- Open Access
- Total Downloads : 17
- Authors : M. Sathya
- Paper ID : IJERTCONV3IS16016
- Volume & Issue : TITCON – 2015 (Volume 3 – Issue 16)
- Published (First Online): 30-07-2018
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
Attribute Based Secure Policy Encryption in Adhoc Networks
SRS College of Engineering and technology
Abstract:- Mobile nodes in military environments such as battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions. Disruption-tolerant network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution to the access control issues. However, the problem of applying CP-ABE in decentralized DTNs introduces several security and privacy challenges with regard to the attribute revocation, key escrow, and coordination of attributes issued from different authorities. In this paper, propose a secure data retrieval scheme using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently. Demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network.
Index Terms:- Access control, attribute-based encryption(ABE), disruption-tolerant network (DTN), multi authority, secure
In many military network scenarios, connections of wireless devices carried by soldiers may be temporarily disconnected by jamming, environmental factors, and mobility, especially when they operate in hostile environments. Disruption- tolerant network (DTN) technologies are becoming successful solutions that allow nodes to communicate with each other in these extreme networking environments. Typically, when there is no end-to-end connection between a source and a destination pair, the messages from the source node may need to wait in the intermediate nodes for a substantial amount of time until the connection would be eventually established.
The concept of attribute-based encryption (ABE) is a promising approach that fulfills the requirements for secure data retrieval in DTNs. ABE features a mechanism that enables an access control over encrypted data using access policies and ascribed attributes among private keys and ciphertexts. Especially, ciphertext-policy ABE (CP- ABE) provides a scalable way of encrypting data such that the encryptor defines the attribute set that the decryptor needs to possess in order to decrypt the ciphertext . Thus, different users are allowed to decrypt different pieces of data per the security policy.
However, the problem of applying the ABE to DTNs introduces
several security and privacy challenges. Since some users may change their associated attributes at some point, or some private keys might be compromised, key revocation (or update) for each attribute is necessary in order to make systems secure. However, this issue is even more difficult, especially in ABE systems, since each attribute is conceivably shared by multiple users.
In a multiauthority CP-ABE scheme for secure data retrieval in decentralized DTNs. Each local authority issues partial personalized and attribute key components to a user by performing secure 2PC protocol with the central authority. Each attribute key of a user can be updated individually and immediately. Thus, the scalability and security can be enhanced in the proposed scheme. The subsequent CP-ABE schemes are mostly motivated by more rigorous security proof in the standard model. However, most of the schemes failed to achieve the expressiveness of the scheme, which described an efficient system that was expressive in that it allowed an encryptor to express an access predicate in terms of any monotonic formula over attributes.
In this paper, propose an attribute-based secure data retrieval scheme using CP-ABE for decentralized DTNs. The proposed scheme features the following achievements. First, immediate attribute revocation enhances backward/forward secrecy of confidential data by reducing the windows of vulnerability. Second, encryptors can define a fine-grained access policy using any monotone access structure under attributes issued from any chosen set of authorities. Third, the key escrow problem is resolved by an escrow-free key issuing protocol that exploits the characteristic of the decentralized DTN architecture. The key issuing protocol generates and issues user secret keys by performing a secure two-party computation (2PC) protocol among the key authorities with their own master secrets. The 2PC protocol deters the key authorities from obtaining any master secret information of each other such that none of them could generate the whole set of user keys alone. Thus, users are not required to fully trust the authorities in order to protect their data to be shared. The data confidentiality and privacy can be cryptographically enforced against any curious key authorities or data storage nodes in the proposed scheme.
Shamir Key Distribution Algorithm
In the data retrieval phase, user A requests to retrieve a message from storage servers.
Public Key Cryptography
Public key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely.
Ciphertext Policy Abe Algorithm
CPABE provides a scalable way of encrypting data.
DTN technologies are becoming successful solutions in military
applications that allow wireless devices to communicate with each other and access the confidential information reliably by exploiting external storage nodes. CP-ABE is a scalable cryptographic solution to the access control and secure data retrieval issues. In this paper, we proposed an efficient and secure data retrieval method using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently. The inherent key escrow problem is resolved such that the confidentiality of the stored data is guaranteed even under
the hostile environment where key authorities might be compromised
or not fully trusted. In addition, the fine-grained key revocation can be done for each attribute group. Demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption- tolerant military network.Erasure code is a compressed format of transferred data & the size of the data is reduced by converting the data as erasure code.
J. Burgess, B. Gallagher, D. Jensen, and B. N. Levine, Maxprop: Routing for vehicle-based disruption tolerant networks, in Proc. IEEE INFOCOM, 2006, pp. 111.
M. Chuah and P. Yang, Node density-based adaptive routing scheme for disruption tolerant networks, in Proc. IEEE MILCOM, 2006, pp.1 6.
