Upload
ocular-systems
View
97
Download
1
Embed Size (px)
DESCRIPTION
Access control in decentralized online social networks applying a policy hiding cryptography.
Citation preview
Access Control in Decentralized Online SocialNetworks: Applying a Policy-Hiding Cryptographic
Scheme and Evaluating Its Performance
ABSTRACT
Privacy concerns in online social networking services have prompted a number of
proposals for decentralized online social networks (DOSN) that remove the central provider and
aim at giving the users control over their data and who can access it. This is usually done by
cryptographic means. Existing DOSNs use cryptographic primitives that hide the data but reveal
the access policies. At the same time, there are privacy-preserving variants of these
cryptographic primitives that do not reveal access policies. They are, however, not suitable for
usage in the DOSN context because of performance or storage constraints. A DOSN needs to
achieve both privacy and performance to be useful. We analyze predicate encryption (PE) and
adapt it to the DOSN context. We propose a univariate polynomial construction for access
policies in PE that drastically increases performance of the scheme but leaks some part of the
access policy to users with access rights. We utilize Bloom filters as a means of decreasing
decryption time and indicate objects that can be decrypted by a particular user. We evaluate the
performance of the adapted scheme in the concrete scenario of a news feed. Our PE scheme is
best suited for encrypting for groups or small sets of separate identities.
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
Existing System
Existing DOSNs use cryptographic primitives that hide the data but reveal the access
policies. At the same time, there are privacy-preserving variants of these cryptographic
primitives that do not reveal access policies. They are, however, not suitable for usage in the
DOSN context because of performance or storage constraints.
Disadvantage:
Hide the data but reveal the access policies.
Proposed System:
proposed a Predicate encryption (PE) is a cryptographic primitive that provides access
control of encrypted data using attribute based policies. When creating a ciphertext, the encrypt
or specifies an access policy and only those users whose keys satisfy the policy can decrypt. The
decryption keys are generated by the encrypt or using a master secret.
Advantages:
provides access control of encrypted data using attribute based policies.
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
Architecture:
MODULES”
1. System Initialization.
2. User Registration.
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
3. KDC setup.
4. Attribute generation.
5. Sign.
6. Verify.
7. Bloom filters.
Modules Description
1. System Initialization
Select a prime q, and groups G1 and G2, which are of order q. We define the mapping ˆe
: G1 ×G1 → G2. Let g1, g2 be generators of G1 and hj be generators of G2, for j ∈ [tmax], for
arbitrary tmax. Let H be a hash function. Let A0 = ha0 0 , where a0 ∈ Z ∗ q is chosen at random.
(TSig,TV er) mean TSig is the private key with which a message is signed and TV er is the
public key used for verification. The secret key for the trustee is TSK = (a0, TSig) and public key
is TPK = (G1,G2,H, g1,A0, h0, h1, . . . , htmax, g2, TV er).
2. User Registration
For a user with identity Uu the KDC draws at random Kbase ∈ G. Let K0 = K1/a0 base .
The following token γ is output γ = (u,Kbase,K0, ρ), where ρ is signature on u||Kbase using the
signing key TSig.
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
3. KDC setup
We emphasize that clouds should take a decentralized approach while distributing secret
keys and attributes to users. It is also quite natural for clouds to have many KDCs in different
locations in the world. The architecture is decentralized, meaning that there can be several KDCs
for key management.
4. Attribute generation
The token verification algorithm verifies the signature contained in γ using the signature
verification key TV er in TPK. This algorithm extracts Kbase from γ using (a, b) from ASK[i]
and computes Kx = K1/(a+bx) base , x ∈ J[i, u]. The key Kx can be checked for consistency
using algorithm ABS.KeyCheck(TPK,APK[i], γ,Kx), which checks ˆe(Kx,AijBx ij) = ˆe(Kbase,
hj), for all x ∈ J[i, u] and j ∈ [tmax].
5. Sign
The access policy decides who can access the data stored in the cloud. The creator
decides on a claim policy Y, to prove her authenticity and signs the message under this claim.
The ciphertext C with signature is c, and is sent to the cloud. The cloud verifies the signature and
stores the ciphertext C. When a reader wants to read, the cloud sends C. If the user has attributes
matching with access policy, it can decrypt and get back original message.
6. Verify
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
The verification process to the cloud, it relieves the individual users from time consuming
verifications. When a reader wants to read some data stored in the cloud, it tries to decrypt it
using the secret keys it receives from the KDCs.
7. Bloom filters
A profile in the DOSN contains multiple objects encrypted for different users. It is
impossible for a user to determine if an object is encrypted for him without trying to decrypt it
since the ciphertexts do not reveal access policies. The user could use a trial-and-error approach
(sequentially trying to decrypt objects) for rendering the profile, but this becomes prohibitively
expensive with the large number of objects. Therefore, we utilize Bloom filters to speed up
rendering and to show users in a privacy-preserving manner whether they can decrypt objects.
System Configuration:-
H/W System Configuration:-
Processor - Pentium –III
Speed - 1.1 Ghz
RAM - 256 MB (min)
Hard Disk - 20 GB
Floppy Drive - 1.44 MB
Key Board - Standard Windows KeyboardWe develops Computer Engineering Projects for BE/ME students. For any kind of support you may live
chat with us at www.ocularsystems.in or call us on 020 30858066 or Mail Us: [email protected]
Our Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
Mouse - Two or Three Button Mouse
Monitor - SVGA
S/W System Configuration:-
Operating System :Windows95/98/2000/XP
Application Server : Tomcat5.0/6.X
Front End : HTML, Java, Jsp
Scripts : JavaScript.
Server side Script : Java Server Pages.
Database : Mysql
Database Connectivity : JDBC.
CONCLUSION
We have proposed to apply a privacy preserving scheme to the DOSN context: inner-
product predicate encryption (PE). It is too expensive to use out of the box. Therefore for PE we
proposed a construction for access policies that drastically increases performance, but introduces
some trade-offs: it allows encrypting for a bounded set of groups/users; this bound is a trade-off
between between efficiency and functionality of the scheme; the number of groups in the system
is unlimited; a user has 2g different decryption keys, where g is the number of groups a user is a
member of; having multiple keys leaks some information about access policies. PE is most
suitable for encrypting for groups or small sets of separate identities. We designed an experiment
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)
that showed that for newsfeed assembly from all friends our scheme shows good performance
and thus user experience. For schemes that do not reveal access policies and have relatively slow
decryption, we proposed to use Bloom filters to indicate to users which files they can decrypt.
Bloom filters are both performant and space-efficient, and thus are suitable for DOSNs.
In this paper, we focused the evaluation on performance to see if PE is even feasible
under the constraints of decentralized online social networks, starting from the security and
privacy properties of the original scheme. The next steps are to focus on security and privacy, as
well as semantics of access policies of our modifications.
We develops Computer Engineering Projects for BE/ME students. For any kind of support you may live chat with us at www.ocularsystems.in or call us on 020 30858066 or
Mail Us: [email protected] Address: Swagat Corner Building, Near Narayani Dham Temple, Katraj, Pune-46 (Maharashtra)