encryption

© All Rights Reserved

0 vues

11 Chapter 3

encryption

© All Rights Reserved

- Week 1 Quiz _ Coursera
- rfc2947
- Security Review1
- Introduction to Cryptography
- IJCIS 020402
- Cryptography
- Scribd
- Achieving Secure, Scalable, And Fine-Grained Data Access Control in Cloud Computing
- caiib_gbmmodc_nov08
- Lj 3420632068
- INFOCOM10 Sharing
- CNS QB
- Encryption
- Hash Based Four Level Image Cryptography
- [IJCST-V5I2P99]:T.Ramaporkalai
- Misbehaving Users
- International Journal of Engineering Research and Development (IJERD)
- RSA Project
- Modulo 13
- 1 - 1 - Course Overview (11 Min)

Vous êtes sur la page 1sur 17

3.1 Introduction

In this Chapter, we propose a new CP-ABE scheme, named as BK-CP-

ABE, which allows to encrypt data under an access policy, specied as a logical

combination of attributes. Such ciphertexts can be decrypted by anyone with a set of

attributes that satisfy the access policy. We construct the scheme based on a recent

secret sharing method called Linear Integer Secret Sharing Scheme (LISS). Waters [8]

proposed the rst CP-ABE scheme based on a Linear Secret Sharing Scheme(LSSS).

In 2006, Damgard et al [21] introduced the notion of Linear Integer Secret Sharing

(LISS) scheme. The following are the advantages of LISS over LSSS.

1. The computations in LISS are done directly over the Integer, while LSSS is

done over a nite eld.

2. In LISS, there is no limit for the number of occurrences of a particular variable(attribute)

in the access structure, where as in [8] there is a bound for the occurrence.

3. In LISS, the secret reconstruction method is very simple.

4. In LISS, a simple standard procedure is available to convert the access structure

into an access matrix.

5. In LISS, a surjective function is used to allocate the rows of the access matrix

to the corresponding attributes.

33

The above advantages motivate us to construct a CP-ABE based on LISS and because

of that any access policy can be expressed very eectively using the Boolean operators

such as AND, OR, of(threshold).

3.1.1 Main Idea

into a distribution matrix M, by using the three rules in the LISS method. The

secret s can be selected from the interval −2 , 2 , then we choose the distribution

` `

vector ρ and the secret can be split by M · ρ. Secret shares can be distributed by the

surjective function to the corresponding attributes present in the access policy. Next,

we encrypt the message then we use the shares to encrypt the attributes present in

the access policy. If any one satisfy the access policy then he is able to decrypt the

ciphertext. We prove BK-CP-ABE scheme in the selective secure model under the

Decisional Bilinear Die-Hellman assumption.

3.1.2 Related Work

Attribute Based Encryption (ABE) was introduced by Sahai and Waters [59].

The rst CP-ABE was proposed by Bethencourt et al [5] uses threshold secret sharing

to enforce the policy in the encryption phase. T be a tree representing an access

structure. Each non-leaf node of the tree represents a threshold gate, described by

its children and a threshold value. If num is the number of children of a node x and

x

x x x x

34

is an OR gate and when k = num , it is an AND gate. Each leaf node x of the

x x

x

exponentiation operations are required in the decryption phase. The scheme is secure

in the generic group model.

The CP-ABE proposed by Cheung and Newport [17], in which decryption

policies are restricted to a single AND gate, attributes are allowed to be either positive

or negative. Security proof was in CPA secure under the DBDH assumption. Canetti

et al.[16] technique has been adopted to obtain Chosen Ciphertext Attack(CCA)

secure extension using one-time signatures. In this method the size of the ciphertext

and secret key increases linearly with the total number of attributes in the system.

Water's [8] presented three CP-ABE schemes which are based on Linear Secret

Sharing Scheme (LSSS) and secure under BDH, Bilinear Die-Hellman Exponent

and a new assumption called parallel Bilinear Die-Hellman assumptions. These

dierent constructions provide tradeos of the eciency of the system versus the

strength of the assumption used. One drawback of this technique is that it can only

work if an attribute appears atmost once in a ciphertext.

