Proceedings of International Conference on Advancements in Engineering and Technology
www.iaetsd.in
A FRAMEWORK FOR SECURE DATA TRANSMISSION IN DEFENSE NETWORK Dhivya.G1, Rajeswari.G2 1
Student: Sree Sowdambika College Of Engineering, Anna University Guide: Sree Sowdambika College Of Engineering, Anna University 1 divya.jillu3@gmail.com 2 prajasri10@gmail.com until the connection would be eventually established.DTN ABSTRACT— In many defense network, introduced supply nodes where data are stored or connections of wireless devices carried by soldiers may replicated such that only authorized mobile nodes can be temporarily disconnected by jamming, access the necessary information quickly and efficiently. environmental factors, and mobility, especially when Many military applications require increased protection of they operate in hostile environments. Disruptionconfidential data including access control methods that tolerant network (DTN) technologies are becoming are cryptographically enforced. In many cases, it is successful solutions that allow nodes to communicate desirable to provide differentiated access services such with each other in these extreme networking that data access policies are defined over exploiter environments.DTN networks introduced supply nodes attributes or roles, which are managed by the key sway. where data are stored or replicated such that only For example, in a disruption-tolerant military network, a authorized mobile nodes can access the necessary commander may store confidential information at a information quickly and efficiently. In this proposed supply node, which should be entered by the subscriber of system, cipher-text policy attribute based encryption “Corps 1” who is participating in “Region 2.” In this case, (CP-ABE) provides a scalable method of cipher data, it is a reasonable assumption that multiple key sway are such that the encryptor defines the attributes set that likely to manage their own dynamic attributes for soldiers the decryptor needs to possess in order to decrypt the in their deployed regions or echelons, which could be encoded text. This paper provides how the data are frequently changed (e.g., the attribute representing the transmitted in a very safety manner. current location of moving soldiers). We refer to this Keywords— wireless devices, communication, DTN architecture where multiple sway issue and manage authorized mobile nodes, attribute set their own attribute keys independently as a decentralized DTN.[10] I. INTRODUCTION Attribute based encryption [11]-[14] is a vision A disruption-tolerant network (DTN) is a of public key encryption that allows exploiters to encrypt network designed so that temporary or intermittent and decrypt messages based on exploiter attributes (e.g., transmission troubles, flaws and abnormalities have the the attribute representing the current location of moving least possible opposite crash. There are various features to soldiers)[4],[8],[9]. In a typical execution, the length of the strong scheme of a DTN, incorporating: 1. The use of the encrypted text is proportional to the number of fault-tolerant methods and technologies. 2. The quality of attributes associated with it and the decryption time is graceful degradation under adverse conditions or extreme proportional to the number of attributes used during traffic loads. 3. The ability to prevent or quickly recover decryption. from electronic attacks. 4. Ability to function with However, the problem of applying the ABE to minimal latency even when routes are ill-defined or DTNs introduces several security and secrecy challenges. unreliable. Since some exploiters may change their associated Mobile nodes in defense environs, such as a attributes at some point (for example, motion in their combat zone or a vicious area are likely to suffer from area), or some unique keys might be compromised, key intermittent network connectivity and frequent partitions. revocation (or update) for each attribute is necessary in Disruption-tolerant network (DTN) technologies are order to make systems secure. However, this issue is even becoming successful solutions that allow wireless devices additional inconvenient, especially in ABE systems, since carried by soldiers to communicate with each other and each trait is conceivably shared by multiple exploiters access the confidential information or command reliably (henceforth, we refer to such a collection of exploiters as by exploiting external supply nodes. Typically, when a trait group). This points that revocation of any attributes there is no end-to-end connection between a source and a or any single exploiter in a trait group would affect the target pair, the data from the origin node may need to wait other exploiters in the group. For example, if an exploiter in the intermediate nodes for a substantial amount of time 2
ISBN NO : 978 - 1502893314
International Association of Engineering and Technology for Skill Development 34
Proceedings of International Conference on Advancements in Engineering and Technology
joins or leaves a trait group, the associated attribute key should be changed and redistributed to all the other members in the same group for backward or forward secrecy. It may result in neck of a bottle during rekeying procedure or safety ignominy due to the windows of vulnerability if the previous attribute key is not updated immediately. Another challenge is the key escrow problem. In CP-ABE, the key authorization generates private keys of exploiters by applying the sway’s master secret keys to exploiters’ associated set of traits. The last challenge is the coordination of attributes issued by different sway. For example, suppose that traits “role 1” and “region 1” are managed by the sway A, and “role 2” and “region 2” are managed by the sway B. Then, it is impossible to generate an access policy ((“role 1” OR “role 2”) AND (“region 1” or “region 2”)) in the previous schemes because the OR logic between attributes issued by different sway cannot be implemented. This is due to the fact that the different sway generate their own attribute keys using their own independent and individual master secret keys.
