Distributed Fine-Grained Access Control in Wireless Sensor Networks

In mission-critical activities, each user is allowed to access some specific, but not all, data gathered by wireless sensor networks. Yu et al~\cite{YRL09} recently proposed a centralized fine grained data access control mechanism for sensor networks, which exploits a cryptographic primitive called attribute based encryption (ABE). There is only one trusted authority to distribute keys to the sensor nodes and the users. Compromising the single authority can undermine the whole network. We propose a fully distributed access control method, which has several authorities instead of one. Each sensor has a set of attributes and each user has an access structure of attributes. A message from a sensor is encrypted such that only a user with matching set of attributes can decrypt. Compared to \cite{YRL09}, our schemes need simpler access structure which make secret key distribution more computation efficient, when user rights are modified. We prove that our scheme can tolerate compromising all but one distribution centers, which independently distribute their contributions to a single user key. Our scheme do not increase the computation and communication costs of the sensors, making it highly desirable for fine grained access control.

[1]  Anurag Ghosh,et al.  On Effect of Compromised Nodes on Security of Wireless Sensor Network , 2010, Ad Hoc Sens. Wirel. Networks.

[2]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[3]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[4]  Mahalingam Ramkumar Broadcast Encryption Using Probabilistic Key Distribution and Applications , 2006, J. Comput..

[5]  Kay Römer,et al.  The design space of wireless sensor networks , 2004, IEEE Wireless Communications.

[6]  Carlo Blundo,et al.  Space Requirements for Broadcast Encryption , 1994, EUROCRYPT.

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[9]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[10]  Ming Li,et al.  Data security and privacy in wireless body area networks , 2010, IEEE Wireless Communications.

[11]  Xiaohui Liang,et al.  Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority , 2008, INDOCRYPT.

[12]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[13]  Edlyn Teske,et al.  Pairing-Friendly Elliptic Curves , 2011, Encyclopedia of Cryptography and Security.

[14]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[15]  Mahalingam Ramkumar On Broadcast Encryption with Random Key Pre-distribution Schemes , 2005, ICISS.

[16]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[17]  Bülent Yener,et al.  Key distribution mechanisms for wireless sensor networks : a survey , 2005 .

[18]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[19]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[21]  Wensheng Zhang,et al.  Securing distributed data storage and retrieval in sensor networks , 2007, Pervasive Mob. Comput..

[22]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2011 .

[23]  Jianfeng Ma,et al.  Key Pre-distribution Scheme with Node Revocation for Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[24]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[25]  Jonathan Katz,et al.  Attacking cryptographic schemes based on "perturbation polynomials" , 2009, CCS.

[26]  Jie Wu,et al.  A Survey on Intrusion Detection in Mobile Ad Hoc Networks , 2007 .

[27]  Sencun Zhu,et al.  A random perturbation-based scheme for pairwise key establishment in sensor networks , 2007, MobiHoc '07.

[28]  Michael D. Smith,et al.  Implementing public-key infrastructure for sensor networks , 2008, TOSN.

[29]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[30]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[31]  Douglas R. Stinson Cryptography: Theory and Practice, Third Edition , 2005 .

[32]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.