Professional Documents
Culture Documents
Retrieval
ABSTRACT
INTRODUCTION
Overview
Delay and Disruption Tolerant Networks (DTNs) are networks that aim to bring
low-cost best-effort connectivity to challenged environments with no or limited
infrastructures. Nodes in DTNs are often highly mobile and experieence intermittent
connectivity. DTNs can be deployed in developing countries and are poised to play a key
part in future space networks.
The key differences between DTN and other networks, e.g., Sensor Networks are:
The opportunistic nature of DTNs means messages that are delivered often
experience high delays. Delays can are typically on the order of minutes or hours,
but could potentially be days depending on the exact scenario.
In setting out to implement the DTN architecture, we first had to resolve some
fundamental questions in the architecture itself, and in the process, further its design and
specification. One of the more unusual aspects of the operating environments envisioned
for the DTN architecture is that the ability to communicate may come and go and that
sometimes the periods of connectivity may be known (or predicted) in advance. In
addition, communication may involve routing messages over one or more media,
possibly simultaneously. Although this degree of flexibility is important to an overall
network model that is expected to operate in difficult environments subject to disruption,
it presents significant implementation challenges. The challenges stem largely from the
fact that the DTN network model is not simply a graph, as in most present networking
systems, but instead is a time varying multigraph. There is at present little shared
experience in implementing networking systems involving graphs of this kind.
Message Confidentiality
The basic idea is for the source and destination users to use common affiliations
that known the public key, or existing shared secret, as interemediaries to securely route
messages.
We investigate schemes that enable secure routing for both intra and inter-region
routing. We give an informal security analysis and show, by simulation, the probablity of
message interception by colluding nodes in the honest-but-curious adversarial model.
Routing
Bundle protocols
Security
Addressing security issues has been a major focus of the bundle protocol.
Properties
Most cryptographic hash functions are designed to take a string of any length as
input and produce a fixed-length hash value.
These properties imply that a malicious adversary cannot replace or modify the
input data without changing its digest. Thus, if two strings have the same digest, one can
be very confident that they are identical.
Ideally, one may wish for even stronger conditions. It should be impossible for an
adversary to find two messages with substantially similar digests; or to infer any useful
information about the data, given only its digest. Therefore, a cryptographic hash
function should behave as much as possible like a random function while still being
deterministic and efficiently computable.
Checksum algorithms, such as CRC32 and other cyclic redundancy checks, are
designed to meet much weaker requirements, and are generally unsuitable as
cryptographic hash functions. For example, a CRC was used for message integrity in the
WEP encryption standard, but an attack was readily discovered which exploited the
linearity of the checksum.
Degree of difficulty
Illustration
Applications
MD5, SHA1, or SHA2 hashes are sometimes posted along with files on websites
or forums to allow verification of integrity.[3] This practice establishes a chain of trust so
long as the hashes are posted on a site authenticated by HTTPS.
Password verification
A message digest can also serve as a means of reliably identifying a file; several
source code management systems, including Git, Mercurial and Monotone, use the
sha1sum of various types of content (file content, directory trees, ancestry information,
etc.) to uniquely identify them. Hashes are used to identify files on peer-to-peer
filesharing networks. For example, in an ed2k link, an MD4-variant hash is combined
with the file size, providing sufficient information for locating file sources, downloading
the file and verifying its contents. Magnet links are another example. Such file hashes are
often the top hash of a hash list or a hash tree which allows for additional benefits.
One of the main applications of a hash function is to allow the fast look-up of a
data in a hash table. Being hash functions of a particular kind, cryptographic hash
functions lend themselves well to this application too.
There are several methods to use a block cipher to build a cryptographic hash
function, specifically a one-way compression function.
The methods resemble the block cipher modes of operation usually used for
encryption. All well-known hash functions, including MD4, MD5, SHA-1 and SHA-2 are
built from block-cipher-like components designed for the purpose, with feedback to
ensure that the resulting function is not invertible. SHA-3 finalists included functions
with block-cipher-like components (e.g., Skein, BLAKE) though the function finally
selected, Keccak, was built on a cryptographic sponge instead.
A standard block cipher such as AES can be used in place of these custom block
ciphers; that might be useful when an embedded system needs to implement both
encryption and hashing with minimal code size or hardware area. However, that approach
can have costs in efficiency and security. The ciphers in hash functions are built for
hashing: they use large keys and blocks, can efficiently change keys every block, and
have been designed and vetted for resistance to related-key attacks. General-purpose
ciphers tend to have different design goals. In particular, AES has key and block sizes
that make it nontrivial to use to generate long hash values; AES encryption becomes less
efficient when the key changes each block; and related-key attacks make it potentially
less secure for use in a hash function than for encryption.
