SECURE
DATA RETRIEVAL FOR DECENTRALIZED DISRUPTION-TOLERANT MILITARY NETWORKS
ABSTRACT
Mobile nodes in military environments such as a battlefield or a hostile
region are likely to suffer from intermittent network connectivity and frequent
partitions. Disruption-tolerant network (DTN) technologies are becoming successful
solutions that allow wireless devices carried by soldiers to communicate with
each other and access the confidential information or command reliably by
exploiting external storage nodes. Disruption- tolerant
network (DTN) technologies are becoming successful solutions that allow nodes
to communicate with each other in these extreme networking environments.
Typically, when there is no end-to-end connection between a source and a
destination pair, the messages from the source node may need to wait in the
intermediate nodes for a substantial amount of time until the connection would
be eventually established. The concept of attribute-based encryption (ABE) is a promising approach that fulfills the
requirements for secure data retrieval in DTNs. Especially, Ciphertext-Policy
ABE (CP-ABE) provides a scalable way of encrypting data such that the encryptor
defines the attribute set that the decryptor needs to possess in order to
decrypt the ciphertext. Thus, different users are allowed to decrypt different
pieces of data per the security policy.
Existing
System :
The
concept of attribute-based encryption (ABE) is a promising approach that
fulfills the requirements for secure data retrieval in DTNs. ABE features a
mechanism that enables an access control over encrypted data using access
policies and ascribed attributes among private keys and ciphertexts. the
problem of applying the ABE to DTNs introduces several security and privacy
challenges. Since some users may change their associated attributes at some
point (for example, moving their region), or some private keys might be
compromised, key revocation (or update) for each attribute is necessary in
order to make systems secure. This implies that revocation of any attribute or
any single user in an attribute group would affect the other users in the
group. For example, if a user joins or leaves an attribute group, the
associated attribute key should be changed and redistributed to all the other
members in the same group for backward or forward secrecy. It may result in
bottleneck during rekeying procedure, or security degradation due to the
windows of vulnerability if the previous attribute key is not updated
immediately.
Proposed
System :
Especially,
ciphertext-policy ABE (CP-ABE) provides a scalable way of encrypting data such
that the encryptor defines the attribute set that the decryptor needs to
possess in order to decrypt the ciphertext. Thus, different users are allowed
to decrypt different pieces of data per the security policy. In CP-ABE, the key
authority generates private keys of users by applying the authority’s master
secret keys to users’ associated set of attributes. Thus, the key authority can
decrypt every ciphertext addressed to specific users by generating their
attribute keys. If the key authority is compromised by adversaries when
deployed in the hostile environments, this could be a potential threat to the
data confidentiality or privacy especially when the data is highly sensitive.
The key escrow is an inherent problem even in the multiple-authority systems as
long as each key authority has the whole privilege to generate their own
attribute keys with their own master secrets. Since such a key generation
mechanism based on the single master secret is the basic method for most of the
asymmetric encryption systems such as the attribute- based or identity-based
encryption protocols, removing escrow in single or multiple-authority CP-ABE is
a pivotal open problem.
MODULES
1. Key
Authorities
2. Storage
node.
3. Sender.
4. Soldier
(User).
5. CP-ABE
Method.
MODULE
DESCRIPTION :
1. Key Authorities :
They
are key generation centers that generate public/secret parameters for CP-ABE.
The key authorities consist of a central authority and multiple local
authorities. We assume that there are secure and reliable communication
channels between a central authority and each local authority during the
initial key setup and generation phase. Each local authority manages different
attributes and issues corresponding attribute keys to users. They grant
differential access rights to individual users based on the users’ attributes.
The key authorities are assumed to be honest-but-curious. That is, they will
honestly execute the assigned tasks in the system, however they would like to
learn information of encrypted contents as much as possible.
2. Storage node :
This
is an entity that stores data from senders and provide corresponding access to
users. It may be mobile or static. Similar to the previous schemes, we also
assume the storage node to be semi-trusted, that is honest-but-curious.
3. Sender :
This
is an entity who owns confidential messages or data (e.g., a commander) and
wishes to store them into the external data storage node for ease of sharing or
for reliable delivery to users in the extreme networking environments. A sender
is responsible for defining (attribute based) access policy and enforcing it on
its own data by encrypting the data under the policy before storing it to the
storage node.
4. Soldier(User) :
This
is a mobile node who wants to access the data stored at the storage node (e.g.,
a soldier). If a user possesses a set of attributes satisfying the access
policy of the encrypted data defined by the sender, and is not revoked in any
of the attributes, then he will be able to decrypt the ciphertext and obtain
the data.
5. CP-ABE Method :
In Ciphertext Policy Attribute based Encryption
scheme, the encryptor can fix the policy, who can decrypt the encrypted
message. The policy can be formed with the help of attributes. In CP-ABE,
access policy is sent along with the ciphertext. We propose a method in which
the access policy need not be sent along with the ciphertext, by which we are
able to preserve the privacy of the encryptor. This techniques encrypted data can be kept confidential even if
the storage server is untrusted; moreover, our methods are secure against
collusion attacks. Previous Attribute- Based Encryption systems used attributes
to describe the encrypted data and built policies into user's keys; while in
our system attributes are used to describe a user's credentials, and a party
encrypting data determines a policy for who can decrypt.
SYSTEM SPECIFICATION
Hardware Requirements:
•
System :
Pentium IV 2.4 GHz.
•
Hard Disk : 40 GB.
•
Floppy Drive : 1.44 Mb.
•
Monitor : 14’ Colour Monitor.
•
Mouse : Optical Mouse.
•
Ram : 512 Mb.
Software Requirements:
•
Operating system : Windows7 32-bit Ultimate OS.
•
Coding Language : C#.Net
•
Data Base : SQL Server 2008.
No comments:
Post a Comment