Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.iaetsd.in
www.iaetsd.in
www.iaetsd.in
Fig. 1. Architecture
transmission in defense network
of
secure
data
III. PRELIMINARIES
Cryptographic Background
We first provide a formal definition for access
structure recapitulating the definitions in [12] and [13].
Then, we will briefly review the necessary facts about the
bilinear map and its security assumption.
1) Access Structure: Let {P1,P2,,Pn} be a set of
parties. A collection is a subset of 2{P1, P2,.., Pn} is
monotone. An access structure (respectively, monotone
access structure) is a collection (respectively, monotone
collection)
of
nonempty
subsets
of
{P1,P2,,Pn}.The sets in are called the authorized
sets, and the sets not in are called the unauthorized sets.
2) Bilinear Pairings: Let G0 and G1 be a multiplicative
www.iaetsd.in
www.iaetsd.in
V. ANALYSIS
In this section, we first analyze and compare the
efficiency of the proposed scheme to the previous multisway CP-ABE schemes in theoretical aspects. Then, the
efficiency of the proposed scheme is demonstrated in the
network simulation in terms of the communication cost.
We also discuss its efficiency when implemented with
specific parameters and compare these results to those
obtained by the other schemes.
A. Efficiency
The logic expressiveness of access structure that
can be defined under different disjoint sets of attributes
(managed by different sway), key escrow, and revocation
granularity of each CP-ABE scheme. Here the logic can
be very expressive as in the single sway system like
BSW[13] such that the access policy can be expressed
with any monotone access structure under attributes of
any chosen set of sway; while HV[9] and RC[4] schemes
only allow the AND gate among the sets of attributes
managed by different sway. The revocation can be done
in an immediate way as opposed to BSW. Therefore,
attributes of exploiters can be revoked at any time even
before the expiration time that might be set to the
attribute.
B. Simulation
In this simulation, we consider DTN applications
using the Internet protected by the attribute-based
encryption. Network Simulator NS2 is a primer providing
materials for NS2 beginners, whether students, professors,
or researchers for understanding the architecture of
Network Simulator 2 (NS2) and for incorporating
simulation modules into NS2. The authors discuss the
simulation architecture and the key components of NS2
including simulation-related objects, network objects,
packet-related objects, and helper objects.
The NS2 modules included within are nodes,
links, Simple link objects, packets, agents, and
applications. Further, the book covers three helper
modules: timers, random number generators, and error
models. Also included are chapters on summary of
debugging, variable and packet tracing, result
compilation, and examples for extending NS2. Two
appendices provide the details of scripting language Tcl,
OTcl and AWK, as well object oriented programming
used extensively in NS2.
www.iaetsd.in
VI. SECURITY
In this section, we prove the security of our
scheme with regard to the security requirements
A. Collusion Resistance
In CP-ABE, the secret sharing must be
embedded into the Cipher text instead to the private keys
of exploiters. Like the previous ABE schemes, the private
keys (SK) of exploiters are randomized with personalized
random values selected by the CA such that they cannot
be combined in this scheme.
Another collusion attack scenario is the collusion
between revoked exploiters in order to obtain the valid
attribute group keys for some attributes that they are not
authorized to have (e.g., due to revocation). The attribute
group key distribution protocol, which is a complete sub
tree method in the proposed scheme, is secure in terms of
the key indistinguishability. Thus, the colluding revoked
exploiters can by no means obtain any valid attribute
group keys for attributes that they are not authorized to
hold.
B. Data Confidentiality
In our trust model, the multiple key sway are no
longer fully trusted as well as the supply node even if they
are honest. Therefore, the plain data to be stored should
be kept secret from them as well as from unauthorized
exploiters. Data confidentiality on the stored data against
unauthorized exploiters can be trivially guaranteed. If the
set of attributes of an exploiter cannot satisfy the access
tree in the cipher text, he cannot recover the desired value
e (g, g)rs during the decryption process, where r is a
random value uniquely assigned to him.