II. DISRUPTION TOLERENT NETWORK Military applications in the DTN arena are substantial, allowing the retrieval of critical information in mobile battlefield scenarios using only intermittently connected network communications. For these types of applications, the delay tolerant protocol should transmit data segments across multiple-hop networks that consist of differing regional networks based on environmental network parameters (latency, loss, BER). This essentially implies that data from low-latency networks for which TCP may be suitable must also be forward across the long-haul interplanetary link. DTN achieves message reliability via employing custody transfer. The concept of custody transfer, where responsibility of some data segment (bundle or bundle fragment), migrates with the data segment as it progresses across a series of network hops is a fundamental strategy such that reliable delivery is accomplished on a hop-by-hop basis instead of an endto-end basis DTN is a set of protocols that act together to enable a standardized method of performing store and forward communications.DTN operates in two basic environments: low-propagation delay and highpropagation delay. In a low-propagation environment such as may occur in near-planetary or planetary surface environments, DTN bundle agents can utilize underlying Internet protocols that negotiate connectivity in real-time. In high-propagation delay environments such as deep space, DTN bundle agents must use other methods, such as some form of scheduling, to enable connectivity between the two agents. The convergence layer protocols provide the standard methods for transferring the bundles
ISBN NO : 978 - 1502893314
www.iaetsd.in
over various communications paths. The bundle agent discovery protocols are the equivalent to dynamic routing protocols in IP networks. To date, the location of bundle agents, DTN agents, has been managed, analogous to static routing in internet protocol (IP) networks. The security protocols for DTN are important for the bundle protocol. The stressed environment of the underlying networks over which the bundle protocol will operate makes it important that the DTN be protected from unauthorized use, and this stressed environment poses unique challenges on the mechanisms needed to secure the bundle protocol. DTNs are likely to be deployed in organizationally heterogeneous environments where one does not control the entire network infrastructure. Furthermore, DTNs may very likely be deployed in environments where a portion of the network might become compromised, posing the usual security challenges related to confidentiality, integrity and availability. Fault-tolerant systems are designed so that if a component fails or a network route becomes unusable, a backup component, procedure or route can immediately take its place without loss of service. At the software level, an interface allows the administrator to continuously monitor network traffic at multiple points and locate problems immediately. In hardware, fault tolerance is achieved by component and subsystem redundancy.