M. M. B. Tariq, M. Ammar, and E. Zequra, Mesage ferry route design for sparse ad hoc networks with mobile nodes, in Proc. ACM MobiHoc, 2006, pp. 3748.
S. Roy andM. Chuah, Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs, Lehigh CSE Tech. Rep., 2009.
M. Chuah and P. Yang, Performance evaluation of content-based information retrieval schemes for DTNs, in Proc. IEEE MILCOM, 2007, pp. 17.
M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus: Scalable ecure file sharing on untrusted storage, in Proc. Conf. File Storage Technol., 2003, pp. 2942.
L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, Mediated ciphertext-policy attribute-based encryption and its application, in Proc. WISA, 2009, LNCS 5932, pp. 309323.
N. Chen, M. Gerla, D. Huang, and X. Hong, Secure, selective group broadcast in vehicular networks using dynamic attribute based encryption,in Proc. Ad Hoc Netw. Workshop, 2010, pp. 18.
D. Huang and M. Verma, ASPE: Attribute-based secure policy enforcement in vehicular ad hoc networks, Ad Hoc Netw., vol. 7, no. 8, pp. 15261535, 2009.
A. Lewko and B. Waters, Decentralizing attribute-based encryption, Cryptology ePrint Archive: Rep. 2010/351, 2010.
A. Sahai and B. Waters, Fuzzy identity-based encryption, in
Proc.Eurocrypt, 2005, pp. 457473.
V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proc. ACM Conf. Comput. Commun. Security, 2006, pp. 8998.
J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attributebased encryption, in Proc. IEEE Symp. Security Privacy, 2007, pp.321334.
R. Ostrovsky, A. Sahai, and B. Waters, Attribute-based encryption with non-monotonic access structures, in Proc. ACM Conf. Comput. Commun. Security, 2007, pp. 195203.
S. Yu, C. Wang, K. Ren, and W. Lou, Attribute based data sharing with attribute revocation, in Proc. ASIACCS, 2010, pp. 261270.
A. Boldyreva, V. Goyal, and V. Kumar, Identity-based encryption with efficient revocation, in Proc. ACM Conf. Comput. Commun. Security,2008, pp. 417426.
M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, Secure attributebased systems, in Proc. ACMConf. Comput. Commun. Security, 2006,pp. 99112.
S. Rafaeli and D. Hutchison, A survey of key management for secure group communication, Comput. Surv., vol. 35, no. 3, pp. 309 329,2003.
S. Mittra, Iolus: A framework for scalable secure multicasting, in
Proc. ACM SIGCOMM, 1997, pp. 277288.
P. Golle, J. Staddon, M. Gagne, and P. Rasmussen, A content-driven access control system, in Proc. Symp. Identity Trust Internet, 2008,pp. 2635.
L. Cheung and C. Newport, Provably secure ciphertext policy ABE, in Proc. ACM Conf. Comput. Commun. Security, 2007, pp. 456465.
V.Goyal, A. Jain,O. Pandey, andA. Sahai, Bounded ciphertext policy attribute-based encryption, in Proc. ICALP, 2008, pp. 579591.
X. Liang, Z. Cao, H. Lin, and D. Xing, Provably secure and efficient bounded ciphertext policy attribute based encryption, in Proc. ASIACCS, 2009, pp. 343352.
M. Chase and S. S. M. Chow, Improving privacy and security inmultiauthority attribute-based encryption, in Proc. ACM Conf. Comput.Commun. Security, 2009, pp. 121130.
M. Chase, Multi-authority attribute based encryption, in Proc. TCC, 2007, LNCS 4329, pp. 515534.
S. S.M. Chow, Removing escrow from identity-based encryption, in
Proc. PKC, 2009, LNCS 5443, pp. 256276.
M. Belenkiy, M. Chase, M. Kohlweiss, and A. Lysyanskaya, P- signatures and noninteractive anonymous credentials, in Proc. TCC, 2008, LNCS 4948, pp. 356374.
M.Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss,A.Hysyanskaya, and H. Shacham, Randomizable proofs and delegatable anonymous credentials, in Proc. Crypto, LNCS 5677, pp. 108125.
D. Naor, M. Naor, and J. Lotspiech, Revocation and tracing schemes for stateless receivers, in Proc. CRYPTO, 2001, LNCS 2139, pp.41 62.
C. K.Wong,M. Gouda, and S. S. Lam, Secure group communications using key graphs, in Proc. ACM SIGCOMM, 1998, pp. 6879.
A. T. Sherman and D. A. McGrew, Key establishment in large dynamic groups using one-way function trees, IEEE Trans. Softw. Eng., vol. 29, no. 5, pp. 444458, May 2003.
K. C. Almeroth and M. H. Ammar, Multicast group behavior in the Internets multicast backbone (MBone), IEEE Commun. Mag., vol. 35, no. 6, pp. 124129, Jun. 1997