Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 32

2018 acm-scc-presentation

0

Share

Download to read offline

A new approach to cryptographically enforced data access controls that uses public key cryptography to secure large numbers of documents with arbitrarily large numbers of authorized users. This approach uses a proxy re-encryption (PRE) scheme to handle the problems typical of public key cryptography including key management, rotation, and revocation, in a highly scalable way, while providing end-to-end encryption and provable access.

Presented by Bob Wall at the 2018 ACM Cryptography Workshop in Incheon, Korea.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

2018 acm-scc-presentation

  1. 1. Cryptographically Enforced Orthogonal Access Control at Scale
  2. 2. bobwall23 bob.wall@ironcorelabs.com zmre patrick.walsh@ironcorelabs.com Bob Wall Patrick Walsh
  3. 3. Cloud Services Mobile Devices Internet of Things Partners Employee Laptops *Uncontrolled and with minimal security Data is Distributed
  4. 4. Perimeter Security is No Longer Relevant APP
  5. 5. Vulnerabilities in Applications Network-layer App-layer 90% due to defects at the application layer. -DHS
  6. 6. Concerns Slow the Move to the Cloud Security • Data Breaches Privacy • Service provider access to data • Government access (subpoenas) Encryption in transit and at rest does almost nothing to address these concerns.
  7. 7. End-to-End Encryption Data secured on the device that generates it Data stays secured until accessed on a device that will consume it Keys should stay on the device - public key cryptography
  8. 8. Orthogonal Access Control Allows users to decide which groups are allowed to access data 
 Independently allows group administrators to control who belongs to those groups 
 Relies on cryptographically backed access control, rather than policy-based controls Makes each change to group membership, access grant, or access revocation a constant-time operation independent of number of users, groups, documents Build a system that:
  9. 9. Proxy Re-Encryption (PRE) Set of cryptographic algorithms based on public key encryption - often pairing- based cryptography
 Originally designed to allow the recipient of an encrypted message to delegate access to another party without sharing her private key
  10. 10. PRE algorithms typically include five cryptographic primitives: 1.Key Generation 2.Transform Key Generation 3.Encryption 4.Transformation (ReEncryption) 5.Decryption PRE Primitives
  11. 11. Transform Key Generation Delegator Public Key Private Key Delegatee Public Key Private KeyDelegatee Transform Key Proxy Delegator Private Key Public Key
  12. 12. Transform Key Proxy File Encrypted to Delegator File Encrypted to Delegatee Client Delegatee Private Key Recovered plaintext Delegation of Access
  13. 13. Introduce the concept of a group Create a group Encrypt document to the group Add a member to the group allows immediate access to document without requiring any modification Remove a member from the group removes access without modifying documents PRE for Orthogonal Access Control
  14. 14. Creating a Group 1. Create key pair for group 2. Encrypt group’s private key to creating user Group Public Key Private Key Creating User Public KeyPublic Key Private Key Group Encrypted Group Key Admin Key Private Key Creating User
  15. 15. Granting Access to a Group 1. Retrieve group’s public key 2. Encrypt document using that key Group Public Key Document Encrypted to Group
  16. 16. Adding a Member to a Group 1. Retrieve member’s public key 2. Retrieve group’s private key 3. Compute transform key from group to member 4. Save transform key on proxy Member Public Key Private Key Group Public KeyPublic Key Private Key Group Member Private Key Group to Member Transform Key
  17. 17. Group Member Accessing Document 1. Request document from storage 2. Send encrypted doc to proxy for transformation 3. Proxy locates transform key from group to user 4. Proxy applies transform to encrypted document 5. Device decrypts using user’s private key Transform Key Proxy Doc Encrypted to Group Doc Encrypted to User Client User Private Key Recovered plaintext
  18. 18. Removing a Member from a Group Group Admin Revokes Access from One User Group Admin Instructs Server to Delete Group to User Transform Key Group Users Unique Key Pairs
  19. 19. User will use one or more devices to generate or access data Instead of sharing user’s private key across devices, add another layer of delegation, from user to device Device private keys always stay on device Device access can be revoked if device is lost or compromised Improving Security
  20. 20. Multi-Hop PRE Document Encrypted to A A to B Transform Key Transformed Encrypted Document B Private Key Transformed Encrypted Document B to C Transform Key Transformed Encrypted Document Doubly Transformed Encrypted Document Private Key CDoubly Transformed Encrypted Document
  21. 21. System with Addition of Devices
  22. 22. Add Device to User Member Public Key Private Key Device Public KeyPublic Key Private Key Device Member Private Key User to Device Transform Key
  23. 23. Proxy searches for shortest path of transforms from document to device Doc shared with user, user approved device Doc shared with group, user belongs to group, user approved device Proxy applies transforms in succession to generate doc encrypted to device Device decrypts using private key Device Requests Access to Document
  24. 24. Algorithm Choice Selected multi-hop algorithm introduced by Wang and Cao in 2009 Algorithm was analyzed by Zhang and Wang in 2013 CCA security problems addressed by Cai and Liu in 2014 We simplify the algorithm because we only need one proxy and can do all transforms at one time
  25. 25. Still a revocation vulnerability if a group administrator gets the group private key, then is removed from the system. Group private key can be used to directly decrypt any data encrypted to the group, without transformation. Resolve by augmenting keys Additional Security Issue
  26. 26. Client generates key pair for group or user as before, sends to proxy. Proxy augments the public key, so that it is no longer mathematically related to the private key. Any time a transform key is generated from a group or user, the proxy augments the transform key using the same factor. Device keys are not augmented. Key Augmentation
  27. 27. Encrypt to User 1 Server Generated Group 1 Public Key Private Key Server Group 1 Public Key Private Key Group 1 Encrypted Private Key User 1 Device A Server Generated Group 1 Public KeyPublic Key Group 1 Augmented Public Key Group 1 Public KeyPublic Key Server Secure Storage Key Augmentation Process
  28. 28. Private key of group or user can no longer be used to decrypt. Only devices can decrypt data. Private key of group or user is only used to compute transform keys. Proxy is required to use augmenting private key when adding new transform keys, but otherwise transform process is not affected. Security Benefits
  29. 29. We have implemented the PRE primitives in a Scala library We use ScalaJS to generate a client-side Javascript library from the same source Library is open source, available on GitHub - IronCoreLabs/recrypt PRE Library
  30. 30. We built a Javascript SDK around the library SDK talks to a service that functions as the public key repository and transformation proxy Developers are free to try the system - https://docs.ironcorelabs.com has a Getting Started example Working System
  31. 31. Questions? Thanks to Madison Kerndt for her help with preparing the presentation.
  32. 32. Thank You bob.wall@ironcorelabs.com BobWall23 Bob Wall @ironcorelabs ironcorelabs.com

×