Securing Data Retrieval for Decentralized Disruption- Tolerant Military Networks (DTNs) using Cipher text- Policy Attribute-Based Encryption

Securing Data Retrieval for Decentralized Disruption- Tolerant Military Networks (DTNs) using Cipher text- Policy Attribute-Based Encryption

Abstract:

DTN technologies are fast becoming popular and successful solutions in military applications that permit or enable wireless devices in the network to communicate with each other and access confidential data infallible or in a trustworthy manner by utilizing the storage nodes. However, the problem of applying  CP-ABE  in decentralized  DTNs introduces several security and privacy challenges concerning attribute revocation, key escrow, and coordination of attributes issued from different authorities. The ABE scheme provides an access controls mechanism over encrypted data with its policies and attributes over private and masters keys,  and ciphertexts (CP-ABE). Scalability is provided by CP-ABE for data encryption and decryption. For decryption to take place, the decryptor must possess attributes that match or correspond with the one defined by the security policy of the access control. We show how to apply the proposed scheme in securing and effectively manage the confidential data distribution in the DTN network.

KEYWORDS:- Access control, attribute-based encryption (ABE), disruption-tolerant network (DTN), secure data retrieval.

I. Introduction:

The military environment is a hostile and turbulent one therefore, applications running in this environment need more security to protect their data, access control, and their cryptographic methods. For communication to take place a node must be created and a connection established between the node and the neighbor nodes in this hostile networking environment, but if there is no connection between the source and the destination  the  message from the source node may have to wait depending on when the connection will be eventually established. We refer to this DTN architecture where multiple authorities issue and manage their own attribute keys independently as a decentralized DTN.        In this paper, we describe a CP-ABE-based encryption scheme that provides fine-grained access control. In a CP-ABE scheme, each user is associated with a set of attributes based on which the user's private key is generated. Contents are encrypted under an access policy such that only those users whose attributes match the access policy can decrypt.

The concept of attribute-based encryption (ABE) is a promising approach that fulfills the requirements for secure data retrieval in DTNs. ABE features a mechanism that enables access control over encrypted data using access policies and ascribed attributes among private keys and ciphertexts. Especially,  ciphertext-policy  ABE  (CP-ABE) provides a scalable way of encrypting data such that the encryptor   defines   the attribute   set that   the decryptor needs to possess to decrypt the ciphertext.   In CP-ABE, the key authority generates private keys  of users  by  applying the  authority’s master secret   keys   to users’   associated set   of attributes. The key authorities are semi-trusted, they should be  deterred from accessing plaintext of  the data in the storage node; meanwhile, they should be still able to issue secret keys to users.   If the key authority is compromised by adversaries when deployed in hostile environments, this could be a potential threat to the data confidentiality or privacy especially when the data is highly sensitive. To realize the goals of CP-ABE, the key authority makes use of maters secret keys and private keys of which the users apply by requesting from the key authority. When a user keyed in some attributes that match or correspond with the one in the access policy, it is updated to match with the group attributes which provides security for group members.

II. Related Works

The concept of attribute-based encryption (ABE) is a promising approach that fulfils the requirements for secure data retrieval in DTNs. ABE features a mechanism that enables access control over encrypted data using access policies and ascribed attributes among private  keys  and  ciphertexts. The problem of applying the  ABE to  DTNs introduces several security and privacy challenges. Since some users may change their associated attributes at some point  (for  example,  moving their  region), or  some private keys might be compromised, key revocation (or update) for each attribute is necessary to make systems secure. This implies  that revocation of any attribute or any single user in an attribute group would  affect  the  other  users  in  the  group.  For example, if a user joins or leaves an attribute group, the associated attribute key should be changed and redistributed to all the other members in the  same group for backward or forward secrecy. It may result in a bottleneck during a rekeying procedure, or security degradation due to the windows of vulnerability if the previous attribute key is not updated immediately.

II. Problem Definition:

Attribute-Based Encryption poses some security and privacy  problems to Disruption-Tolerant networks (DTNs). Because users in the network  may  change     their  associated  attributes, master or private keys might be compromised. Therefore, to provide a secure system, the key update is very necessary, but using the ABE system the issue of a secure system is more complex and difficult since some attributes of each user are shared by multiple users in the network. This implies that revocation of any attribute or any single user in an attribute group  would affect  the  other users in  the group. The main disadvantages of this approach are efficiency and expressiveness of access.

IV. Existing System:

In the existing system, the coordination of attributes is issued from different authorities. When multiple authorities manage and issue attribute keys to users independently with their own master secrets, it is very hard to define fine-grained access policies over attributes issued from different authorities. The problem of applying the  ABE to  DTNs introduces several security and privacy challenges. Since some users may change their associated attributes at some point, or some private keys might be compromised, key revocation for each attribute is necessary to make systems secure. However, this issue is even more difficult, especially in ABE systems.

