Information Technology Reference
In-Depth Information
The algorithm begins by calling the function on the root node
R
of the tree
A. If the tree is satisfied by
S
, then
()
)
=
(
)
=
(
)
(
rP
0
rs
DecryptNode CT SK regg
,
,
,
r
egg
,
The algorithm then calculates
M
as
(
)
=
(
)
(
)
=
(
)
(
)
(
)
rs
s
(
)αβ
eegg
+
r
CeCD DecryptNode CT SK r
,
,
,
Ceh g
,
,
M
These protocols assume that the AA is honest. This is an unrealistic
assumption because, in a distributed system, authorities can fail or become
corrupt. To counter this problem, Chase [8] proposed a multiauthority ABE
in which there are several authorities that distribute attributes and secret
keys to users. The multiple-AA coordinate using a trusted authority. Chase
and Chow [9] devised a multiauthority ABE protocol that required no trusted
authority. However, the main problem was that a user required at least one
attribute from each of the authorities, which might not be practical. Recently,
Lewko and Waters [23] proposed a completely decentralized ABE by which
users could have any zero or more attributes from the authorities and not
require a trusted server.
We next present the distributed ABAC scheme presented in Reference 31.
3.3.3 Distributed Access Control in Clouds
Initially, for DACC the parameters of the scheme and the size of the group
are decided. The size of the group is chosen to be high, for example, 2
32
+ 1.
AA
A
j
selects the set of attributes
L
j
. An owner
U
u
who wants to store infor-
mation in the cloud chooses a set of attributes
I
u
that are specific to the data
it wants to encrypt. These attributes may belong to different KDCs. It then
decides on the access structure and converts the access tree to a linear secret
sharing scheme (LSSS) matrix
R
using the algorithm given in Reference 31.
Depending on the attributes it possesses and the keys it receives from the
KDC, it encrypts and sends the data and the access matrix. Each user is given
a set of attributes when the user registers for services from owners. The attri-
butes are not given by the cloud but by the KDCs. An ssh protocol (secure
shell protocol [1]) is used to securely transfer the attribute information. KDCs
give secret keys to users. When a user wants to access some information, the
user asks the cloud for the data record. The cloud gives an encrypted copy
of the data. If a user has a valid set of attributes, then the user calculates the
data using the secret key that it possesses.
Encryption proceeds in two steps. The Boolean access tree is first con-
verted to an LSSS matrix. In the second step, the message is encrypted and
Search WWH ::
Custom Search