Goyal et al.[27] gave a "bounded" CP-ABE construction based on number

theoretic assumption and support advanced access structures. Access structure can

be represented by a bounded size access tree with threshold gates as its nodes. The

35

bound on the size of the access tree is chosen at the time of the system setup and is

represented by a tuple(d,num) where d represents the maximum depth of the access

tree and num represents the maximum number of children each non-leaf node of the

tree might have. Any access tree satisfying these upper bounds on the size can be

dynamically chosen by the encryptor and provide the security proof based on the

standard DBDH assumption.

Ibraimi [38] proposed a CP-ABE scheme in which the secret s can be split

by Shamir's Secret Sharing scheme or by Unanimous consent control by modular

addition scheme. The access tree is an n-ary tree represented by ∧, ∨ and of nodes.

Lewko et al.[39] proposed the rst full secure CP-ABE scheme by adapting the dual

system encryption techniques of [9] to the ABE case.

In a dual encryption system, keys and ciphertexts can take on one of two

forms: normal and semi-functional. A normal key can decrypt both normal and

semi-functional ciphertexts, while a semi-functional key can only decrypt normal

ciphertexts. The semi-functional keys and the ciphertexts are not used in the real

system, only in the proof of security. The proof employs a hybrid argument over a

sequence of security games. The rst is the real security game, with normal keys

and ciphertext. In the second game , the ciphertext is semi-functional and the keys

remain normal. In the subsequent games, the keys requested by the attacker are

changed to semi-functional one by one. By the nal game, none of the keys given out

36

are actually useful for decrypting a semi-functional ciphertext, and proves security

becomes relatively easy.

3.2 Denition and Security Model

Denition 8 Access structure Let {1, 2, ...n} be a set of parties. A collection Γ ⊆

2{1,2,...,n} is monotone if ∀B, C : if B ∈ Γ and B ⊆ C then C ∈ Γ. An access

collection) A of non-empty subsets of {1, 2..., n}

i.e Γ ⊆ 2{1,2,..,n} \ φ. The sets in Γ are called the authorized sets, and the sets not

Encryption and Decryption. Let U be the set of attributes.

Setup: The setup algorithm takes no input other than the implicit security parameter.

It outputs the public parameters PK and a master key MK.

KeyGen (MK, S): The key generation algorithm takes as input the master key

MK and a set of attributes S that describes the key. It outputs a private key SK.

Encrypt (PK, P , m): The encryption algorithm takes as input the public parameters

PK, the message m, and an access structure P over the universe of attributes. The

algorithm will encrypt m and produce a ciphertext CT such that only a user that

37

possesses a set of attributes that satisfy the access structure will be able to decrypt

the message. Assume that the ciphertext implicitly contains P .

Decrypt(CT,SK):

The decryption algorithm takes as input the ciphertext CT, which contains

an access structure P , and a private key SK, which is a private key for a set S of

attributes. If the set S of attributes satises the access structure P then the algorithm

will decrypt the ciphertext and return a message m.

3.2.1 Security Model for BK-CP-ABE

the selective attribute model (sAtt), where the adversary must provide the challenge

access tree he wishes to attack before he receives the public parameters from the

challenger. The game is carried out between a challenger and an adversary. Specically,

the game is as follows.

Init

The adversary chooses the challenge access policy τ and gives it to the

∗

challenger.

Setup

The challenger runs the Setup algorithm and gives the public parameters, PK

to the adversary.

38

Phase1

The adversary makes a secret key request to the KeyGen oracle for any

attribute set ω = {a /a ∈ U } with the restriction that ω 2 τ . The Challenger

j j

∗

Challenge

The adversary submits two equal length messages M and M . The Challenger

0 1

ips a random coin d, and encrypts M under τ . The ciphertext CT is given to the

d

∗ ∗

adversary.

Phase 2

The adversary can continue querying KeyGen with the same restriction as

during Phase1.

Guess

0

secure against a chosen-plaintext attack(CPA) in the selective attribute model if any

polynomial time adversaries have only a negligible advantage in the IND-sAtt-CPA(Indistinguishable-

selective attribute under chosen-plaintext attack)game, where the advantage is dened

to be = P r[d0 = d] − 21 .

39

3.3 Main Construction

In BK-CP-ABE construction, it is required to convert the access policy into

a distribution matrix M. The matrix M can be formulated using the three rules in

LISS method[21]. After constructing the distribution matrix M, the secret s can be

selected from the interval −2 , 2 , then we choose the distribution vector ρ and

` `

the secret can be split by M · ρ. Secret shares can be distributed by the surjective

function to the corresponding attributes present in the access policy. Message m will

be encrypted and then the attributes present in the access policy are encrypted using

the corresponding attribute shares. Any one that satises the access policy is able to

decrypt the ciphertext.