Merkle–Damgård construction
The last block processed should also be unambiguously length padded; this is
crucial to the security of this construction. This construction is called the Merkle–
Damgård construction. Most widely used hash functions, including SHA-1 and MD5,
take this form.
There is a long list of cryptographic hash functions, although many have been
found to be vulnerable and should not be used. Even if a hash function has never been
broken, a successful attack against a weakened variant thereof may undermine the
experts' confidence and lead to its abandonment. For instance, in August 2004
weaknesses were found in a number of hash functions that were popular at the time,
including SHA-0, RIPEMD, and MD5. This has called into question the long-term
security of later algorithms which are derived from these hash functions — in particular,
SHA-1 (a strengthened version of SHA-0), RIPEMD-128, and RIPEMD-160 (both
strengthened versions of RIPEMD). Neither SHA-0 nor RIPEMD are widely used since
they were replaced by their strengthened versions. As of 2009, the two most commonly
used cryptographic hash functions are MD5 and SHA-1. However, MD5 has been
broken; an attack against it was used to break SSL in 2008.
The SHA-0 and SHA-1 hash functions were developed by the NSA. On 12 August
2004, a collision for the full SHA-0 algorithm was announced by Joux, Carribault,
Lemuet, and Jalby. This was done by using a generalization of the Chabaud and Joux
attack. Finding the collision had complexity 251 and took about 80,000 CPU hours on a
supercomputer with 256 Itanium 2 processors. (Equivalent to 13 days of full-time use of
the computer.
In February 2005, an attack on SHA-1 was reported that would find collision in
about 269 hashing operations, rather than the 280 expected for a 160-bit hash function. In
August 2005, another attack on SHA-1 was reported that would find collisions in 263
operations. Though theoretical weaknesses of SHA-1 exist, no collision (or near-
collision) has yet to be found. Nonetheless, it is often suggested that it may be practical to
break within years, and that new applications can avoid these problems by using later
members of the SHA family, such as SHA-2, or using techniques such as randomized
hashing[12][13] that do not require collision resistance.
1.2 NEED
1.3 OBJECTIVE
CHAPTER 2
LITERATURE SURVEY
Modern distributed information systems require flexible access control models which go beyond
discretionary, mandatory and role-based access control. Recently proposed models, such as
attribute-based access control, define access control policies based on different attributes of the
requester, environment, or the data object. On the other hand, the current trend of service-based
information systems and storage outsourcing require increased protection of data including
access control methods that are cryptographically enforced. The concept of Attribute-Based
Encryption(ABE) fulfills the aforementioned requirements. It provides an elegant way of
encrypting data such that the encryptor defines the attribute set that the decryptor needs to posses
in order to decrypt the cipher- text. Since Sahai and Waters proposed the basic ABE scheme,
several more advanced schemes have been developed, such as most notably Ciphertext-Policy
ABE schemes (CP-ABE). In these schemes, a ciphertext is associated with an access policy and
the user secret key is associated with a set of attributes. A secret key holder can decrypt the
ciphertext if the attributes associated with his secret key satisfy the access policy associated with
the ciphertext. For example, consider a situation when two organizations, a Hospital and a
University, conduct research in the Field of neurological disorders. The Hospital wants to allow
access to their research results to all stafe from the University who have the role Professor and
belong to the Department of Neurology (DN). To en- force the policy, the Hospital encrypts the
data according to the access policy Results =(University Professor ^ Member of DN). Only users
who have a secret key associated with a set of attributes ! =(University Professor, Member of
DN) can satisfy the access policy Results and be able to decrypt the ciphertext. The state-of-the-
art CP-ABE schemes provide limited support for revocation of attributes, a feature, which is
becoming increasingly important in modern access control systems. In general, attribute
revocation may happen due to the following reasons: 1) an attribute is not valid because it has
expired, for instance, the attribute "project manager-January 2009 " is valid until January 2009,
or 2) a user is misusing her secret key associated with a set of attributes, for instance, Alice
might give a copy of her secret key to Bob who is not a legitimate user. In particular, attribute
revocation is an important requirement in the domain of access control to personal health data,
which is our application Field for attribute- based encryption. In this paper, we propose a new
scheme for attribute revocation in CP-ABE called mediated Ciphertext-Policy Attribute-Based
Encryption (mCP-ABE). Previous CP-ABE systems proposed to use a system where at- tributes
are valid within a speciFIc time frame. However, the drawback of this approach is that there is
no way to revoke an attribute before the expiration date. In our scheme the secret key is divided
into two shares, one share for the mediator and the other for the user. To decrypt the data, the
user must contact the mediator to receive a decryption token. The mediator keeps an attribute
revocation list (ARL) and refuses to issue the decryption token for revoked at- tributes. Without
the token, the user cannot decrypt the ciphertext, therefore the attribute is implicitly revoked.
