Beruflich Dokumente
Kultur Dokumente
1, March 2018 26
Abstract--- The vehicular ad-hoc networks (VANETs) are external servers for the distribution of resources. Some of the
expected to support the diverse infrastructure based most challenging issues in such a scenario are the enforcement
commercial services, including internet access, real-time of authorization policies and the support of policy updates.
traffic concerns, video streaming and content distribution. It Since a common approach for protecting the outsourced data
also enables a wide range of promising applications and consists in encrypting the data themselves, a promising
services. It has brought new security challenges due to their approach for solving these issues is based on the combination
mobile and infrastructure less nature. In particular, of access control with cryptography. This idea is in itself not
confidentiality and location privacy are regarded as the most new, but the problem of applying it in an outsourced
critical security concerns for securing service-oriented architecture introduces several challenges.
vehicular networks. Forwarded messages in vehicular ad-hoc In this paper, illustrating the basic principles on which
networks are primarily multimedia data, including structured architecture for combining access control and cryptography
data, plain text, sound, and video which require access control can be built. They then illustrate an approach for enforcing
with efficient privacy preservation. authorization policies and supporting dynamic authorizations,
In this project, Ciphertext-policy attribute-based allowing policy changes and data updates at a limited cost in
encryption (CP-ABE) delegation scheme is proposed, which terms of bandwidth and computational power. Some of the
allows road side units (RSUs) to perform most of the most challenging issues in data outsourcing scenario are the
computation for the purpose of improving the decryption enforcement of authorization policies and the support of
efficiency of the vehicles. In addition to that, proposed a novel policy updates. Ciphertext-policy attribute-based encryption is
Sybil attack detection mechanism, Footprint, using the a promising cryptographic solution to these issues for
trajectories of vehicles for identification while still preserving enforcing access control policies defined by a data owner on
their location privacy. More specifically, when a vehicle outsourced data.
approaches a road-side unit (RSU), it actively demands an However, the problem of applying the attribute-based
authorized message from the RSU as the proof of the encryption in an outsourced architecture introduces several
appearance time at this RSU. challenges with regard to the attribute and user revocation.
A location-hidden authorized message generation scheme The study proposes an access control mechanism using
is designed for two objectives: first, RSU signatures on ciphertext-policy attribute-based encryption to enforce access
messages are signer ambiguous so that the RSU location control policies with efficient attribute and user revocation
information is concealed from the resulted authorized capability. The fine-grained access control can be achieved by
message; Second, two authorized messages signed by the same dual encryption mechanism which takes advantage of the
RSU within the same given period of time are recognizable so attribute-based encryption and selective group key distribution
that they can be used for identification. If the RSU is found to in each attribute group.
be failure but not updated with Trusted Authority, the current
Architecture Diagram
RSU which reads the records from the vehicle, queries the
Trusted Authority about all the nearest nodes of missed RSU
(second hop) from current RSU, and calculate the two hop
timings and suspect the vehicle if the messages are not
matched.
I. INTRODUCTION
II. LITERATURE SURVEY the stored data. Group manager takes charge of system
In the paper, “Persona: An Online Social Network with parameters generation, user registration, and user revocation.
User-Defined Privacy” [3] the authors R. Baden, A. Bender, In the existing applications, the group manager usually is
N. Spring, B. Bhattacharjee, and D. Starin described that, the leader of the group. Therefore, we assume that the group
Online social networks (OSNs) have become a de fact oportal manager is fully trusted by the other parties. Group members
for Internet access for millions of users. These net-works help (users) are a set of registered users that will store their own
users share information with their friends. data into the cloud and share them with others. In this scheme,
However, users entrust the social network provider with the group membership is dynamically changed, due to the new
such personal information as sexual preferences, political and user registration and user revocation.
religious views, phone numbers, occupations, identities of The existing system includes an attribute-based access
friends, and photographs. Although sites over privacy controls control scheme using CP-ABE with efficient attribute and user
that let users restrict how their data is viewed by other users, revocation capability for data outsourcing systems. The
sites provide insufficient controls to restrict data sharing with proposed scheme has following advantages with regard to the
corporate affiants or application developers. Not only are there security and scalability compared to the previous revocable
few controls to limit information disclosure, acceptable use CP-ABE schemes.
policies require both that users provide accurate information
In existing system, first, enabling user access control
and that users grant the provider the right to sell that
enhances the backward/forward secrecy of outsourced data on
information to others.
any membership changes in attribute groups compared to the
Facebook is a representative example of a social network attribute revocation schemes. Second, the user access control
provider. The Facebook\Statement of Rights and can be done on each attribute level rather than on system level,
Responsibilities" [31] re-quires that users \not provide any so that more fine-grained user access control can be possible.
false personal information on Facebook" and \keep [their]
contact information accurate and up to date." Further, it states • The data owner need to take full charge of
that users\grant [Face-book] a non-exclusive, transferable, maintaining all the membership lists for each
sub-licensable, royalty-free, worldwide license to use any IP attribute group to enable the direct user revocation.
[Intellectual Property] content that [they] post on or in • Keys are assigned randomly and independently from
connection with Facebook." each other.