Setup (1k )

0

1 2 n

1 2 n p

α

j

tj

The Public Key is PK = (g, y, T (1 ≤ j ≤ n)) and the Master Secret Key is MK =

j

(α, t (1 ≤ j ≤ n)).

j

KeyGen (MK, S)

This algorithm takes as input the master secret key and a set S of attributes

and performs the following:

40

a) Select random values a, r ∈ Z and compute d

p 0 = g α−ar

−1

Encrypt(PK, P , m)

Step 1: Select a random element s ∈ −2 , 2 and compute C = g . M is the

` `

0

s

distribution matrix constructed by the above method for the access policy P . Choose

ρ = (s, ρ , ..., ρ ) , where ρ s are uniformly random chosen integers in −2

0

.

T

`0 +k `0 +k

2 e i ,2

Step 2:

a) Compute M · ρ = (s , ..., s )

1 d

T

0

b) C = m · y s = m · e(g, g)αs

i = Tisi using the corresponding shares of the

attribute a .i

C0 , C , Ci ; i = 1 to d

along with M.

41

Decrypt(CT,SK)

a private key for a set A ⊆ S. Suppose A satises the access policy P then there

is a vector λ ∈ Z such that M λ = ξ (by def[7]. With this, it is possible to

A

dA T

A A

i i

i∈A

0

C !

e(Ci ,(di )λi )

Q

e(C0 ,d0 )

=

i∈A

m.e(g,g)αs

λ !!

i

s α−ar

Q si art−1

e(g ,g ) e Ti , g i

=

i∈A

m.e(g,g)αs

!!

−1 λi

e(g s ,g α−ar ) e g ti si , g arti

Q

=

i∈A

m.e(g,g)αs !

s α−ar

Q arsi λi

e(g ,g ) e(g,g)

=

i∈A

m.e(g,g)αs !

e(g s ,g α−ar ) e(g,g)ars

Q

=

i∈A

m.e(g,g)αs

(e(g s ,g α−ar )e(g,g)ars )

=m

3.4 Security Analysis

Theorem 3.1 Suppose the DBDH assumption holds, then no polynomial adversary

can selectively break BK-CP-ABE system.

selective security game against our construction. We show how to use the adversary

42

A to build a simulator B that is able to solve the DBDH assumption. The Challenger

Init. The adversary chooses the challenge access policy (M 0 , p∗ ) and gives it to the

simulator.

0

letting e(g, g)α = e(ga , gb )e(g, g)a . For all aj ∈ U it chooses a random qj ∈ Zp and

1

0

set Tj = g (Mj qj ) if aj ∈/ p∗ , otherwise Tj = gqj . The simulator B sends the public

parameters to A.

Phase 1 A makes secret key requests for any set of attributes ω = {aj /aj ∈ U }

with the restriction that aj 2 p∗ . On each request B chooses a random variable v ∈ Zp ,

and nds a vector k = (k1 , k2 , .., ke )T ∈ Z e such that M 0 · k = 0 with k1 = 1. By

the denition of Sweeping vector such a vector must exist. Simulator sets r value as

v + kj b.

0

= g ab+a −av−ab

0

= g a A−v

0 0

dj = g a(v+kj b)qj Mj = AvMj qj

43

0 0

d0 = g a A−v , dj = AvMj qj , ∀aj ∈ ω are sent to the adversary.

binary coin d, and returns the encryption of md . The encryption of md can be done

as follows:

0 0

C0 = g s , C = md De(g s , g a )

The simulator will choose uniformly random integers z2 , ..., zh in −2`0 +k , 2`0 +k and

Create the distribution matrix M, for the access policy p∗ . Compute M · Φ and use

the shares to encrypt the access policy with corresponding qj for the attributes present

in the access policy p∗ , Cj = Tjsj .

Guess A outputs a guess d0 of d. The simulator then outputs 0 to the guesses that

D = e(g, g)abs if d = d; otherwise, it outputs 1 to indicate that it believes D is

0

When D is a tuple the simulator B gives a perfect simulation, so we have that

1

P r B ρ, D = e(g, g)abs = 0 = 2

+ .