III. RELATED WORK There are two types of ABE are depending on which of private keys or cipher texts that access policies are associated with. In a key-policy attribute-based encryption (KP-ABE) system, cipher texts are labelled by the transmitter with a set of descriptive attributes, while exploiter's private key is issued by the trusted attribute sway captures a policy (also called the access structure) that specifies which type of cipher texts the key can decrypt. KP-ABE schemes are suitable for structured organizations with rules about who may read particular documents. Typical applications of KP-ABE include secure forensic analysis and target broadcast. For example, in a secure forensic analysis system, audit log entries could be annotated with attributes such as the name of the exploiter, the date and time of the exploiter action, and the type of data modified or accessed by the exploiter action. While a forensic analyst charged with some investigation would be issued a private key that associated with a particular access structure. The private key would only open audit log records whose attributes satisfied the access policy associated with the private key[4], [7],[15]. In a cipher text-policy attribute-based encryption (CP-ABE) system, when a transmitter encrypts a message, they specify a specific access policy in terms of the access structure over attributes in the cipher text,
International Association of Engineering and Technology for Skill Development 35
Proceedings of International Conference on Advancements in Engineering and Technology
www.iaetsd.in
stating what kind of receivers will be able to decrypt the cipher text. Exploiters possess sets of attributes and obtain corresponding secret attribute keys from the attribute sway. Such an exploiter can decrypt a cipher text if his/her attributes satisfy the access policy associated with the cipher text. Thus, CP-ABE mechanism is conceptually closer to traditional role-based access control method. 1) Attribute Revocation: Bethencourt et al. [10] and Boldyreva et al. [10] first suggested key revocation mechanisms in CP-ABE and KP-ABE, respectively. Their solutions are to append to each attribute an expiration date (or time) and distribute a new set of keys to valid exploiters after the expiration. The periodic attribute revocable ABE schemes [8][13],[16],[17] have two main problems. The first problem is the security degradation in terms of the backward and forward secrecy. It is a considerable scenario that exploiters such as soldiers may change their attributes frequently, e.g., position or location move when considering these as attributes [4], [9]. Then, a exploiter who newly holds the attribute might be able to access the previous data encrypted before he obtains the attribute until the data is re-encrypted with the newly updated attribute keys by periodic rekeying (backward secrecy). The other is the scalability problem. The key sway periodically announces a key update material by unicast at each time-slot so that all of the nonrevoked exploiters can update their keys. 2) Key Escrow: Most of the existing ABE schemes are constructed on the architecture where a single trusted sway has the power to generate the whole private keys of exploiters with its master secret information [11]. Thus, the key escrow problem is inherently such that the key sway can decrypt every cipher-text addressed to exploiters in the system by generating their secret keys at any time. 3) Decentralized ABE: Huang et al. [9] and Roy et al. [4] proposed decentralized CP-ABE schemes on the multisway network environment. They achieved a combined access policy over the attributes issued by different sway by simply encrypting data multiple times. The main disadvantages of this approach are efficiency and expressiveness of access policy.
IV. DESIGN PRINCIPLES In this section, we describe the DTN architecture and define the security model.
ISBN NO : 978 - 1502893314
Fig. 1. Architecture transmission in defense network
of
secure
data
A. System Description and Assumptions Fig. 1 shows the layout of the DTN. As shown in Fig. 1, the design consists of the following system entities. 1) Key Sway: They are key generation centers that generate public/secret guidelines for CP-ABE. The key sway consists of a central domination and multiple local domination. We assume that there are secure and reliable transmission ducts between a central domination and each local domination during the preliminary key conformation and generation phase. Each local sway manages different attributes and issues corresponding attribute keys to exploiters. They grant different access entitlement to individual exploiters based on the exploiters’ attributes. The key sway is undertaking to be righteous-but-peculiar. That is, they will honestly perform the assigned tasks in the given order; however they would like to learn information of encrypted contents as much as possible. 2) Supply node: This is an entity that supplies data from transmitters and provide corresponding access to exploiters. It may be dynamic or static [4], [5]. Similar to the previous schemes, we also assume the supply node to be semi-devoted, which is righteous-but-peculiar. 3) Transmitter: This is an entity that has the trusted messages or data (e.g., a commander) and wishes to store them into the exterior data supply node for ease of apportioning or for trustworthy delivery to exploiters in the extreme networking environs. A transmitter is credible for describing (attribute based) access policy and enforcing it on its own data by encrypting the information under the policy before storing it to the supplied node. 4) Exploiter: This is a moving node that needs to gain access the data stored at the supplied node (e.g., a soldier). If an exploiter possesses a set of attributes satisfying the access policy of the encrypted data defined by the transmitter, and is not revoked in any of the attributes, then he will be able to decrypt the cipher text and obtain the data. Since the key sway is semi-trusted, they should be deterred from accessing plaintext of the data in the supply node; meanwhile, they should be still able to issue secret keys to exploiters. In order to realize this somewhat
