Professional Documents
Culture Documents
22 June 2012
SERE 2012
1/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
CT Encrypt(Enc(E ), M )
M Decrypt(Dec(E ), CT )
SERE 2012
2/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
CT Encrypt(Enc(E ), M )
M Decrypt(Dec(E ), CT )
Cryptographic keys are paired Encryption/Decryption is one-to-one 1-2-Many Encryption is cumbersome Decryption is an atomic transaction
SERE 2012
2/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Modern PKE
3 4
SERE 2012
3/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
What is PBE?
Predicate Based Encryption (PBE) A family of public key encryption algorithms where decryption is determined by the satisfaction of a predicate by a set of attributes
Functional operation is analogous to ABAC Expressive ne-grained encrypted access control Keys are constructed from sets of attributes and access policies Keys can be specied as strings Predicate placement gives: Ciphertext-Policy (CP): Encrypt under predicates = ABAC Key-Policy (KP): Encrypt under set of attributes = CBAC 1-2-Many Encryption = eciency gains
SERE 2012
4/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Denition (General PBE Scheme) A general PBE scheme consists of the four operations: (MSK, MPK) Setup(1 ) (4) (5) (6) (7)
M Decrypt(MPK, Dec(input), CT )
SERE 2012
5/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Example: CP-ABE
Enc(M ) 786b6364 2e636f6d2 f3335332f Cipher-text Dec(Cobie) name:cobie, gender:female, height=1.76, speaks:nl speaks:en-gb Dec(Ilse) name:ilse, gender:female, height=1.98, speaks:nl speaks:en-us (gender:female height 1.75m (speaks:nl speaks:en-gb))
Cobie
SERE 2012
6/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Uses of PBE
SERE 2012
7/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
The Problem
Current Work towards PBE Scheme Specication Bespoke Systems Proof of Concept Investigate the use of PBE Crypto-Systems
SERE 2012
8/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
General Concerns Specication Design Construction Implementation Deployment Use Crypto-System Concerns
Access Control Crypto Primitives Representation of Keys Key Management System Administration
SERE 2012
9/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Research Hypothesis
By using a pattern-based approach, a separation of concerns can be provided that governs how PBE crypto-systems can be leveraged by those who lack expertise within the security, and applied cryptography domains.
SERE 2012
10/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Design Patterns
Denition A three-part rule, which expresses a relation between a certain context, a certain system of forces which occurs repeatedly in that context, and a certain software conguration which allows these forces to resolve themselves Yoshioka et al., 2008.
Well documented solution to a recurrent problem within a particular
SERE 2012
11/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Pattern Languages
Denition A network of tightly interwoven patterns that denes a process for resolving a set of related interdependent software development problems systematically Buschmann et al., 2007.
Representation of complex ideas and systems Single patterns solve simple problems Illustrated using Pattern Diagrams Layers of abstraction
SERE 2012
12/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Security Patterns
Denition Pattern, and Pattern Languages used to describe solutions to recurring security problem Yoder and Barcalow (1997). Examples Enterprise Physical Access Control, Management. . . User Password selection, Privacy. . . Cryptography Key Management, Information Secrecy. . . Network Firewalls, Secure Channels. . . Software IAM, Access Control. . .
SERE 2012
13/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Deployment
PBE as a Service
Distributed Security
Database Access
Database Submission
Types
CP PBE
KP PBE
Components
Access Control
Tokens/ Credentials
Token Management
System Administration
SERE 2012
14/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Cryptography Patterns exist for Information Secrecy, Key Managment Written for Classic Public Key Encryption (PKE)! Need new patterns designed for PBE Access Control Use existing patterns Ciphertext-Policy = ABAC Pattern Key-Policy = Capability Pattern Use attribute and policy patterns to represent keys. System Administration
Construct guidance patterns Access Control and Key Generation
SERE 2012
15/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Modelling CP and KP Patterns Selecting lower level patterns Ensuring correctness Modelling Deployment Patterns
Correct modelling of deployment patterns Ensuring correctness
Level of Abstraction How concrete should the pattern language be? Specify software libraries, and settings?
SERE 2012
16/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
How to evaluate our pattern language? Not a well documented area! Need to develop a evaluation methodology. . . Qualitative or Quantitative approach?
SERE 2012
17/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Conclusion
Summary
Outlined a pattern-based approach to the deployment of PBE
crypto-systems
Overview of perceived challenges Construction Evaluation
SERE 2012
18/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Conclusion cont. . .
Future Work
There is a lot! Investigate requirements for organisational measures for key
management
Construct the Pattern Language Evaluate the Pattern Language
SERE 2012
19/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
Further Reading
Functional Encryption Schemes Dan Boneh et al. (2010). Functional Encryption: Denitions and Challenges. Cryptology ePrint Archive, Report 2010/543 Security Patterns
Nobukazu Yoshioka et al. (2008). A Survey on Security Patterns.
Security Patterns. In: PATTERNS 2011, The Third International Conferences on Pervasive Patterns and Applications. Rome, Italy: ThinkMind, pp. 138143. ISBN: 978-1-61208-158-8
SERE 2012
20/22
PBE Research Problem Security Design Patterns A PBE Pattern Language The End
http://www.cs.st-andrews.ac.uk/~jfdm/notes.html
You can also email me. Or speak to me oine.
SERE 2012
21/22
http://graygame205.wordpress.com/