• All the data is maintained by single service provider.
In the paper,” Fuzzy Identity-Based Encryption” [4] the • The single data service manager is in charge of
authors were described about, Identity- Based Encryption [33] managing the attribute group keys per each attribute
(I BE) allows for a sender to encrypt a message to an identity group.
without access s to a public key certificate . T he ability to do • All the nodes are treated equally and weak capable
public key encryption without certificates has many practical nodes also require huge computations.
applications. For example, a user can send an encrypted mail
• All the mirror nodes store the file with same
to a recipient, without the requiring either the existence of a
encryption mechanism.
Public- Key Infrastructure or that the recipient b e on-line at
• Unauthorized data leakage still remains a problem
the time of creation. One common feature of all previous
due to the potential exposure of decryption keys.
Identity- Base d Encryption system s is that they view
identities as a string of characters. • Only single cloud provider environment is
considered.
In the paper,” Attribute-Based Encryption for Fine- The proposed system implements all the existing system
Grained Access Control of Encrypted Data” [5], the authors V. concepts in which the Cipher text-Policy Attribute-Based
Goyal, O. Pandey, A. Sahai, and B. Waters described that, Encryption with User Revocation is carried out. Like existing
There is a trend for sensitive user data to b e stored by third system, the proposed scheme also adapts a dual encryption
parties on the Internet. For example, personal email, data, and approach to overcome the user access control problem in
personal preferences are stored on web portal sites such as Go attribute-based encryption system.
ogle and Yahoo. The attack correlation center, dshield.org,
presents aggregated views of attacks on the Internet, but stores In addition, multiple service providers are included and
intrusion rep orts individually submitted by users. Given the data is distributed among them. User privileges may be
variety, amount, and importance of information stored at these varying for data maintained by different service providers.
sites, there is cause for concern that personal data will b e This requires different kind of encryption mechanisms in data
compromised. maintained by different service providers and so computation
overhead is reduced.
III. METHODOLOGY • Any service provider may revocate users if
In this project existing system maintained by the cloud unauthorized user tries to access the data above a
service providers, provides storage space for hosting data files given count.
in a pay-asyou-go manner. However, the cloud is untrusted • Data servicing is maintained by more than one
since the cloud service providers are easily to become service provider.
untrusted. Therefore, the cloud will try to learn the content of
• All data service manager take charge of managing coarse-grained revocation is called because the immediate
the attribute group keys per each attribute group. rekeying on any member change could not be possible. In
• Keys are assigned based on a condition and unique particular, Dekey remains secure even the adversary controls a
among all users. limited number of key servers. They implement Dekey using
• Partial data of files are taken from multiple mirror the Ramp secret sharing scheme that enables the key
locations and send to selected client. management to adapt to different reliability and confidentiality
• Suitable for very large size files. levels.
• Irrelevant size blocks of data are handled among the The evaluation demonstrates that Dekey incurs limited
multiple cloud service providers based on their overhead in normal upload/download operations in realistic
computational capabilities. cloud environments. This thesis study makes new construction
• Different trust level is set to different cloud Dekey to provide efficient and reliable convergent key
providers and encryption or decryption is varied management through convergent key deduplication and secret
based on the clouds computational capability. sharing. Dekey supports both file-level and block-level
deduplications. Security analysis is demonstrates that Dekey is
IV. MULTIMEDIA CONTENT SHARING SYSTEM secure in terms of the definitions specified in the proposed
The data outsourcing scenario challenges the approaches security model. Symmetric encryption uses a common secret
of traditional access control architectures such as reference key to encrypt and decrypt information. Since the key used for
monitor, where a trusted server is in charge of defining and this experimental work are very weak, the existing system is
enforcing access control policies. This assumption no longer less secure. User revocation management is not implemented.
holds in modern data outsourcing systems, because users want The key can be management only within the group members.
to be able to share private contents with a group of people they Authentication Model
selected and to define some access policy and enforce it on the
A hashing function can be used to return a unique key for a
contents. Thus, it is desirable to put the access policy
block of data, based only on the contents of the data; if two
decisions in the hands of the data owners.
people have the same data, the hashing function will return the
Recently proposed access control models, such as same key. If this key is used as the index for storing the data
attribute-based access control, define access control policies block, then any attempt to store multiple copies of the same
based on different attributes of the requester, environment, for block will be detected immediately. In some circumstances, it
the data object. In addition, the current trend of storage may be necessary store additional metadata, or a reference
outsourcing requires increased protection of data including count to keep track of the multiple “owners”, but it is not
access control methods that are cryptographically enforced. necessary to store multiple copies of the data itself.