International Association of Engineering and Technology for Skill Development 36
Proceedings of International Conference on Advancements in Engineering and Technology
contradictory requirement, the central sway and the local sway engage in the arithmetic 2PC protocol with master keys of their own and issue independent key components to exploiters during the key issuing phase. The 2PC protocol prevents them from knowing each other’s master secrets so that none of them can generate the whole set of secret keys of exploiters individually. Thus, we take an assumption that the central sway does not collude with the local sway (otherwise, they can guess the secret keys of every exploiter by sharing their master secrets). B. Security Requirements 1) Data confidentiality: Unauthorized exploiters who do not have enough credentials satisfying the access policy should be deterred from accessing the plain data in the supply node. In addition, unauthorized access from the supply node or key sway should also be prevented. 2) Collusion-resistance: If multiple exploiters collude, they may be able to decrypt a cipher text by combining their attributes even if each of the exploiters cannot decrypt the cipher text alone. For example, suppose there exist a exploiter with attributes {”Battalion 1”, “Region 1”} and another exploiter with attributes {”Battalion 2”, “Region 2”}. They may succeed in decrypting a cipher text encrypted under the access policy of (“Battalion 1” AND “Region 2”), even if each of them cannot decrypt it individually. We do not want these colluders to be able to decrypt the secret information by combining their attributes. We also consider a collusion attack among curious local sway to derive exploiters’ keys. 3) Backward and forward Secrecy: In the context of ABE, backward secrecy means that any exploiter who comes to hold an attribute (that satisfies the access policy) should be prevented from accessing the plaintext of the previous data exchanged before he holds the attribute. On the other hand, forward secrecy means that any exploiter who drops an attribute should be prevented from accessing the plaintext of the subsequent data exchanged after he drops the attribute, unless the other valid attributes that he is holding satisfy the access policy.
III. PRELIMINARIES Cryptographic Background We first provide a formal definition for access structure recapitulating the definitions in [12] and [13]. Then, we will briefly review the necessary facts about the bilinear map and its security assumption. 1) Access Structure: Let {P1,P2,……,Pn} be a set of parties. A collection Ḁ is a subset of 2{P1, P2,…….., Pn} is monotone. An access structure (respectively, monotone access structure) is a collection (respectively, monotone collection) Ḁ of nonempty subsets of {P1,P2,……,Pn}.The sets Ḁ in are called the authorized sets, and the sets not Ḁ in are called the unauthorized sets. 2) Bilinear Pairings: Let G0 and G1 be a multiplicative
ISBN NO : 978 - 1502893314
www.iaetsd.in
cyclic group of prime order p. Let g be a generator of G0. A map e: G0 * G1→G1 is said to be bilinear. 3)Bilinear Diffie–Hellman Assumption: Using the above notations, the Bilinear Diffie–Hellman (BDH) problem is to compute e (g,g)abcԑ G1 given a generator g of G0 and elements ga, gb ,gc for a,b,c. An equivalent formulation of the BDH problem is to compute e(A,B)c given a generator g of G0, and elements A,B and gc in G0.
IV. CIPHER-TEXT POLICY In this section, we provide a multisway CP-ABE scheme for secure data transmission DTNs. Each local sway issue partial personalized and attribute key components to an exploiter by performing secure 2PC protocol with the central sway. Each attribute key of an exploiter can be updated individually and immediately. Thus, the scalability and security can be enhanced in the proposed scheme. A. Access Tree 1) Description: Let be a tree representing an access structure. Each non leaf node of the tree represents a threshold gate. If is the number of children of a node x and k ͯ is its threshold value, then 0 ≤ kx ≤ numx. Each leaf node x of the tree is described by an attribute and a threshold value kx=1. 2) Satisfying an Access Tree: Let Ʈx be the sub tree of Ʈ rooted at the node x. If a set of attributes γ satisfies the access Tree Ʈx, we denote it as Ʈx(γ)=1. B. Scheme Construction Let G0 be a bilinear group of prime order , and let be a generator of G0. Let e : G0 * G0→G1 denote the bilinear map. A security parameter k, will determine the size of the groups. 1) System Setup: At the initial system setup phase, the trusted initializer2 chooses a bilinear group G0 of prime order with generator according to the security parameter. It also chooses hash functions H:{0,1}* ->G0 from a family of universal one-way hash functions. The public parameter param is given by (G0,g,H). Central Key Sway: CA chooses a random exponent β€R Ƶ*р. The master public/private key pair is given by (PK cᴀ = h¸ МK cᴀ= β) Local Key Sway: Each Ai chooses a random exponent αᶤ ε R Ƶ*P. The master public/private key pair is given by (PK ᴀi = e(g¸g)α ͥ¸ МK ᴀi= α ͥ) 2) Key Generation: In CP-ABE, exploiter secret key components consist of a single personalized key and multiple attribute keys. The personalized key is uniquely determined for each exploiter to prevent collusion attack among exploiters with different attributes. The proposed key generation protocol is composed of the personal key generation followed by the attribute key generation protocols. It exploits arithmetic secure 2PC protocol to eliminate the key escrow problem such that none of the