ADVANTAGES
Provide a scheme which would have a security proof under standard complexity assumptions
DISADVANTAGES
A secret key holder can decrypt the ciphertext if the attributes associated with the ciphertext
satisfy the access policy associated with the secret key.
N. Chen, M. Gerla, D. Huang, and X. Hong, Secure, selective group broadcast in vehicular
networks using dynamic attribute based encryption
Cautious landlords replace the house locks after tenants leave because they worry those tenants
might keep copies of the keys. The same concept applies to protecting confidential information.
Whenever a user leaves a communication group that has been exchanging and sharing
confidential information, the remaining group members will replace the key used to encrypt the
messages with a new one. However, given the high cost of key redistribution, this can impact
performance especially when the group is made of thousands of users and the group members are
likely to move in and out frequently. Sahai et al. recent Attribute Based Encryption (ABE)
scheme makes it possible to dynamically reassign group keys when requirements and conditions
change. To introduce the concept of ABE, consider the following example: There are often
several restrictions to redeem a coupon, say, California resident, UC or CSU students, plus AAA
or UHaul membership, etc.. One must show resident ID, student ID and AAA or UHaul ID etc.
to get the coupon. In the ABE context, the coupon is the object or information that we must
protect, and the IDs are so-called attributes. The secret message (the coupon) is encrypted with
an access control policy tree that contains the logical combination of the different attributes. The
policy tree for the above coupon example would be “CA resident AND (UC student OR CSU
student) AND (AAA membership OR UHaul member)”. Each qualified user can apply and
obtain a private key from certifying authority (Key Master). The key is associated with the
various qualifications (i.e., attributes) of the applicant. The users can decrypt only if the
attributes satisfy the policy tree. Attributes can be expanded to represent all kinds of pro erties
related to applicants, e.g., skin color, car brand, size, occupation and time window when these
properties are valid, etc.. A policy tree defines a target multicast group to which a secret must be
delivered - for example, a group key to be used for future communications. ABE saves the
trouble to issue a group key in advance to each foreseen multicast group (thus avoiding
combinatorial explosion). Or, conversely, it avoids the problem (and latency) of finding and
certifying all the qualified members on the spot whenever the need arises. ABE requires the
customers to pre-qualify (off line) for the attributes that may correspond to multicast groups they
will be asked to join. Thus, the work is done ahead of time; and, it does not require
combinatorial complexity. To prevent users holding certain attributes forever, ABE adds
expiration timers to revoke private keys. The problem with this revocation scheme is that the
entire private key expires after a period of time. It works well in some scenarios but significantly
reduce the performance in the applications such as Situation Aware Trust, proposed by Xiaoyan
Hong et al., where attributes tend to change frequently. In SAT, locations are also encoded into
attributes. Considering that the location attribute can be as specific as a street or a neighborhood,
a mobile user’s attribute is expected to change in a matter of less than one minute. Each time the
location attribute changes, the entire private key which may be associated with hundreds of
attributes must be changed. This is not efficient since the cost of generating new private key is
proportional to the number of attributes associated with that private key. If there are 100
attributes associated with a private key and even only one change, the authority must generate a
new private key with 100 attributes at considerable expense of CPU resources. In fact, the bigger
the key, the longer transmission time - not a welcome proposition in applications like vehicular
networks with short road-side unit and vehicle contacts. To save CPU resources, bandwidth and
time, we avoid updating those attributes that stay unchanged. To achieve this, we introduce in
this paper the concept of attribute fading function, making attributes “independent” and
“dynamic”. With fading function, an attribute associated with a private key has its own
expiration time. When an underlying property changes, the user requests a new attribute from the
authority to represent his new property and the out-of-date attribute expires after a certain period
of time. By this mean, a user can update partial attributes, rather than all of them, in one update.
Our simulation results show that this approach significantly reduces the overhead comparing
with traditional ABE especially when there are a number of “dynamic” attributes associated with
users’ private keys.
ADVANTAGES
It transforms trust from Internet social communities to VANET trust in order to enhance
and promote VANET applications.
Making key management in presence of dynamic attributes much more efficient and
scalable
DISADVANTAGES
Does not help much since updating is still in terms of (private) keys, instead of attributes
Does not need to check with Key Master anymore as long as the fading function is not
replaced, if he wants to reuse the same attribute later
Vehicular ad hoc networks (VANETs) are usually operated among vehicles moving at high
speeds, and thus their communication relations can be changed frequently. In such a highly
dynamic environment, establishing trust among vehicles is difficult. To solve this problem, we
propose a flexible, secure and decentralized attribute based secure key management framework
for VANETs. Our solution is based on attribute based encryption (ABE) to construct an attribute
based security policy enforcement (ASPE) framework. ASPE considers various road situations
as attributes. These attributes are used as encryption keys to secure the transmitted data. ASPE is
flexible in that it can dynamically change encryption keys depending on the VANET situations.
