed a hash-functiontomap a stringtotheuniverse:
    The constructionissimilartotheconstructionbefore
  • 76. 37
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.4 Extension oftheScheme
  • 77. 38
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.4 Extension oftheScheme
    The private keyconsistsoftwosets
  • 78. 39
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.5 Encryption
    ischosenrandomly
  • 79. 40
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    4.6 Decryption
  • 80. 41
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Part 5:
    Security
  • 81. 42
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    5.1 Definitions
    • sdfsdfsd
  • 43
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    5.2 Security Model
    • sdfsdfsd
  • 44
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    5.3 Proof
  • 82. 45
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    Content
    Part 6:
    Conclusion
  • 83. 46
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    6 Conclusion
    • Public keyencryptionwithoutpriorkeyexchange
    • 84. Onlyusersidentityisneeded
    • 85. Identities must beunique
    • 86. Identities consistofattributes – whichmaybearbitrarystrings, but also biometricsarepossible
  • 47
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    6 Conclusion
    • Public keyencryptionwithoutpriorkeyexchange
    • 87. Onlyusersidentityisneeded
    • 88. Identities must beunique
    • 89. Identities consistofattributes – whichmaybearbitrarystrings, but also biometricsarepossible
    • 90. Relies on a PKG, which must be a fullytrustedserver
    • 91. Biometricauthenticationtoobtainthe private keys
  • 48
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    6 Conclusion
    • Public keyencryptionwithoutpriorkeyexchange
    • 92. Onlyusersidentityisneeded
    • 93. Identities must beunique
    • 94. Identities consistofattributes – whichmaybearbitrarystrings, but also biometricsarepossible
    • 95. Relies on a PKG, which must be a fullytrustedserver
    • 96. Biometricauthenticationtoobtainthe private keys
    • 97. Relies on a well trainedofficertodetectimitations
    • 98. Theoreticalsecurityisproven
    • 99. Schemecouldbebrokenbyattackingtheofficer
  • 49
    Fuzzy Identity Based Encryption
    Seminar biometricsandcryptography
    2.1 Standard Identity based Encryption