International Association of Engineering and Technology for Skill Development 37
Proceedings of International Conference on Advancements in Engineering and Technology
sway can determine the whole key components of exploiters individually. During the key generation phase using the 2PC protocol, the proposed scheme (especially 2PC protocol) requires (3m + 1)C0 messages additively to the key issuing overhead in the previous multisway ABE schemes in terms of the communication cost, where m is the number of key sway the exploiter is associated with, and C0 is the bit size of an element in G0. However, it is important to note that the 2PC protocol is done only once during the initial key generation phase for each exploiter. Therefore, it is negligible compared to the communication overhead for encryption or key update, which could be much more frequently performed in the networks. C. Revocation We observed that it is impossible to revoke specific attribute keys of a exploiter without rekeying the whole set of key components of the exploiter in ABE key structure since the whole key set of a exploiter is bound to the same random value in order to prevent any collusion attack. Therefore, revoking a single attribute in the system requires all exploiters who share the attribute to update all their key components even if the other attributes of them are still valid. This seems very inefficient and may cause severe overhead in terms of the computation and communication cost, especially in large-scaled networks. One promising way to immediately revoke an attribute of specific exploiters is to re-encrypt the ciphertext with each attribute group key and selectively distribute the attribute group key to authorized (nonrevoked) exploiters who are qualified with the attribute. Before distributing the cipher-text, the supply node receives a set of membership information for each attribute group G that appears in the access tree of CT from the corresponding sway and re-encrypts it as follows. Generates a header message where each contains the encrypted attribute group keys , which could be only decrypted by non revoked attribute group members. This can be done by exploiting many previous stateful or stateless group key handler schemes. We will adopt the complete sub tree method, which requires each exploiter to store additional key encryption keys (KEKs). The header message would be at most sizes for each attribute group, where and are the number of all exploiters in the system and that of exploiters in the attribute group, respectively. D. Key Update When a exploiter comes to hold or drop an attribute, the corresponding key should be updated to prevent the exploiter from accessing the previous or subsequent encrypted data for backward or forward secrecy, respectively. The key update procedure is launched by sending a join or leave request for some
ISBN NO : 978 - 1502893314
www.iaetsd.in
attribute group from a exploiter who wants to hold or drop the attribute to the corresponding sway. On receipt of the membership change request for some attribute groups, it notifies the supply node of the event. Without loss of generality, suppose there is any membership change in Gi.
V. ANALYSIS In this section, we first analyze and compare the efficiency of the proposed scheme to the previous multisway CP-ABE schemes in theoretical aspects. Then, the efficiency of the proposed scheme is demonstrated in the network simulation in terms of the communication cost. We also discuss its efficiency when implemented with specific parameters and compare these results to those obtained by the other schemes. A. Efficiency The logic expressiveness of access structure that can be defined under different disjoint sets of attributes (managed by different sway), key escrow, and revocation granularity of each CP-ABE scheme. Here the logic can be very expressive as in the single sway system like BSW[13] such that the access policy can be expressed with any monotone access structure under attributes of any chosen set of sway; while HV[9] and RC[4] schemes only allow the AND gate among the sets of attributes managed by different sway. The revocation can be done in an immediate way as opposed to BSW. Therefore, attributes of exploiters can be revoked at any time even before the expiration time that might be set to the attribute. B. Simulation In this simulation, we consider DTN applications using the Internet protected by the attribute-based encryption. Network Simulator NS2 is a primer providing materials for NS2 beginners, whether students, professors, or researchers for understanding the architecture of Network Simulator 2 (NS2) and for incorporating simulation modules into NS2. The authors discuss the simulation architecture and the key components of NS2 including simulation-related objects, network objects, packet-related objects, and helper objects. The NS2 modules included within are nodes, links, Simple link objects, packets, agents, and applications. Further, the book covers three helper modules: timers, random number generators, and error models. Also included are chapters on summary of debugging, variable and packet tracing, result compilation, and examples for extending NS2. Two appendices provide the details of scripting language Tcl, OTcl and AWK, as well object oriented programming used extensively in NS2.