At the same time, ASPE naturally incorporates data access control policies on the transmitted
data. ASPE provides an integrated solution to involve data access control, key management,
security policy enforcement, and secure group formation in highly dynamic vehicular
communication environments. Our performance evaluations show that ASPE is efficient and it
can handle large amount of data encryption/decryption flows in VANETs. Attribute-based
encryption (ABE) is an expansion of public key encryption that allows users to encrypt and
decrypt messages based on user attributes. In a key-policy ABE (KP-ABE) system, an encrypted
message can be tagged with a set of attributes, such as tagging an email with the metadata. The
master authority for the system can issue private decryption keys to users including an access
policy, such as giving to Bob a decryption key that enables him to decrypt any ciphertexts. This
access control functionality can be very powerful, but also costly. In this work, we focus on the
cost of decryption. In many key-policy ABE systems, such as that of Goyal, Pandey, Sahai and
Waters (GPSW), the decryption algorithm requires one pairing for each attribute used during
decryption. (Encryption does not require any pairings, and is thus already fast by comparison.) It
seems conceivable that one might reduce the cost of decryption by making tradeos elsewhere.
One tradeo we allow ourselves in this work is to increase the private key size, although we
ideally want to limit any increase as much as possible. We do not, however, consider tradeo
s that increase the ciphertext size or that place any limitations on how the ABE system can be
used. That is, we focus on fast decryption for the most general setting possible an expressive,
large-universe system, where there are no bounds on, say, the number of attributes that can
appear in a ciphertext or private key. While good progress has been made on efficient ABE in
\bounded settings", as we discuss shortly, our focus is to develop techniques for improving
efficiency in the most general setting and for applications where it is infeasible to trade system-
wide usability for performance.
ADVANTAGES
A nice feature of this approach is that each user can tune their own performance based on
how they think they are likely to use their private key.
Achieving fast decryption
DISADVANTAGES
But this should be done with care or the decryption time will increase without reducing
the private key size
The average overhead incurred on future ciphertexts would be dependent on the overhead
from past ciphertexts, so one could try a random setting and then observe performance
Ciphertext Policy Attribute based Encryption (CP-ABE), similar with role-based access control
system, can be widely applied to realize access control in many applications including medical
systems and education systems. For example, the sensitive medical records, tightly related to
patients’ pri- vacy, must be accessed only if the users are authorized with patients’ consent;
solutions of exams in the education on- line system also should be only read by professors or
spec- ified teaching assistants. The CP-ABE scheme deals with those situations, by encrypting
the target information with expressive access policies, such as “Medicine” and
“Physician”,“Professor”or (“Computer Science”and“Teaching Assistant”). In fact, CP-ABE can
provide a perfect solution to an access control system by considering, efficient distributing,
expressive access control and data confidentiality. In the traditional CP-ABE scheme, once users
obtain the credentials from a system manager at the beginning of setup phase, the access ability
is always valid for those who may even break the confidential rules by abusing these private
information. Upon detecting those malicious adversaries, without any revocation mechanism
embedded, the system manager has to rebuild up the whole system. Therefore, revocation
mechanism should be designed into the system from the beginning rather than being added after
the other issues are addressed, as it requires careful planning on where functionality should be
placed and how to reduce the computational and communication costs. In this paper, we aim at
developing the CP-ABE scheme with efficient revocation. Designing a revocation mechanism
for CP-ABE is not a simple task while considering the following aspects: first, system manager
only associates user secret keys with different sets of attributes instead of individual
characteristics. The fuzzy identities therefore encumber the system’s revocation on one specified
user; second, users’ individuality are taken place by several common attributes, and thus
revocation on attributes or attribute sets cannot accurately exclude the users with misbehaviors;
third, the sys- tem must be secure against collusion attack from revoked users even though they
share some common attributes with non-revoked users. To consider the revocation problem in a
traditional CP- ABE scheme, limited choices are available. One is the revocation of a single
attribute, which is not in connection with users’ behaviors but more likely to be periodical update
of universal attribute set of the whole system. Another possible solution is to revoke one attribute
set corresponding to one specific set of users. In this way, all the users’ access abilities will be
revoked if they share the same attribute set with the malicious user, which is inappropriate in the
real application.
ADVANTAGES
DISADVANTAGES
However, the encryption and decryption algorithms are completed without the
involvement of these unique identifiers.
