Ensuring Privacy in NDN using ABE via Two-fish encryption.

Chapter 5.

SYSTEM ARCHITECTURE

3.1 Introduction

Design is one of the most important phases of software development. The design is a
creative process in which a system organization is established that will satisfy the functional
and non-functional system requirements. Large Systems are always decomposed into sub-
systems that provide some related set of services.

The Difference between Data Privacy and Data Security?

Data Security

Data security is commonly referred to as the confidentiality, availability, and integrity

of data. In other words, it is all of the practices and processes that are in place to ensure data
isn't being used or accessed by unauthorized individuals or parties. Data security ensures that
the data is accurate and reliable and is available when those with authorized access need it. A
data security plan includes facets such as collecting only the required information, keeping it
safe, and destroying any information that is no longer needed. These steps will help any
business meet the legal obligations of possessing sensitive data.

Data Privacy

Data privacy is suitably defined as the appropriate use of data. When companies and
merchants use data or information that is provided or entrusted to them, the data should be
used according to the agreed purposes. In some cases, companies have sold, disclosed, or
rented volumes of the consumer information that was entrusted to them to other parties
without getting prior approval.

5.2DATA SHARING ARCHITECTURE

In this section, we describe the data sharing architecture and define the security

MSS’s CET Jalna 24

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

model. System Description and Key Management Fig. 1 shows the architecture of the data
sharing system, which consists of the following system entities:

1. Key generation center. It is a key authority that generates public and secret parameters for
CP-ABE. It is in charge of issuing, revoking, and updating attribute keys for users. It grants
differential access rights to individual users based on their attributes. It is assumed to be
honest-but-curious. That is, it will honestly execute the assigned tasks in the system;
however, it would like to learn information of encrypted contents as much as possible. Thus,
it should be prevented from accessing the plaintext of the encrypted data even if it is honest.

2. Data-storing center. It is an entity that provides a data sharing service. It is in charge of

controlling the accesses from outside users to the storing data and providing corresponding
contents services. The data-storing center is another key authority that generates personalized
user key with the KGC, and issues and revokes attribute group keys to valid users per each
attribute, which are used to enforce a fine-grained user access control. Similar to the previous
schemes we assume the data-storing center is also semi trusted (that is, honest-but-curious)
like the KGC.

3. Data owner. It is a client who owns data, and wishes to upload it into the external data-
storing center for ease of sharing or for cost saving. A data owner is responsible for defining
(attribute-based) access policy, and enforcing it on its own data by encrypting the data under
the policy before distributing it.

MSS’s CET Jalna 25

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

4. User. It is an entity who wants to access the data. If a user possesses a set of attributes
satisfying the access policy of the encrypted data, and is not revoked in any of the valid
attribute groups, then he will be able to decrypt the ciphertext and obtain the data. Since both
of the key managers, the KGC and the data storing center, are semi trusted, they should be
deterred from accessing plaintext of the data to be shared; meanwhile, they should be still
able to issue secret keys to users. In order to realize this somewhat contradictory requirement,
the two parties engage in the arithmetic 2PC protocol with master secret keys of their own,
and issue independent key components to users during the key issuing phase. Thus, we take
an assumption that the KGC does not collude with the data-storing center since they are
honest as in (otherwise, they can guess the secret keys of every user by sharing their master
secrets).

MSS’s CET Jalna 26

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

Threat Model and Security Requirements

1. Data confidentiality. Unauthorized users who do not have enough attributes satisfying the
access policy should be prevented from accessing the plaintext of the data. Additionally, the
KGC is no longer fully trusted in the data sharing system. Thus, unauthorized access from the
KGC as well as the data-storing center to the plaintext of the encrypted data should be
prevented.

2. Collusion resistance. Collusion resistance is one of the most important security property
required in ABE systems. If multiple users collude, they may be able to decrypt a ciphertext
by combining their attributes even if each of the users cannot decrypt the ciphertext alone.
We do not want these colluders to be able to decrypt the private data in the server by
combining their attributes. Since we assume the KGC and data-storing center are honest, we
do not consider any active attacks from them by colluding with revoked users as in.