The concept of attribute-based encryption is a promising
Encrypting data invalidates the de-duplication; two
approach that fulfills these requirements. ABE features a
identical data blocks, encrypted with different keys, will yield
mechanism that enables an access control over encrypted data
different encrypted data blocks which can no longer be shared.
using access policies and ascribed attributes among private
Typical implementations involve complex schemes for storing
keys and ciphertexts.
and managing these keys as part of the block meta-data. This
Especially, ciphertext-policy ABE (CP-ABE) provides a can be a reasonable approach when the de-duplication is part
scalable way of encrypting data such that the encryptor defines of a local file system.
the attribute set that the decryptor needs to possess in order to
But there is considerable overhead in interrogating and
decrypt the ciphertext. Thus, different users are allowed to
maintaining this meta-data, which can be significant when the
decrypt different pieces of data per the security policy. This
de-duplication and encryption is being performed remotely
effectively eliminates the need to rely on the storage server for
and this is necessary in this case to preserve the privacy of the
preventing unauthorized data access. However, the problem of
data. Securing outsourced data for multi-user accesses can be
applying the ABE to the data outsourcing architecture
achieved through encrypted file systems.
introduces several challenges with regard to the attribute and
user revocation. The revocation issue is even more difficult De-duplication systems decrease storage consumption by
especially in ABE systems, since each attribute is conceivably identifying distinct chunks of data with identical content. They
shared by multiple users (henceforth, it is referred to such a then store a single copy of the chunk along with metadata
collection of users as an attribute group). This implies that about how to reconstruct the original files from the chunks.
revocation of any attribute or any single user in an attribute The proposed methodology is used to provide a provably
group would affect the other users in the group. It may result secure design of a cryptographic le system along with rigorous
in bottleneck during rekeying procedure or security security definition.
degradation in the system. Cipher Text-Policy Attribute-based Encryption with User
This research attempts to solve these problems in attribute- Revocation
based data access control using CP-ABE for data outsourcing Step 1: The setup algorithm is executed which is a
systems. Recently, several attribute revocable ABE schemes randomized algorithm that takes no input other than the
have been proposed. They realize revocation by revoking implicit security parameter. It outputs the public key PK and a
attribute itself using timed rekeying mechanism, which is master key MK.
implemented by setting expiration time on each attribute. A
REFERENCES
[1] S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi and P. Samarati, “A
Data Outsourcing Architecture Combining Cryptography and Access
Control”, Proc. ACM Workshop Computer Security Architecture, 2007.
[2] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel and W. Jonker, “Mediated
Ciphertext-Policy Attribute-Based Encryption and Its Application”,
Proc. Int’l Workshop Information Security Applications, Pp. 309-323,
2009.
[3] R. Baden, A. Bender, N. Spring, B. Bhattacharjee and D. Starin,
“Persona: An Online Social Network with User-Defined Privacy”, Proc.
ACM SIGCOMM , 2009.
[4] A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption”,
Proc.Eurocrypt, Pp. 457-473, 2005.
[5] V. Goyal, O. Pandey, A. Sahai and B. Waters, “Attribute-Based
Encryption for Fine-Grained Access Control of Encrypted Data”, Proc.
ACM Conf. Computer and Comm. Security, Pp. 89-98, 2006.
[6] J. Anderson, Computer security planning study, Technical Report 73-51,
Air Force Electronic System Division, 1972.
[7] J. Saltzer and M. Schro eder, „The protection of information in computer
systems”, Communications of the ACM , Vol. 17, No.7, 1974.
[8] N. Provos, “Encrypting virtual memory”, Proc. of the 9th USENIX
Security Symposium, 2000.
[9] A. Harrington and C. Jensen, “Cryptographic access control in a
distributed tle system”, Proc. of the 8th SACMAT, 2003.
[10] S. Akl and P. Taylor, “Cryptographic solution to a problem of access
control in a hierarchy”, ACM TOCS, Vol. 1, No.3, Pp. 239-248, 1983.
[11] J. Crampton, K. Martin and P. Wild, “On key assignment for
hierarchical access control”, Proc. of the 19th IEEE CSFW , 2006.
[12] G. Miklau and D. Suciu, “Controlling access to published data using
cryptography”, Proc. of the 29th VLDB Conference, 2003.
[13] H. Hacig Äum Äus, B. Iyer and S. Mehrotra, “Providing database as a
service”, Proc. of 18th ICDE, 2002.
[14] R. Agrawal, J. Kierman, R. Srikant and Y. Xu, „Order preserving
encryption for numeric data”, Proc. of ACM SIGMOD, 2004.
[15] E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Ja jo dia, S. Parab
oschi and P. Samarati, “An experimental evaluation of multi-key
strategies for data outsourcing”, Proc. of the 22nd IFIP TC-11
International Information Security Conference, 2007.
[16] A. Sahai and B. Waters, “Fuzzy identity-based encryption”, Advances in
Cryptology Eurocrypt, Vol. 3494, Pp. 457 -473, 2005.
[17] J. Bethencourt, A. Sahai and B. Waters, “Ciphertext-Policy Attribute-
Based Encryption”, Proceedings of the IEEE Symposium on Security
and Privacy, Pp. 321-334, 2007.
[18] L. Cheung and C. Newport, “Provably secure ciphertext policy ABE”,
Proceedings of the 14th ACM Conference on Computer and
Communications Security , Pp. 456-465, 2007.
[19] M. Pirretti, P. Traynor, P. McDaniel and B. Waters, “Secure attribute-
based systems”, Proceedings of the 13th ACM Conference on Computer
and Communications Security, Pp. 99-112, 2006.