Special Encryption- Functional /Attribute-based/ID-based
2016-06-20 17:30
288 查看
Special Encryption- Functional /Attribute-based/ID-based
Functional encryption
Functional encryption is a type of public-key encryption in which possessing a secret key allows one to learn a function of what the ciphertext is encrypting.More precisely, a functional encryption scheme for a given functionality F consists of the following four algorithms:
-(pk,msk)←Setup(1λ): creates a public key pk and a master secret key msk.
-sk←Keygen(msk,k): uses the master secret key to generate a new secret key sk for value k.
-c←Enc(pk,x): uses the public key to encrypt a message x.
-F(k,x)←Dec(sk,c): uses secret key to calculate a function of the value c encrypts.
Functional encryption generalizes several existing primitives including Identity-based encryption (IBE) and Attribute-based encryption (ABE). In the IBE case, define F(k,x) to be equal to when corresponds to an identity that is allowed to decrypt, and \perp otherwise. Similarly, in the ABE case, define F(k, x) = x when encodes attributes with permission to decrypt and otherwise.
Attribute-based encryption
Attribute-based encryption is a type of public-key encryption in which the secret key of a user and the ciphertext are dependent upon attributes (e.g. the country he lives, or the kind of subscription he has). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.[1] A crucial security aspect of Attribute-Based Encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access.The concept of attribute-based encryption was first proposed by Amit Sahai and Brent Waters [2] and later by Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters.[3] Recently, several researchers have further proposed Attribute-based encryption with multiple authorities who jointly generate users’ private keys.[4][5][6][7][8][9]
Usage
Attribute-based encryption (ABE) can be used for log encryption.[10] Instead of encrypting each part of a log with the keys of all recipients, it is possible to encrypt the log only with attributes which match recipients’ attributes. This primitive can also be used for broadcast encryption in order to decrease the number of keys used.[11]Challenges
Although ABE concept is very powerful and a promising mechanism, ABE systems suffer mainly from two drawbacks: non-efficiency and non-existence of attribute revocation mechanism.Other main challenges are: Key coordination Key escrow key revocation
ID-based encryption
ID-based encryption, or identity-based encryption (IBE), is an important primitive of ID-based cryptography. As such it is a type of public-key encryption in whichthe public key of a user is some unique information about the identity of the user (e.g. a user’s email address). This means that a sender who has access to the public parameters of the system can encrypt a message using e.g. the text-value of the receiver’s name or email address as a key. The receiver obtains its decryption key from a central authority, which needs to be trusted as it generates secret keys for every user.ID-based encryption was proposed by Adi Shamir in 1984.[1] He was however only able to give an instantiation of identity-based signatures. Identity-based encryption remained an open problem for many years. The pairing-based Boneh–Franklin scheme[2] and Cocks’s encryption scheme[3] based on quadratic residues both solved the IBE problem in 2001.
Advantages
One of the major advantages of any identity-based encryption scheme is that if there are only a finite number of users, after all users have been issued with keys the third party’s secret can be destroyed. This can take place because this system assumes that, once issued, keys are always valid (as this basic system lacks a method of key revocation). The majority of derivatives of this system which have key revocation lose this advantage.Moreover, as public keys are derived from identifiers, IBE eliminates the need for a public key distribution infrastructure. The authenticity of the public keys is guaranteed implicitly as long as the transport of the private keys to the corresponding user is kept secure (Authenticity, Integrity, Confidentiality).
Apart from these aspects, IBE offers interesting features emanating from the possibility to encode additional information into the identifier. For instance, a sender might specify an expiration date for a message. He appends this timestamp to the actual recipient’s identity (possibly using some binary format like X.509). When the receiver contacts the PKG to retrieve the private key for this public key, the PKG can evaluate the identifier and decline the extraction if the expiration date has passed. Generally, embedding data in the ID corresponds to opening an additional channel between sender and PKG with authenticity guaranteed through the dependency of the private key on the identifier.
Drawbacks
If a Private Key Generator (PKG) is compromised, all messages protected over the entire lifetime of the public-private key pair used by that server are also compromised. This makes the PKG a high-value target to adversaries. To limit the exposure due to a compromised server, the master private-public key pair could be updated with a new independent key pair. However, this introduces a key-management problem where all users must have the most recent public key for the server.Because the Private Key Generator (PKG) generates private keys for users, it may decrypt and/or sign any message without authorization. This implies that IBE systems cannot be used for non-repudiation. This may not be an issue for organizations that host their own PKG and are willing to trust their system administrators and do not require non-repudiation.
The issue of implicit key escrow does not exist with the current PKI system, wherein private keys are usually generated on the user’s computer. Depending on the context key escrow can be seen as a positive feature (e.g., within Enterprises). A number of variant systems have been proposed which remove the escrow including certificate-based encryption, secret sharing, secure key issuing cryptographyand certificateless cryptography.
A secure channel between a user and the Private Key Generator (PKG) is required for transmitting the private key on joining the system. Here, a SSL-like connection is a common solution for a large-scale system. It is important to observe that users that hold accounts with the PKG must be able to authenticate themselves. In principle, this may be achieved through username, password or through public key pairs managed on smart cards.
IBE solutions may rely on cryptographic techniques that are insecure against code breaking quantum computer attacks (see Shor’s algorithm)
Ref
wiki相关文章推荐
- MySQL 安全事宜
- C#中Property和Attribute的区别实例详解
- javascript 对象属性property与元素属性attribute的浏览器支持
- JavaScript Table排序 2.0 (更新)
- Attribute/特性心得随笔
- JavaScript中property和attribute的区别详细介绍
- JS Attribute属性操作详解
- JavaScript中的property和attribute介绍
- javascript中attribute和property的区别详解
- RDP 协议组件 X.224 在协议流中发现一个错误并且中断了客户端连接的解决方法
- spring security 3.2.0.M1 方法级别教程 基于注解——第一部分
- spring security 3.2.0.M1 方法级别教程 基于注解——第二部分
- Spring Security3源码分析-FilterChainProxy初始化(转)
- Spring-Security-OAuth2遇到的奇怪问题
- JS Attribute属性操作详解
- SpringSecurity 3.x,无法找到元素 'http' ,以及 [http://www.springframework.org/schema/security]
- Firewall in linux–IPTABLE [01]
- PHP代码审计小计
- windows 2008文件服务器审计
- 网络信息安全防范体系以及设计原则