3. Backward and forward secrecy. In the context of attribute-based encryption, backward

secrecy means that any user who comes to hold an attribute (that satisfies the access policy)
should be prevented from accessing the plaintext of the previous data distributed before he
holds the attribute. On the other hand, forward secrecy means that any user who drops an
attribute should be prevented from accessing the plaintext of the subsequent data distributed
after he drops the attribute, unless the other valid attributes that he is holding satisfy the
access policy.

Data Confidentiality

In our trust model, the KGC is no longer fully trusted as well as the data-storing center even
if they are honest. Therefore, the plain data to be shared should be kept secret from them as
well as from unauthorized users. Data confidentiality on the shared data against outside users
who have not enough attributes can be trivially guaranteed. If the set of attributes of a user
cannot satisfy desired to generate is blinded by the updated attribute group key that the
revoked user from the attribute group can by no means obtain (by key secrecy property of the
one-way key agreement protocol). Another attack on the shared data can be launched by the
data-storing center and the KGC. Since they cannot be totally trusted by users (suppose that

MSS’s CET Jalna 27

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

the data-storing center could be compromised and the KGC tries to exploit private user data
maliciously for its profit), the confidentiality for the shared data against them is another
essential security criteria for secure data sharing. The KGC issues a set of attribute keys,
SKK;u, to an authenticated user u for the attributes that the user is entitled. The data-storing
center issues a user a personalized secret key, SKD;u, by performing a secure with the KGC.
As we discussed in Theorem 1, this key generation protocol discourages the two parties to
obtain each other’s master secret key and determine the secret key issued from each other.
Therefore, they could not have enough information to decrypt the
data. Even if the data-storing center manages each attribute group key, it cannot decrypt any
of the nodes in the access tree in the ciphertext. This is because it is only authorized to
reencrypt the ciphertext with each attribute group key, but is not allowed to decrypt it (that is,
any of the attribute keys for the corresponding attributes in the ciphertext issued by the KGC
are not given to the data-storing center). Therefore, data confidentiality against the honest-
but-curious KGC and data-storing center is also guaranteed.

Backward and Forward Secrecy

When a user comes to hold a set of attributes that satisfy the access policy in the ciphertext at
some time instance, the corresponding attribute group keys are updated and delivered to the
valid attribute group members securely (including the user). In addition, all of the
components encrypted with a secret key s in the ciphertext are reencrypted by the data-storing
center with a new secret s0 , and the ciphertext components corresponding to the attributes
are also reencrypted with the updated attribute group keys. Even if the user has stored the
previous ciphertext before, he obtains the attribute keys and the holding attributes satisfy the
access policy, he cannot decrypt the pervious ciphertext. This is because, even if he can
succeed in computing eðg; gÞ rðsþs0 Þ from the current ciphertext, it would not help to
recover the desired value eðg; gÞ s for the previous ciphertext since it is blinded by a random
s0 . Therefore, the backward secrecy of the shared data is guaranteed in the proposed scheme.
On the other hand, when a user comes to drop a set of attributes satisfying the access policy
in the ciphertext at some time instance, the corresponding attribute group keys are also
updated and delivered to the valid attribute group members securely (excluding the user).

MSS’s CET Jalna 28

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

Then, all of the components encrypted with a secret key s in the ciphertext are reencrypted by
the data-storing center with a new secret s0 , and the ciphertext components corresponding to
the attributes are also reencrypted with the updated attribute group keys. Then, the user
cannot decrypt any nodes corresponding to the attributes after his revocation due to the
blindness resulted from newly updated attribute group keys. In addition, even if the user has
recovered eðg; gÞ s before he was revoked from the attribute groups and stored it, it would
not help to determine the desired value eðg; gÞ ðsþs0 Þ in the subsequent ciphertext since it
is also reencrypted with a new random s0 . Therefore, the forward secrecy of the shared data
is also guaranteed in the proposed scheme.

5.3 Two-fish Algorithm

 Two-fish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier

[14]. Two-fish has a 64-bit block size and a variable key length from 8 up to 448 bits.
It is a 16-round Feistel cipher and uses large key-dependent S-boxes. It is similar in
structure to CAST-128, which uses fixed S-boxes.

 Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-
array and four 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit
output. One entry of the P-array is used every round, and after the final round, each
half of the data block is XORed with one of the two remaining unused P-entries.

 Figure 3.3 shows Two-fish's F-function. The function splits the 32-bit input into four
eight-bit quarters, and uses the quarters as input to the S-boxes. The outputs are added
modulo 232 and XORed to produce the final 32-bit output.

 Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in
the reverse order.

 Two-fish's key schedule starts by initializing the P-array and S-boxes with values
derived from the hexadecimal digits of pi, which contain no obvious pattern. The
secret key is then, byte by byte, cycling the key if necessary, XORed with all the P-

MSS’s CET Jalna 29

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

entries in order. A 64-bit all-zero blocks is then encrypted with the algorithm as it
stands. The resultant ciphertext replaces P1 and P2. The same ciphertext is then
encrypted again with the new subkeys, and P3 and P4 are replaced by the new
ciphertext. This continues, replacing the entire P-array and all the S-box entries. In all,
the Two-fish encryption algorithm will run 521 times to generate all the subkeys -
about 4KB of data is processed.

Feistel Structure of Two-fish

MSS’s CET Jalna 30

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

The round function (Feistel function) of Two-fish

Substitution Box:

S-Box (Substitution-box) is a basic construct of symmetric key algorithms which

performs substitution. In block ciphers, they are typically used to obscure the relationship
between the key and the ciphertext i.e. Shannon's property of confusion (see Section 2.4.5).
In many algorithms, the S-Boxes are carefully chosen to resist cryptanalysis.

An S-Box takes some number of input bits, m, and transforms them into some number
of output bits, n: an m×n S-Box can be implemented as a lookup table with 2 m words of n bits
each. Fixed as well as dynamically generated tables might be used.

Permutation Box:

A permutation box (or P-box) is a method of bit-shuffling used to permute or

transpose bits across S-boxes inputs, retaining (Shannon’s) diffusion (see Section 2.4.5) while
transposing. A P-box is a permutation of all the bits: it takes the outputs of all the S-boxes of
one round, permutes the bits, and feeds them into the S-boxes of the next round. A good P-
box has the property that the output bits of any S-box are distributed to as many S-box inputs
as possible.

Feistel Cipher:

A Feistel cipher (also called Feistel network) is a symmetric structure used in the
construction of block ciphers named after cryptographic pioneer Horst Feistel. The Feistel
structure has the advantage that encryption and decryption operations are very similar, even
identical in some cases, requiring only a reversal of the key schedule. A Feistel network is an
iterated cipher with an internal function called a round function. Figure 3.1 shows both
encryption and decryption using feistel construction:

MSS’s CET Jalna 31

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

Figure: Encryption and decryption in feistel cipher

5.2 DATA FLOW DIAGRAMS:

A graphical tool used to describe and analyze the moment of data through a system manual or

automated including the process, stores of data, and delays in the system. Data Flow

Diagrams are the central tool and the basis from which other components are developed. The

transformation of data from input to output, through processes, may be described logically

MSS’s CET Jalna 32

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

and independently of the physical components associated with the system. The DFD is also

know as a data flow graph or a bubble chart.

DFDs are the model of the proposed system. They clearly should show the requirements on

which the new system should be built. Later during design activity this is taken as the basis

for drawing the system’s structure charts. The Basic Notation used to create a DFD’s are as

follows:

1. Dataflow: Data move in a specific direction from an origin to a destination.

2. Process: People, procedures, or devices that use or produce (Transform) Data. The

physical component is not identified.

3. Source: External sources or destination of data, which may be People, programs,

organizations or other entities.

4. Data Store: Here data are stored or referenced by a process in the System.

MSS’s CET Jalna 33

 Ensuring Privacy in NDN using ABE via Two-fish encryption.

Application

 Audit Log Application

An important application of KP-ABE deals with secure forensic analysis: One of the most
important needs for electronic forensic analysis is an “audit log” containing a detailed
account of all activity on the system or network to be protected.

 Application to Broadcast Encryption: Targeted Broadcast.

 Secure data retrieval system.

Limitations

The proxy server is partially trusted and unable to decrypt the content directly.

MSS’s CET Jalna 34