However, the periodical change of system public parameters introduces extra
computational and communication costs
M. Chase and S. S.M. Chow, Improving privacy and security inmultiauthority attribute-
based encryption
We often identify people by their attributes. In 2005, Sahai and Waters proposed a system
(described in more re- cent terminology as a key-policy attribute-based encryption (ABE) system
for threshold policies) in which a sender can encrypt a message specifying an attribute set and a
numberd , such that only a recipient with at least d of the given at- tributes can decrypt the
message. However, the deployment implications of their scheme may not be entirely realistic, in
that it assumes the existence of a single trusted party who monitors all attributes and issues all
decryption keys. Instead, we often have different entities responsible for monitoring different
attributes of a person, e.g. the Department of Motor Vehicles tests whether you can drive, a
university can certify that you are a student, etc. Thus, Chase gave a multi-authority ABE
scheme which supports many different authorities operating simultaneously, each handing out
secret keys for a different set of attributes. However, this solution was still not ideal. There are
two main problems: one concern of security of the encryption, the other the privacy of the users.
Since each authority is responsible for different attribute s, we want to allow them to issue
decryption keys independently, without having to communicate with one another. As argued, in
order to prevent collusion in such a set- ting, we need some consistent notion of identity.
(Otherwise, a user could easily obtain keys from one authority and then give them all to a
friend.) The solution in that work is to require that each user have a unique global identifier
(GID), which they must present to each authority (and to require that the user prove in some way
that he is the owner of the GID he presents). Unfortunately, the mere existence of GID makes it
very hard for the users to guarantee any kind of privacy. Because a user must present the same
GID to each authority, it is very easy for colluding authorities to pool their data and build a
“complete profile” of all of the attributes corresponding to each GID. However, this might be
undesirable, particularly if the user uses the ABE system in many different settings, and wishes
to keep information about some of those settings private. Regardless, as the attribute-authorities
(AAs) are responsible for managing each user’s attributes, it seems inevitable that they will learn
which subsets of its attributes are held by different users. However, we could imagine
applications where some of the authorities are different online service providers giving attributes
related to online activities like blog/wiki contributions, access to online news sites, participation
in social networking sites, or purchases at an online store. In this case, it would make sense for
the user to be able to maintain different, unlinkable attribute sets with each authority. At the
same time, it also makes sense for each AA to gather the statistics of their system usage (e.g. the
number of users subscribed a particular service as indicated by the number of users who
requested a decryption key for a certain attribute) without compromising individual’s privacy.
ADVANTAGES
The scheme allows the encryptor to encrypt a message according to an access policy over
a set of attributes
The mCP-ABE scheme can also support the offline use of data
DISADVANTAGES
The data is encrypted according to an access policy, and the policy moves with the
encrypted data.
Thus, even if the server which stores health records gets compromised, the confidentiality
of the data is preserved since the data is encrypted, and the attacker cannot decrypt the
encrypted data without having a secret key
CHAPTER 3
SYSTEM DESCRIPTION
EXISTING SYSTEM
DISADVANTAGES
Mobile nodes in military environments such as a battlefield or a hostile region are likely to suffer
from intermittent network connectivity and frequent partitions. Disruption-tolerant network
(DTN) technologies are becoming successful solutions that allow wireless devices carried by
soldiers to communicate with each other and access the confidential information or command
reliably by exploiting external storage nodes. Some of the most challenging issues in this
scenario are the enforcement of authorization policies and the policies update for secure data
retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic
solution to the access control issues. However, the problem of applying CP-ABE in decentralized
DTNs introduces several security and privacy challenges with regard to the attribute revocation,
key escrow, and coordination of attributes issued from different authorities. In this paper, we
propose a secure data retrieval scheme using CP-ABE for decentralized DTNs where multiple
key authorities manage their attributes independently. We demonstrate how to apply the
proposed mechanism too securely and efficiently manage the confidential data distributed in the
disruption-tolerant military network.
ADVANTAGES
Different users are allowed to decrypt different pieces of data per the security policy
The proposed mechanism to securely and efficiently manage the confidential data
distributed in the disruption-tolerant military network
SYSTEM SPECIFICATION
Hardware specification
This section describes the hardware components with which the tool was developed and the
minimum hardware configuration with which the system operates best.
o RAM : 2GB
Software specification
This section describes the software in which the application was developed and using the same
software would make it more compatible.
o Language : Java
Software Details
JAVA:
Java is a set of several computer software products and specifications from Oracle Corporation
that provides a system for developing application software and deploying it in a cross platform
computing environment. Java is used in a wide variety of computing platforms from embedded
devices and mobile phones on the low end, to enterprise servers and supercomputers on the high
end. While less common, Java applets are sometimes used to provide improved and secure
functions while browsing the World Wide Web on desktop computers.
Writing in the Java programming language is the primary way to produce code that will be
deployed as Java byte code. There are, however, byte code compilers available for other
languages such as Ada, JavaScript, Python, and Ruby. Several new languages have been
designed to run natively on the Java Virtual Machine (JVM), such as Scala, Clojure and Groovy.