International Association of Engineering and Technology for Skill Development 38
Proceedings of International Conference on Advancements in Engineering and Technology
www.iaetsd.in
VI. SECURITY In this section, we prove the security of our scheme with regard to the security requirements
Fig. 2. Number of exploiters in an attribute group. Fig. 2 represents the number of current exploiters and revoked exploiters in an attribute group during 100 h.
Fig. 3. Communication cost in the multisway CP-ABE systems. Fig. 3 shows the total communication cost that the transmitter or the supply node needs to send on a membership change in each multi sway CP-ABE scheme. It includes the cipher text and rekeying messages for nonrevoked exploiters. It is measured in bits. In this simulation, the total number of exploiters in the network is 10 000, and the number of attributes in the system is 30. The number of the key sway is 10, and the average number of attributes associated with a exploiter’s key is 10. C. Implementation Next, we analyze and measure the computation cost for encrypting (by a transmitter) and decrypting (by an exploiter) a data. We used a Type-A curve (in the pairing-based cryptography (PBC) library providing groups in which a bilinear map e : G0 * G0→G1 is defined. Although such curves provide good computational efficiency (especially for pairing computation), the same does not hold from the point of view of the space required to represent group elements. Indeed, each element of G0 needs 512 bits at an 80-bit security level and 1536 bits when 128-bit of security
ISBN NO : 978 - 1502893314
A. Collusion Resistance In CP-ABE, the secret sharing must be embedded into the Cipher text instead to the private keys of exploiters. Like the previous ABE schemes, the private keys (SK) of exploiters are randomized with personalized random values selected by the CA such that they cannot be combined in this scheme. Another collusion attack scenario is the collusion between revoked exploiters in order to obtain the valid attribute group keys for some attributes that they are not authorized to have (e.g., due to revocation). The attribute group key distribution protocol, which is a complete sub tree method in the proposed scheme, is secure in terms of the key indistinguishability. Thus, the colluding revoked exploiters can by no means obtain any valid attribute group keys for attributes that they are not authorized to hold. B. Data Confidentiality In our trust model, the multiple key sway are no longer fully trusted as well as the supply node even if they are honest. Therefore, the plain data to be stored should be kept secret from them as well as from unauthorized exploiters. Data confidentiality on the stored data against unauthorized exploiters can be trivially guaranteed. If the set of attributes of an exploiter cannot satisfy the access tree in the cipher text, he cannot recover the desired value e (g, g)rs during the decryption process, where r is a random value uniquely assigned to him. Another attack on the stored data can be launched by the supply node and the key sway. Since they cannot be totally trusted, confidentiality for the stored data against them is another essential security criteria for secure data retrieval in DTNs. The local sway issue a set of attributes keys for their managing attributes to an authenticated exploiter, which are blinded by secret information that is distributed to the exploiter from CA. They also issue the exploiter a personalized, secret key by performing the secure 2PC protocol with CA. The key generation protocol discourages each party to obtain each other’s master secret key and determine the secret key issued from each other. Therefore, they could not have enough information to determine the whole set of secret key of the exploiter individually. Even if the supply node manages the attribute group keys, it cannot decrypt any of the nodes in the access tree in the cipher text. This is because it is only authorized to re-encrypt the cipher text with each attribute group key, but is not allowed to decrypt it (that is, any of the key components of exploiters are not given to the node). Therefore, data confidentiality
International Association of Engineering and Technology for Skill Development 39
Proceedings of International Conference on Advancements in Engineering and Technology
