463.7 Attribute-Based Security Systems

8/13/2019 463.7 Attribute-Based Security Systems

1/34

463.7 Attribute-Based

Security Systems

Fariba Khan

University of IllinoisWith a!esh Bobba" #mid $atemieh"

Arindam %han" &arl 'unter"

(imanshu %hurana" and )ano* +rabha!aran


2/34

Aim, elain and illustrate attribute-based

security systems as an alternative to

/classic0 access control and encrytion

Such systems Imrove mana1ement and formali2ation

nable ne middleare and alications

#ur illustration is based on Attribute-Based)essa1in1 5AB).

Attribute-Based Security Systems


3/34

AB) sends email to arties described interms of a collection of attributes.

Similar to a listserv" but reciients are

determined dynamically usin1 one or moreenterrise databases

An AB) address is a database 8uery.

, female 1rad students in en1ineerin1 hohave assed their 8ualifyin1 eams

AB) &oncet


4/34

Efficiency, eole ho do not need an email donot receive it

, all of the faculty on sabbatical

Exclusivity, sensitive messa1es can tar1etmore limited 1rous

, all tenured faculty servin1 on conflict of interest

committeesIntensionality, often easier to describe

reciients than list them

, Smith9s attendin1 and orderin1 hysicians

Advanta1es


5/34

Access Control, on hat attributes should aarty be alloed to route:

, All faculty ho ma!e more than

;">>>?yearEncryption, if the senders do not !no their

secific reciients" ho can they encryt end-

to-end:Privacy, hat should the sender and reciient

be alloed to learn:

@esi1n &hallen1es


6/34

Interoeration ith eistin1 systems Webmail easiest

Aim to or! ith eistin1 )ail User A1ents

5)UAs or )ail ransfer A1ents 5)As Alication inte1ration may be necessary

fficiency of

Access control decisions ncrytion and !ey 1eneration

+olicies must be easy to mana1e and use

Imlementation" Use" and )ana1ement

&hallen1es


7/34

Attribute-Based Access &ontrol 5ABA& foraccess decisions

/+olicy seciali2ation0 rovides attributes that

can be used for routin1 Attribute-Based ncrytion 5AB

e ublic !ey system rovides eactly hat is

needed for end-to-end confidentiality

Aroach


8/34

(o does /attribute-based0 security differfrom other aroaches:

Access &ontrol Cists 5A&Cs and caabilities.

ole-Based Access &ontrol 5BA&

A role is a bundle of rivile1es

Activate a role ithin a session to erform a tas!

ole hierarchies aid role definitions )ust establish and mana1e roles

&omarison


9/34


10/34

)any established ideas for ho to useattributes in A&

F.=>E attribute certificates

Attributes in dynamic to!ens as in Shibboleth )uch imlicit use in alication servers