Java syntax borrows heavily from C and C++, but object oriented features are modeled after
Smalltalk and Objective C. Java eliminates certain low level constructs such as pointers and has
a very simple memory model where every object is allocated on the heap and all variables of
object types are references. Memory management is handled through integrated automatic
garbage collection performed by the JVM.
The Java platform has become a mainstay of enterprise IT development since the introduction of
the Enterprise Edition in 1998, in two different ways:
Through the coupling of Java to the web server, the Java platform has become a leading platform
for integrating the Web with enterprise backend systems. This has allowed companies to move
part or all of their business to the Internet environment by way of highly interactive online
environments (such as highly dynamic websites) that allow the customer direct access to the
business processes (e.g. online banking websites, airline booking systems and so on). This trend
has continued from its initial Web based start:
The Java platform has matured into an Enterprise Integration role in which legacy systems are
unlocked to the outside world through bridges built on the Java platform. This trend has been
supported for Java platform support for EAI standards like messaging and Web services and has
fueled the inclusion of the Java platform as a development basis in such standards as SCA, XAM
and others.
Java has become the standard development platform for many companies' IT departments, which
do most or all of their corporate development in Java. This type of development is usually related
to company specific tooling (e.g. a booking tool for an airline) and the choice for the Java
platform is often driven by a desire to leverage the existing Java infrastructure to build highly
intelligent and interconnected tools.
The Java platform has become the main development platform for many software tools and
platforms that are produced by third party software groups (commercial, open source and hybrid)
and are used as configurable (rather than programmable) tools by companies. Examples in this
category include Web servers, application servers, databases, enterprise service buses, business
process management (BPM) tools and content management systems.
Enterprise use of Java has also long been the main driver of open source interest in the platform.
This interest has inspired open source communities to produce a large amount of software,
including simple function libraries, development frameworks (e.g. the Spring Framework,
Apache Wicket, Dojo Toolkit, Hibernate), and open source implementations of standards and
tools (e.g. Apache Tomcat, the GlassFish application server, the Mule and Apache ServiceMix
Enterprise service buses).
METHODOLOGY
The concept of ABE was introduced along with another cryptography called fuzzy identity
based encryption (FIBE) by Sahai and Waters. Both schemes are based on bilinear maps
(pairing). In ABE system, users’ private keys and ciphertext are labelled with sets of descriptive
attributes and access policies respectively, a nd a particular key can decrypt a particular
ciphertext only if associated attributes and policy are matched.
The key policy attribute based encryption (KP - ABE) was first introduced in 2006 by
Goyal et al. In this cryptography system, ciphertext are labelled with sets of attributes.
Private keys, on the other hand, are associated with access structures A. A private key can
only decrypt a ciphertext whose attributes set is authorized set of the private key’s access
structure. KP - ABE is a cryptography system built upon bilinear map and L inear Secret
Sharing Schemes .
In a multi authority ABE system, we have many attribute authorities, and many users. There are
also a set o f system wide public parameters available to everyone (either created by a
distributed protocol between the authorities). A user can choose to go to an attribute
authority, prove that it is entitled to some of the attributes handled by that authority, and
request the corresponding decryption keys. The authority will run the attribute key generation
algorithm, and return the result to the user. Any party can also choose to encrypt a message, in
which case he uses the public parameters together with an attribute set of his choice to form
the ciphertext. Any user who has decryption keys corresponding to an appropriate attribute
set can use them for decryption.
CP-ABE
uniquely assigned to nodes in the access structure for a given key in an arbitrary
manner.
2) Satisfying an Access Tree: LetT x be the subtree of T rooted at the node x . If a set
of attributes satisfies the access tree T x ,we denote it as T x ( γ )=1,. We compute
recursively as follows. If is a nonleaf node, evaluate for all children of node x .T x ( γ )
returns 1 iff at least children return 1. If is a leaf node, then returns 1 iff .
1) System Setup: At the initial system setup phase, the trusted initializer chooses a
bilinear group of prime order with generator according to the security parameter. It
also chooses hash functions from a family of universal one-way hash functions.
The public parameter param is given by ( G0 , g , H ). For brevity, the public parameter
param is omitted below. Central Key Authority: chooses a randomexponent. It sets
h=g β. The master public/private key pair is given by( G0 , g , H ). Local Key
Authorities: Each chooses a random exponent α i ∈R Z p. The master public/private
¿
When a user comes to hold or drop an attribute, the corresponding key should be
updated to prevent the user from accessing the previous or subsequent encrypted
data for backward or forward secrecy, respectively. The key update procedure is
launched by sending a join or leave request for some attribute group from a user
who wants to hold or drop the attribute to the corresponding authority. On receipt
of the membership change request for some attribute groups, it notifies the storage
node of the event. Without loss of generality, suppose there is any membership
change in (e.g., a user comes to hold or drop an attribute at some time instance).