When D is random group element the message md is completely hidden from the

adversary and we have P r [B (ρ, D = R) = 0] = 21 .

44

3.5 Implementation and Eciency Analysis

Implementation Details

to facilitate the rapid prototyping of cryptographic schemes and protocols. It is based

on the Python language which allows the programmer to write code similar to the

theoretical implementations. However, the routines that implement the dominant

group operations use the PBC library[4]. PBC (Pairing-Based Cryptography) library

is a free C library. The PBC library is designed to be the backbone of implementations

of pairing-based cryptosystems. It provides routines such as elliptic curve generation,

elliptic curve arithmetic and pairing computation. PBC is built on the GMP library

that performs the mathematical operations underlying pairing-based cryptosystems.

arbitrary precision arithmetic, operating on signed integers, rational numbers, and

oating point numbers. There is no practical limit to the precision except the ones

implied by the available memory in the machine GMP runs on. GMP has a rich set

of functions, and the functions have a regular interface. The main target applications

for GMP are cryptography applications and research, Internet security applications,

algebra systems, computational algebra research, etc.

45

All Charm routines use formally asymmetric groups ( although the underlining

groups might be symmetric) and therefore we translated our schemes to the asymmetric

setting. Namely, we have three groups G , G , G and the pairing e is a function from

1 2 T

1 2 T

curve( with embedding degree k=2)from PBC.

National Technical Research Organization(NTRO), New Delhi has sponsored

a project called "` Smart and Secure Environment"'(SSE) in which eight dierent

institutions such as IIT Madras, Anna University Chennai, Pondicherry University,

PSG Technology Coimbatore, TCE Madurai, Madurai Kamarajar University, NIT

Trichy and Alagappa University work together to frame a Smart and Secure Environment.

In this setup Alagappa University's role was to provide the Database Security. A

testbed has been formed to test and verify several protocols, in which we have

implemented the BK-CP-ABE scheme.

Eciency Analysis

In Table 1, we give the comparison with Goyal et al [27], Waters [8] and

BK-CP-ABE method in terms of Ciphertext size (CT), Private Key Size (PKS),

Encryption time(EN), Decryption time (DE) based on DBDH assumption. Let n be

the number of attributes present in the access policy, A be the number of attributes in

user's key, T be the number of nodes satised by a user's attributes, U be the number

46

Table 1: Comparison of CP-ABE Schemes

Method CT PKS EN DE Complexity

GJPS[27] Θ(U.n 3.42

max ) Θ(A.n3.42

max )

3.42

Θ(U.nmax 3.42

) Θ(U.nmax DBDH

Waters[8] Θ(n ) 2

Θ(kmax .A + nmax ) Θ(n2 ) Θ(n.T ) DBDH

BK-CP-ABE Θ(n) Θ(A) Θ(n) Θ(T ) DBDH

of attributes dened in the system, nmax be the bound on the size of the access

formula, kmax be the maximum number of times a single attribute will appear in a

particular formula. BK-CP-ABE method achieves signicantly better performance

than Waters [8], GJPS [27] method.

In Table 2 we show the number of operations in the respective groups for

each algorithm of the schemes as counted by the Charm benchmarking utility. The

group operations refer to the number of arithmetic operations in Z , G , G and G .

p 1 2 T

"`MNT 224"' elliptic curve group have been used to deploy the algorithm. Gop.

denotes the number of group operations and Exp. denotes the exponentiations in

Groups G , G , G . By comparing the BK-CP-ABE scheme with Water[8] method,

1 2 T

3.6 Applications

PHR Maintenance

Online personal health record (PHR) enables patients to manage their own

medical records in centralized way, which greatly facilitates the storage, access and

sharing of personal health data. With the emergence of cloud computing, it is

47

Table 2: Group Operation BenchMarks

BK-CPABE Z G G G Pairings

Gop Exp Gop Exp Gop Exp Gop EXp

p 1 2 T

Setup 0 0 0 0 0 1 0 1 1

KeyGen 1 9 5 8 0 5 0 0 0

Encrypt 12 12 3 2 0 5 1 1 0

Decrypt 3 5 0 0 0 0 5 2 5

Waters[8] Z G G G Pairings

Gop Exp Gop Exp Gop Exp Gop EXp

p 1 2 T

Setup 0 0 0 1 0 0 0 1 1

KeyGen 0 0 9 10 0 5 0 0 0

Encrypt 12 12 8 16 0 5 1 1 0

Decrypt 4 10 0 0 0 0 8 2 7

attractive for the PHR service providers to shift their PHR applications and storage

into the cloud, in order to enjoy the elastic resources and reduce the operational cost.