Another attack on the stored data can be launched by
the supply node and the key sway. Since they cannot be
totally trusted, confidentiality for the stored data against
them is another essential security criteria for secure data
retrieval in DTNs. The local sway issue a set of attributes
keys for their managing attributes to an authenticated
exploiter, which are blinded by secret information that is
distributed to the exploiter from CA. They also issue the
exploiter a personalized, secret key by performing the
secure 2PC protocol with CA. The key generation
protocol discourages each party to obtain each others
master secret key and determine the secret key issued
from each other. Therefore, they could not have enough
information to determine the whole set of secret key of
the exploiter individually. Even if the supply node
manages the attribute group keys, it cannot decrypt any of
the nodes in the access tree in the cipher text. This is
because it is only authorized to re-encrypt the cipher text
with each attribute group key, but is not allowed to
decrypt it (that is, any of the key components of exploiters
are not given to the node). Therefore, data confidentiality
VII. CONCLUSION
DTN technologies are becoming successful
solutions in military applications that allow wireless
devices to communicate with each other and access the
confidential information reliably by exploiting external
supply nodes. CP-ABE is a scalable cryptographic
solution to the access control and secures data retrieval
issues. In this paper, we proposed an efficient and secure
data retrieval method using CP-ABE for decentralized
DTNs where multiple key sway manages their attributes
independently. The inherent key escrow problem is
resolved such that the confidentiality of the stored data is
guaranteed even under the hostile environment where key
sway might be compromised or not fully trusted. In
addition, the fine-grained key revocation can be done for
each attribute group. We demonstrate how to apply the
proposed mechanism to securely and efficiently manage
the confidential data distributed in the disruption-tolerant
defese network.
www.iaetsd.in
REFERENCES
[1] J. Burgess, B. Gallagher, D. Jensen, and B. N. Levine,
Maxprop: Routing for vehicle-based disruption tolerant
networks, 2006,
[2] M. Chuah and P. Yang, Node density-based adaptive
routing scheme for disruption tolerant networks, 2006,.
[3] M. M. B. Tariq, M. Ammar, and E. Zequra, Mesage
ferry route design for sparse ad hoc networks with mobile
nodes, in Proc. ACM MobiHoc, 2006,.
[4] S. Roy andM. Chuah, Secure data retrieval based on
ciphertext policy attribute-based encryption (CP-ABE)
system for the DTNs, Lehigh CSE Tech. Rep., 2009.
[5] M. Chuah and P. Yang, Performance evaluation of
content-based information retrieval schemes for DTNs,
2007
[6] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang,
and K. Fu, Plutus: Scalable secure file sharing on
untrusted storage, 2003
[7] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W.
Jonker, Mediated ciphertext-policy attribute-based
encryption and its application, 2009.
[8] N. Chen, M. Gerla, D. Huang, and X. Hong, Secure,
selective group broadcast in vehicular networks using
dynamic attribute based encryption, 2010
[9] D. Huang and M. Verma, ASPE: Attribute-based
secure policy enforcement in vehicular ad hoc networks,
2009
[10] A. Lewko and B. Waters, Decentralizing attributebased encryption, Cryptology ePrint Archive: Rep.
2010/351, 2010
[11] A. Sahai and B. Waters, Fuzzy identity-based
encryption, in Proc. Eurocrypt, 2005
[12] V. Goyal, O. Pandey, A. Sahai, and B. Waters,
Attribute-based encryption for fine-grained access
control of encrypted data,2006
[13] J. Bethencourt, A. Sahai, and B. Waters,
Ciphertext-policy attributebased encryption, 2007,
[14] R. Ostrovsky, A. Sahai, and B. Waters, Attributebased encryption with non-monotonic access structures,
2007.
[15] S. Yu, C. Wang, K. Ren, and W. Lou, Attribute
based data sharing with attribute revocation, 2010, pp.
[16] A. Boldyreva, V. Goyal, and V. Kumar, Identitybased encryption with efficient revocation2008,
[17] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters,
Secure attribute based systems, 2006