CHPTER 4
SYSTEM IMPLEMENTATION
LIST OF MODULES
1 Network Architecture
2 Scheme Construction
3 Revocation
4 Key Update
5 Performance Comparison
MODULE DESCRIPTION
Network Architecture
Since the key authorities are semi-trusted, they should be deterred from accessing plaintext of the
data in the storage node; meanwhile, they should be still able to issue secret keys to users. In
order to realize this somewhat contradictory requirement, the central authority and the local
authorities engage in the arithmetic 2PC protocol with master secret keys of their own and issue
independent key components to users during the key is- suing phase. The 2PC protocol prevents
them from knowing each other’s master secrets so that none of them can generate the whole set
of secret keys of users individually. Thus, we take an assumption that the central authority does
not collude with the local authorities (otherwise, they can guess the secret keys of every user by
sharing their master secrets).
Scheme Construction
In proposes a novel hand shaking mechanism based clustering scheme. a novel concept called
‘bypass nodes’ is introduced to identify the appropriate cluster head in the clusters. The
clustering scheme helps to execute the EC2 approach in a distributed fashion so as to make the
approach more scalable in performance.
In CP-ABE, user secret key components consist of a single personalized key and multiple
attribute keys. The personalized key is uniquely determined for each user to prevent collusion
attack among users with different attributes. The proposed key generation protocol is composed
of the personal key generation followed by the attribute key generation protocols. It exploits
arithmetic secure 2PC protocol to eliminate the key escrow problem such that none of the
authorities can determine the whole key components of users individually. Personal Key
Generation: The central authority and each local authority are involved in the following
protocol. When a sender wants to deliver its confidential data, hedefines the tree access structure
over the universe of attributes, encrypts the data under to enforce attribute-based access control
on the data, and stores it into the storage node. Then a user receives the ciphertext from the
storage node, the user decrypts the ciphertext with its secret key. The algorithm performs in a
recursive way. We first define a recursive algorithm that takes as inputs a ciphertext , a private
key , which is associated with a set of attributes, and a node from the tree.
Revocation
We observed that it is impossible to revoke specific attribute keys of a user without rekeying the
whole set of key components of the user in ABE key structure since the whole key set of a user is
bound with the same random value in order to prevent any collusion attack. Therefore, revoking
a single attribute in the system requires all users who share the attribute to update all their key
components even if the other attributes of them are still valid. This seems very inefficient and
may cause severe overhead in terms of the computation and communication cost, especially in
large-scaled DTNs.
Key Update
The EC2 approach is divided into two sub-phases-the initialization phase and the activation
phase. The main objective of the initialization sub-phase is to identify efficient α-barrier disjoint
paths in the network. The objective of the activation sub-phase is to schedule an energy efficient
α-barrier in each distinct time slot. On receipt of the membership change request for some
attribute groups, it notices the storage node of the event. Without loss of generality, suppose
there is any membership change in (e.g., a user comes to hold or drop an attribute at some time
instance). The key update procedure is launched by sending a join or leave request for some
attribute group from a user who wants to hold or drop the attribute to the corresponding
authority.
Performance Comparison
First analyze and compare the efficiency of the proposed scheme to the previous multiauthority
CP-ABE schemes in theoretical aspects. Then, the efficiency of theproposed scheme is
demonstrated in the network simulation in terms of the communication cost. We also discuss its
efficiency when implemented with specific parameters and compare these results to those
obtained by the other schemes.
CHAPTER 5
Both simulated and real data experiments are carried out to test the performance of the proposed
defocus blur estimation framework. In the local probability estimation step, we use square
windows with side lengthN=41. Our default noise setting isσ 2n=10− 4. The coherent blur maps
choose the blur radius r from the set{ 0 , 0.1 , 0.2, ... ,7.9 , 8 }. Our default parameter settings for the
coherent blur labeling are λ 0=20 and σ λ =0.1 (for intensities in the range [0, 1]). The settings for
the binary foreground/background segmentation problem are τ =2 , λ0=1000 andσ λ =0.04 .
Unless otherwise noted, the default parameter values are used. As can be seen in the results, the
default settings work well for nearly all the test images shown in this section. In fact, the only
parameter we varied in these experiments is the noise varianceσ 2n. In a few of the examples
SCREEN SHOTS
CHAPTER 6
CONCLUSION
DTN technologies are becoming successful solutions in military applications that allow wireless
devices to communicate with each other and access the confidential information reliably by
exploiting external storage nodes. CP-ABE is a scalable cryptographic solution to the access
control and secure data retrieval issues. In this paper, we proposed an efficient and secure data
retrieval method using CP-ABE for decentralized DTNs where multiple key authorities manage
their attributes independently. The inherent key escrow problem is resolved such that the
confidentiality of the stored data is guaranteed even under the hostile environment where key
authorities might be com- promised or not fully trusted. In addition, the fine-grained key
revocation can be done for each attribute group. We demonstrate how to apply the proposed
mechanism to securely and efficiently manage the confidential data distributed in the disruption-
tolerant military network.