e aroaches under eloration

Attribute-based A&)s rust ne1otiation

ransaction @atalo1 5used in our @BA& desi1n

ABA&


11/34

Established

)ulti-Cevel Security

5)CS for military

alications F.=>E attribute

certificates

Attributes in dynamicto!ens as in Shibboleth

)uch imlicit use in

alication servers

Under Investigation

Attribute-based ACMs rust negotiation

ransaction !atalog

"used in our #!$AC

design%

ABA& in +ractice


12/34

&ihertet +olicy AB 5&+-AB

Attributes are reresented as strin1s

yes are boolean" enumerated" and numerical

ran1e

Attribute Authority 5AA issues individual

rivate !eys for attributes of each user

ncryt usin1 /access structure0 and ublicarameters for attributes of readers

+rotects a1ainst collusion

AB


13/34

Addresses are dis*unctive normal forms

Citerals assert e8ualities or ine8ualities

, 55+osition G $aculty and 5Salary H

>>>

@efines delivery olicy

AB) Addresses


14/34

+olicy seciali2ation, rules use ABA& todetermine attributes a arty can use in an

address

Sendin1 rules attr" valH ,- cond

Any address can be formed ith alloed

attributes

he sendin1 rules collectively define the

address authori2ation olicy

AB) Access &ontrol


15/34

AA issues !eys usin1 the enterrisedatabase

he /$aculty0 attribute has a !ey

#ne attribute is for eiry

@is*unctive normal forms define the

encrytion olicy

AB) ncrytion


16/34

(i1h Cevel Architecture


17/34

he rotocols for the AB) system are 1iven interms of three /aths0

+olicy seciali2ation ath

)essa1in1 and address resolution ath

Attribute !eyin1 ath

+rotocol Stes


18/34

+olicy Seciali2ation +ath

@atabase

AB) Server

+@+

Sender AuthenticationServer

+S< +S

+SD+S7

+S3

+S4

+S=

+S6

+olicy Seciali2ation 5+S +ath,


19/34

)essa1in1 and

Address esolution +ath

@atabase

Sender

)A AB) Server

eceivers

+@+

)S% 3=< 5" 3=E 5E7" 37

4=% E6 5%


25/34

Address esolution ime - F@B

F)C @atabase

@B Si2e

5o. ofUsers

Av1

CistSi2e

Address esolution ime)ean E=L &onf. Interval 5ms

With Access&ontrol

Without Access&ontrol

6>% 7ED 566

4=% 46E 53E7>" 47=> 53=DE" 44==

3>% E< 57D3" 36> 5=E3" 3


26/34

ncrytion ime

umber of elational Citerals

> 4 6

umberof

8uality

Citerals

> >s 4.4Es

< >.>=s =s 4.=6s

>.>7s Ds 4.=6s

3 >.>Es Es 4.6>s

4 >.


27/34

%ey 'eneration ime

Number of Boolean Attributes

0 1 2 3 4 5 6

Number

of

Numeric

al

Attribute

s

0 0.05s 0.07s 0.10s 0.12s 0.20 0.17s

1 0.86s 0.87s 0.88s 0.90s 0.93s 0.95s 0.97s

2 1.67s 1.68s 1.69s 1.70s 1.73s 1.76s 1.78s

3 2.44s 2.48s 2.49s 2.52s 2.54s 2.57s

4 3.26s 3.28s 3.29s 3.32s 3.34s 3.35s

5 4.05s 4.07s 4.09s 4.12s

6 4.87s 4.89s 4.92s


28/34

AA Scalability

3>?

4?D


29/34

nforcement of olicies S?)I) to authenticate sender to AB) server

Mulnerability indos, could let delivery be a

subset of encrytion &omonent comromise and collusion

)A or AB) server

&lients +rivacy

What should senders and receivers !no:

Security and +rivacy Analysis


30/34

Attribute-Based Addressin1 for &ustomerelation )ana1ement J(offmann (urley EEK

ole-Based )essa1in1 J&hadic! et al >4K

ABA& for trust mana1ement and credential-based access control

AB for imosin1 access controls on

eternal systems

elated Wor!


31/34

Attribute-Based )essa1in1,

Access &ontrol and &onfidentiality"

a!esh Bobba" #mid $atemieh" $ariba %han"

Arindam %han" &arl A. 'unter" (imanshu%hurana" and )ano* +rabha!aran.

o aear in A&) ransactions on Information

and Systems Security 5ISS&.

eference for his al!
http://seclab.uiuc.edu/pubs/BobbaFKKGKP09.pdfhttp://seclab.uiuc.edu/pubs/BobbaFKKGKP09.pdfhttp://seclab.uiuc.edu/pubs/BobbaFKKGKP09.pdfhttp://seclab.uiuc.edu/pubs/BobbaFKKGKP09.pdf


32/34

ABA& for SS feeds alied to &@& health alerts eflective @atabase &ontrol 5@BA& alied to

access control for hosital information systems

&omilin1 FA&)C olicies for @BA& JNahid'(#


33/34

mail messa1in1 based on attributescollected from an enterrise database is

feasible and deloyable for mid-si2e

enterrises. Access control olicies and encrytion are

mana1eable usin1 attribute-based security

mechanisms. Inter-enterrise AB) ill or! best ith a

multi-authority AB techni8ueO

&onclusions


34/34

@esi1n &hallen1es for rinity ? (I Access control" encrytion" rivacy:

@iscussions

Documents

463.7 Attribute-Based Security Systems