against the curious key sway and supply node is also ensured. C. Backward and Forward Secrecy When an exploiter comes to hold a set of attributes that satisfy the access policy in the cipher text at some time instance, the corresponding attribute group keys are updated and delivered to the valid attribute group members securely (including the exploiter). In addition, all of the components encrypted with a secret key in the cipher text are re-encrypted by the supply node with a random, and the cipher text components corresponding to the attributes are also re-encrypted with the updated attribute group keys. Even if the exploiter has stored in the previous cipher text exchanged before he obtains the attribute keys and the holding attributes satisfy the access policy, he cannot decrypt the pervious cipher text. On the other hand, when an exploiter comes to drop a set of attributes that satisfy the access policy at some time instance, the corresponding attribute group keys are also updated and delivered to the valid attribute group members securely (excluding the exploiter). Then, all of the components encrypted with a secret key in the cipher text are re encrypted by the supply node with a random , and the cipher text components corresponding to the attributes are also re-encrypted with the updated attribute group keys. Then, the exploiter cannot decrypt any nodes corresponding to the attributes after revocation due to the blindness resulted from newly updated attribute group keys. In addition, even if the exploiter has recovered e(g ,g)(ɑ1+.......+ɑm)s before he was revoked from the attribute groups and stored it, it will not help to decrypt the subsequent cipher text e(g ,g)(ɑ1+.......+ɑm)(s+s´) re-encrypted with a new random . Therefore, the forward secrecy of the stored data is guaranteed in this scheme.
VII. CONCLUSION DTN technologies are becoming successful solutions in military applications that allow wireless devices to communicate with each other and access the confidential information reliably by exploiting external supply nodes. CP-ABE is a scalable cryptographic solution to the access control and secures data retrieval issues. In this paper, we proposed an efficient and secure data retrieval method using CP-ABE for decentralized DTNs where multiple key sway manages their attributes independently. The inherent key escrow problem is resolved such that the confidentiality of the stored data is guaranteed even under the hostile environment where key sway might be compromised or not fully trusted. In addition, the fine-grained key revocation can be done for each attribute group. We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant defese network.
ISBN NO : 978 - 1502893314
www.iaetsd.in
REFERENCES [1] J. Burgess, B. Gallagher, D. Jensen, and B. N. Levine, “Maxprop: Routing for vehicle-based disruption tolerant networks,” 2006, [2] M. Chuah and P. Yang, “Node density-based adaptive routing scheme for disruption tolerant networks,” 2006,. [3] M. M. B. Tariq, M. Ammar, and E. Zequra, “Mesage ferry route design for sparse ad hoc networks with mobile nodes,” in Proc. ACM MobiHoc, 2006,. [4] S. Roy andM. Chuah, “Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs,” Lehigh CSE Tech. Rep., 2009. [5] M. Chuah and P. Yang, “Performance evaluation of content-based information retrieval schemes for DTNs, 2007 [6] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable secure file sharing on untrusted storage,” 2003 [7] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Mediated ciphertext-policy attribute-based encryption and its application,” 2009. [8] N. Chen, M. Gerla, D. Huang, and X. Hong, “Secure, selective group broadcast in vehicular networks using dynamic attribute based encryption,” 2010 [9] D. Huang and M. Verma, “ASPE: Attribute-based secure policy enforcement in vehicular ad hoc networks,” 2009 [10] A. Lewko and B. Waters, “Decentralizing attributebased encryption,” Cryptology ePrint Archive: Rep. 2010/351, 2010 [11] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Proc. Eurocrypt, 2005 [12] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,”2006 [13] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,” 2007, [14] R. Ostrovsky, A. Sahai, and B. Waters, “Attributebased encryption with non-monotonic access structures,” 2007. [15] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation,” 2010, pp. [16] A. Boldyreva, V. Goyal, and V. Kumar, “Identitybased encryption with efficient revocation2008, [17] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, “Secure attribute based systems,” 2006
International Association of Engineering and Technology for Skill Development 40