FUTURE WORK
Future research will also focus TBSSM that uses a unique stack based process model which
gives security add-ons to the existing methods. It provides the end user security through attribute
based encryption (ABE) by which we can pass the file & user attributes as a key during
encryption. It will also calculate the trust value of each user before providing any access to any
type of data.
REFERENCES
[1] J. Burgess, B. Gallagher, D. Jensen, and B. N. Levine, “Maxprop: Routing for vehicle-based
disruption tolerant networks,” in Proc. IEEE INFOCOM, 2006, pp. 1–11.
[2] M. Chuah and P. Yang, “Node density-based adaptive routing scheme for disruption tolerant
networks,” in Proc. IEEE MILCOM, 2006, pp. 1–6.
[3] M.M.B.Tariq,M.Ammar,andE.Zequra,“Mesage ferry route de- sign for sparse ad hoc
networks with mobile nodes,” in Proc. ACM MobiHoc, 2006, pp. 37–48.
[4] S. Roy andM. Chuah, “Secure data retrieval based on ciphertext policy attribute-based
ncryption (CP-ABE) system for the DTNs,” Lehigh CSE Tech. Rep., 2009.
[5] M. Chuah and P. Yang, “Performance evaluation of content-basedinformation retrieval
schemes for DTNs,” in Proc. IEEE MILCOM,2007, pp. 1–7.
[6] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu,“Plutus: Scalable secure file
sharing on untrusted storage,” in Proc.Conf. File Storage Technol., 2003, pp. 29–42.
[7] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Mediated ciphertext-policy
attribute-based encryption and its application,” n Proc. WISA, 2009, LNCS 5932, pp. 309–
323.
[8] N. Chen, M. Gerla, D. Huang, and X. Hong, “Secure, selective group broadcast in vehicular
networks using dynamic attribute based encryption,” in Proc. Ad Hoc Netw. Workshop,
2010, pp. 1–8.
[9] D.HuangandM.Verma,“ASPE:Attribute-based secure policy enforcement in vehicular ad
hoc networks,” Ad Hoc Netw., vol. 7, no. 8,pp. 1526–1535, 2009.
[10] A. Lewko and B. Waters, “Decentralizing attribute-based encryption,” Cryptology ePrint
Archive: Rep. 2010/351, 2010.
[11] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Proc.Eurocrypt, 2005, pp.
457–473.
[12] V.Goyal,O.Pandey,A.Sahai,andB. Waters, “Attribute-based en-cryption for fine-grained
access control of encrypted data,” in Proc.ACM Conf. Comput. Commun. Security, 2006,
pp. 89–98.
[13] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in
Proc. IEEE Symp. Security Privacy, 2007, pp.321–334.
[14] R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic
access structures,” in Proc. ACM Conf. Comput. Commun. Security, 2007, pp. 195–203.
[15] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute
revocation,” in Proc. ASIACCS, 2010, pp. 261–270.
[16] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient
revocation,” in Proc. ACM Conf. Comput. Commun. Security, 2008, pp. 417–426.
[17] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, “Secure attribute based systems,” in
Proc. ACMConf. Comput. Commun. Security, 2006,pp. 99–112.
[18] S. Rafaeli and D. Hutchison, “A survey of key management for securegroup
communication,” Comput. Surv., vol. 35, no. 3, pp. 309–329,2003.
[19] S. Mittra, “Iolus: A framework for scalable secure multicasting,” inProc. ACM
SIGCOMM, 1997, pp. 277–288.
[20] P. Golle, J. Staddon, M. Gagne, and P. Rasmussen, “A content-drivenaccess control
system,” in Proc. Symp. Identity Trust Internet, 2008,pp. 26–35.
[21] L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,”in Proc. ACM Conf.
Comput. Commun. Security, 2007, pp. 456–465.
[22] V.Goyal,A. Jain,O. Pandey, andA. Sahai, “Bounded ciphertext policyattribute-based
encryption,” in Proc. ICALP, 2008, pp. 579–591.
[23] X. Liang, Z. Cao, H. Lin, and D. Xing, “Provably secure and efficientbounded ciphertext
policy attribute based encryption,” in Proc. ASI-ACCS, 2009, pp. 343–352.
[24] M. Chase and S. S.M. Chow, “Improving privacy and security inmultiauthority attribute-
based encryption,” in Proc. ACM Conf. Comput.Commun. Security, 2009, pp. 121–130.
[25] M. Chase, “Multi-authority attribute based encryption,” in Proc. TCC, 2007, LNCS 4329,
pp. 515–534.