Disadvantages of Existing System:

1. None  of  the  authorities can  determine  the whole key components of users individually.

2.    Failed to issue key in decentralized.

V.  Proposed System:

In this paper, we propose securing decentralized disruption-tolerant military networks (DTNs) using ciphertext-policy attribute-based encryption  (CP-ABE).  The  proposed  scheme  The ABE  scheme  provides  access  controls  mechanism over encrypted data with its policies and attributes over private and master keys, and ciphertexts (CP-ABE). Scalability is provided by CP-ABE for data encryption and decryption. ABE enhances the backward/forward  secrecy  of  confidential  data  by reducing the windows of vulnerability. Encryptors can define   a   fine-grained   access   policy   using   any monotone  access  structure  under  attributes  issued from any chosen set of authorities... We show how to apply the proposed scheme in securing and effectively manage the confidential data distribution in the DTN network.

Advantages of Proposed System:

System architecture:

1.    vulnerability is minimized or reduced.

2. The   Key   Authority       exploits   the characteristic of the decentralized DTN architecture.

3. When  once  the  new  attributes  of  the group   are   updated   the   user   cannot decrypt the nodes any

4. It    provides        scalability    for    data encryption            and            decryption.

VI. Implementation:

The implementation phase is a very important stage in project execution. It is a phase or a stage where the theoretical aspect of the work is converted into a new and working system. it is a stage where user confidence is built up and is made to believe that the new system will work perfectly and effectively well. Therefore, it requires careful planning, proper examination of the existing system and its problems, idea, model, and design procedures to achieve the set objectives.

Modules:

1. Disruption- tolerant network

2. Attribute-based encryption

3. Storage Nodes

4. Rekeying procedure

Fig. 3 Node creation with attributes in DTN

2. Attribute-based encryption:

The ABE scheme provides an access controls mechanism over encrypted data with its policies and attributes over private and masters keys, and ciphertexts (CP-ABE). Scalability is provided by CP-ABE for data encryption and decryption. For decryption to take place the decryptor must possess some attributes that match or corresponds with the one defined by the security policy of the access control.

Modules description:

1. Disruption tolerant network:

A disruption tolerant network is a network that allows the creation of node and neighbour nodes and permits communication between nodes in these hostile and turbulent networking environments. For communication to take place a node must be created and a connection established between nodes in the networking environment, but if there is no connection between the source and the destination the message from the source node may have to wait depending on when the connection will be eventually established. There are multiple paths in the DTN network, the storage in DTN is used to store, manage, and also for forwarding using the shortage paths in the form of weight. Finally, it introduces storage nodes for storing information.

Fig. 4 Showing how a file is encrypted

3. Storage nodes:

In DTNs, the storage node is where data is stored, managed, and duplicated for effective communication and quick access to information by the authorized mobile nodes in the network. When a sender wants to deliver its confidential data, he defines the tree access structure over the universe of attributes, encrypts the data to enforce attribute-based access control on the data, and stores it into the storage node securely. The sender can define the access policy under attributes of any chosen set of multiple authorities without any restrictions on the logic expressiveness as opposed to the previous multi-authority schemes.

Fig.5 Data flow in Storage module

Fig.6 Storage screen in DTN network.

4. Rekeying:

The purpose of rekeying is to provide security to the system. It is impossible to revoke specific attribute keys of a user without rekeying the whole set of key components of the user in the ABE key structure since the whole key set of a user is bound with the same random value to prevent any collusion attack. Therefore, revoking a single attribute in the system requires all users who share the attribute to update all their key components even if their other attributes are still valid. But it seems very ineffectual and may have serious complexity in terms of the computation and communication cost, especially in large-scaled DTNs.

Fig.7 rekeying data structure

System Requirements: Software Requirements:

• Front End : Java

• Environment: Eclipse Indigo

• Back End: MYSQL

• Operating System: Windows XP/7

Hardware Requirements:

• Processor : Pentium IV 2.4GHZ

• RAM : 512 MB

• Hard Disk : 80 GB

• Monitor : 15 VGA colour

VI. Conclusion:

DTN technologies are fast becoming popular and successful solutions in military applications that permit or enable wireless devices in the network to communicate with each other and access confidential data infallible or in a trustworthy manner by utilizing the storage nodes. The ABE scheme provides access controls mechanism over encrypted data with its policies and attributes over private and masters keys, and ciphertexts (CP-ABE). Scalability is provided by CP-ABE for data encryption and decryption. In this paper, we proposed an efficient and effective way to secure data using CP-ABE for decentralized DTNs where multiple key authorities independently manage theirattributes. To realize the goals of CP-ABE, the key authority makes use of mater secret and private keys of which the users apply by requesting it from the key authority. When a user keyed in some attributes that match or correspond with the one in the access policy, it is updated to match with the group attributeswhich provides security for group members. We show how to apply the proposed scheme in securing and effectively manage the confidential data distribution in the DTN network.

VIII. Future Work:

Besides, we plan to investigate the feasibility of incorporating value compare predicates in policy tree in the future so that the sender can control the lifetime of attributes.

Click  Here to download Paper