However, by storing PHRs in the cloud, the patients lose physical control to their

personal health data, which makes it necessary for each patient to encrypt their PHR

data before uploading to the cloud servers. BK-CP-ABE scheme is suitable to achieve

ne-grained access control to PHR data in scalable and ecient way.

Online Social Networks

users to nd other users with similar interests. To use these applications, users must

reveal personal information such as name, age, address, personal interests, sexuality

etc into the public domain. Groups of people sharing similar attributes and friends

are then automatically linked to each other. Currently, such systems provide only

48

weak privacy guarantees. It may lead to user's data to be readily mined and abused

by undesirable parties. BK- CP-ABE scheme is well suited to provide user controlled-

privacy, as users in these communities are already characterized by their attributes.

Broadcast Encryption

task for cryptographers. In Pay-TV systems, the receivers can frequently be arranged

according to some natural characteristics, or attributes. The Broadcaster might not

be interested in (or does not know) all the receivers which are able to access the

content, but merely wants to describe the authorized set of receivers in terms of some

descriptive attributes using a Boolean access policy and to eciently broadcast the

allowed receivers a session key encrypting the multimedia content. This situation is

eectively handled by BK-CP-ABE scheme.

3.7 Summary

We propose a new type of Ciphertext-Policy Attribute-Based Encryption

based on linear integer secret sharing scheme. This scheme is very expressive and

provably secure under the Decisional Bilinear Die-Hellman assumption.

49

- Week 1 Quiz _ CourseraTransféré parAdi
- rfc2947Transféré parNickyNET
- Security Review1Transféré paraksh_sat89
- Introduction to CryptographyTransféré parSharma Robin
- IJCIS 020402Transféré parijcisjournal
- CryptographyTransféré parvirus0623
- ScribdTransféré pareddd32e
- Achieving Secure, Scalable, And Fine-Grained Data Access Control in Cloud ComputingTransféré parJACK009#
- caiib_gbmmodc_nov08Transféré parluvnuts4u luvnuts
- Lj 3420632068Transféré parAnonymous 7VPPkWS8O
- INFOCOM10 SharingTransféré parsunny-gopani-9718
- CNS QBTransféré parAnish Kumar
- EncryptionTransféré parnarri_dagar2009
- [IJCST-V5I2P99]:T.RamaporkalaiTransféré parEighthSenseGroup
- Misbehaving UsersTransféré parranjithece1
- International Journal of Engineering Research and Development (IJERD)Transféré parIJERD
- Hash Based Four Level Image CryptographyTransféré parEditor IJRITCC
- RSA ProjectTransféré parFlorin Manole
- Modulo 13Transféré parreyisraelaguilar27
- 1 - 1 - Course Overview (11 Min)Transféré parJúlio Cesar Gomes
- CryptographyTransféré parArciniega Guillermo
- L_1370_0409_JCER_601Transféré parJayapal
- Good Morning EveryoneTransféré parUtkarsh Verma
- Rail Fence Cryptography in Securing InformationTransféré parAndysah Putra Utama Siahaan
- Lec24 SecurityTransféré parRobb Tapp
- Methods to Protect Cryptographic Keys on Safety-Critical SystemsTransféré parRafael De Oliveira Costa
- 24913796-RSA-Security’s-Official-Guide-to-Cryptography.pdfTransféré parkarlasdfg123
- B-5_Parsons HANDS-On LAB - WLAN Analysis With Wireshark & AirPcap ExercisesTransféré parsharmasunil6325
- project1.docxTransféré pardivya
- Secret SharingTransféré parlakshmivs23

- Document (1)Transféré parAkn Nanthan
- IndianBank_ITI_ApplicationFeeChallan.pdfTransféré parAkn Nanthan
- 12th-Bi-Botany-1-mark-in-tamil.pdfTransféré parAkn Nanthan
- 11 Chemistry Book Back One Word AnswerTransféré parvinoth
- 411HS1010Transféré parAkn Nanthan
- C program NotesTransféré parAkn Nanthan
- Scalable Content-Aware Collaborative FilteringTransféré parAkn Nanthan
- 09 Chapter 1Transféré parAkn Nanthan
- 10_chapter 2 (1)Transféré parAkn Nanthan
- Alfred, Lord Tennyson - Wikipedia, The Free EncyclopediaTransféré parAkn Nanthan
- 09 Chapter 1Transféré parAkn Nanthan
- 10 Chapter 2Transféré parAkn Nanthan
- 04 Chapter 1Transféré parAkn Nanthan
- Details of Light Properties2Transféré parAkn Nanthan
- Cluster HeadElectionusingFuzzyLogicforWirelessSensorNetworksTransféré parAkn Nanthan
- Manual for Preparation of Phd-Thesis-2018 (1)Transféré parAkn Nanthan
- An Ef Cient Ranked Multi-Keyword Search for Multiple Data Owners Over Encrypted Cloud DataTransféré parAkn Nanthan
- Chennai City Le Rayal MeridianTransféré parAkn Nanthan
- MG6088-Software Project ManagementTransféré parAkn Nanthan
- Cs 1358 Computer ArchitectureTransféré parAkn Nanthan
- bsc_accomodationTransféré parJhansi Lakshmi Namana
- Architectures for Peer-To-Peer Media Streaming in Large Scale SystemsTransféré parAkn Nanthan
- Priya_S_50713001Transféré parAkn Nanthan
- NS 2 Simulator for BeginnersTransféré parAkn Nanthan
- 1-s2.0-S1877705812008454-mainTransféré parAkn Nanthan
- www.rit.edu_~w-asc_documents_services_resources_handouts_DM - 6 Euclidean AlgorithmTransféré parAkn Nanthan
- AutoTransféré parAkn Nanthan

- Vshield 41 AdminTransféré parSrinivas Thota
- InformationSecuirty(Apr 09)Transféré parMukesh
- DigitalSignature_ForouzanTransféré parShubham Agrawal
- The impact of quantum technologies on the EU future policiesTransféré parLucas A.Q. Martins
- The RSATransféré parcharchit99
- A Course in Mathematical Cryptography - Walter de Gruyter (2015) - (de Gruyter Graduate) Gilbert Baumslag, Benjamin Fine, Martin Kreuzer, Gerhard RosenbergerTransféré parJessik Erin
- Documentatie MobilpayTransféré parMihai Isvoranu
- TCG 1 0 Architecture OverviewTransféré pargimmeno
- METI: Survey on Blockchain Technologies and Related ServicesTransféré parCoinDesk
- Identity-Based Broadcast Proxy Conditional Re-Encryption and Its Application to Cloud Email-IJAERDV04I0221157Transféré parEditor IJAERD
- PGPTransféré parMegha Gupta
- AWS HIPAA Compliance WhitepaperTransféré parBuddhiDeSilva
- managing MIS security controlTransféré parBsnu Shrestha
- Kumar DissTransféré parAntonio Cordova Ruiz
- Sg 245341Transféré parМартиСноуман
- Network Security Project ReportTransféré parVincy Mol
- A Review on Varioud Digital Image Encryption Techniques and Security CriteriaTransféré parAnurag Tiwari
- Report in EvidenceTransféré parRomulo Trajano Espalmado Jr.
- Final Project Risk SbiTransféré parSara Khan
- INFORMATION SECURITY QUESTION BANKTransféré parstiffleradam
- Dot Net in SamplesTransféré parvvr_9
- Audio StegaTransféré parEr Uttam Jain
- Network Security and CryptographyTransféré partj
- MPESA_SSL_Guide.pdfTransféré parkikwete
- Seminar ReportTransféré parvks413
- Cyber Law - It Act 2000Transféré parShishir Puthran
- Aplying RSA Algorithm to Generate Unique ID for Website ProtectionTransféré parBeulah Jennifer
- Data Hiding using EmoticonsTransféré parEditor IJRITCC
- Securing Ad-hoc Networks Using IpsecTransféré paraksssudhakar
- 7845i-entTransféré parFernanda Quezada

## Bien plus que des documents.

Découvrez tout ce que Scribd a à offrir, dont les livres et les livres audio des principaux éditeurs.

Annulez à tout moment.