Research Article A PEFKS- and CP-ABE-Based Distributed ...downloads.hindawi.com/journals/ijdsn/2013/469076.pdf · content-based opportunistic network is a quickly emerging problem

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2013 Article ID 469076 10 pageshttpdxdoiorg1011552013469076

Research ArticleA PEFKS- and CP-ABE-Based Distributed Security Scheme inInterest-Centric Opportunistic Networks

Fei Wang12 YongJun Xu1 Lin Wu12 Longyijia Li3 Dan Liu3 and Liehuang Zhu3

1 Institute of Computing Technology Chinese Academy of Sciences Beijing 100190 China2University of Chinese Academy of Sciences Beijing 100049 China3 School of Computer Science amp Technology Beijing Institute of Technology Beijing 100081 China

Correspondence should be addressed to Fei Wang wangfeiictaccn

Received 26 December 2012 Accepted 16 March 2013

Academic Editor Hongsong Zhu

Copyright copy 2013 Fei Wang et alThis is an open access article distributed under the Creative CommonsAttribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Security is a crucial issue in distributed applications ofmultihopwireless opportunistic network due to the features of exposed on thefly communication relaxed end-to-end connectivity and vague destinations literately In this paper we focus on problems of userprivacy leakage and end-to-end confidentiality invasion in content-based or interest-centric wireless opportunistic network Andwe propose a public-encryption-with-fuzzy-keyword-search- (PEFKS-) and ciphertext-policy-attribute-based-encryption- (CP-ABE-) based distributed security scheme by refining and compromising two-pairing-based encryption searchable encryption andattribute-based encryption Our scheme enables opportunistic forwarding according to fuzzy interests preserving full privacy ofusers and ensures end-to-end confidentiality with a fine-grained access control strategy in an interest-centric scenario of large-scalewireless opportunistic networks Finally we analyze and evaluate the scheme in terms of security and performance

1 Introduction

Opportunistic network is a type of ad hoc wireless networkwhich has common features of delay tolerant network (DTN)which achieves routing through opportunities of meetingbetween mobile nodes It aims to solve the problem ofcommunication in the presence of intermittent network con-nectivity And to this end opportunistic network (OPPNET)has the following features

(i) Communication is on the fly thus exposed to allpowerful adversary parties trying to spy the privacyof users and steal the information

(ii) Forwarding decisions are made on the fly based onany possible information from a collapsed networkarchitecture [1] owing to the aim of transmitting amessage over any communication gaps

(iii) Only vague destinations literately exist because ames-sage ought to be sent to a group of nodes accordingto some principles deployed near a specific locationequippedwith same sensors or actuators or interestedin specific information [2]

Content-based opportunistic network uses content ofmessage which concerns usersrsquo interests to make forwardingdecisions and a most popular application scenario is thatnetwork nodes which are actually pedestrians look forwardto acquiring and sharing information through opportunisticcommunication with others Every pedestrian carries oneor more portable wireless terminals such as smart phonestablets and laptops More precisely it is people-centric orinterest-centric opportunistic network In such a scenarioa user can be a subscriber with interests in some topics hecould also be a publisher intending to publish contents aboutsome topics Security in such type of opportunistic networkis a crucial issue We consider two components of security inopportunistic network privacy and confidentiality

First is privacy In a content-based opportunistic net-work interest advertisements from subscribers and pub-lished contents from publishers both need to be forwardedbased on the interest-oriented information (maybe someindexes abstracts keywords etc) which are contained inthe messages The routing could be multihop through sev-eral intermediate nodes which might not be trusted bysubscribers or publishers The subscribers do not want other

2 International Journal of Distributed Sensor Networks

subscribers and intermediate nodes to know their interestsThe situation is almost the same as publishers they do notwant other publishers intermediate nodes or subscribersthat are not designated to obtain the interest orientationsof their published contents However in precedent researchabout interest-centric network forwarding relies on explicitqueries or indexes which leads to possible threat of privacyleakage due to matching between message indexes and usersrsquoidentities

Second is end-to-end confidentiality which is consideredas a fundamental security requirement Publishers not onlywant to impose a ban on the access to the plaintext payloadof their published contents but also want to attach a preciseaccess control strategy to their every message so that onlythe designated subscribers who have certain credentials orattributes can access the payload For example when toplayer of some IT company wants to publish a product faultsurvey they may make such an access control structure asshown in Figure 1 whichmeans only the departmentmanagerof Technology Department or Quality Control Departmentstaff with management level over 5 or a consultant calledCharlie Eppes could access the survey However the reasonsof no stable end-to-end connection and group target of amessage not only make traditional end-to-end encryptionunsuitable but also increase the difficulty of fine-grainedaccess control on shared data

In this paper we propose a PEFKS- and CP-ABE-baseddistributed security scheme in interest-centric opportunisticnetwork

The main contributions of this paper are as follows

(i) We design a PEFKS-based privacy protecting for-warding decision scheme which on one hand enablessubscribers to publish encrypted fuzzy interests andon the other hand enables intermediate nodes toforwardmessages according to encrypted fuzzy inter-ests The scheme ensures usersrsquo full privacy in thecircumstance of opportunistic network and enhancesanonymity through fuzzy interests To the best of ourknowledge we are the first to enable partial match onfuzzy interests in opportunistic network

(ii) We embed the concept of attribute-based identityinto opportunistic network to adapt to the feature ofno explicit destinations Then we design a CP-ABE-based confidentiality protecting scheme in whichpublishers make and attach an expressive access con-trol strategy to the messages they are about to sendSubscribers whose attribute-based identities satisfythe access control strategy are legalized to decryptthe ciphertext finally achieving confidentiality witha fine-grained access control strategy on shared data

(iii) We implement and analyze the security and perfor-mance of the schemes and verify the feasibility of oursecurity schemes

2 Related WorkRelated research work is still scarce because security incontent-based opportunistic network is a quickly emerging

problem and most of the security schemes existing inInternet wireless sensor networks (WSNs) mobile ad hocnetworks (DTN or MANET) are not suitable

As far as we are concerned Lilien et al [3] were thefirst to consider security in opportunistic network Theyproposed several challenges in privacy and confidentiality ofopportunistic network in particular the requirement for end-to-end confidentiality but they did not propose any possiblesecurity solutionWhat ismore they did not analyze the issueof context privacy or content privacy

Nguyen et al proposed a probabilistic routing protocolfor ICMAN (intermittently connected mobile ad hoc net-work) in [4] which indicates the very first idea to protectprivacy and confidentiality In their protocol if senders wantto send messages to receivers it hashes all the values ofmessage head Before intermediate node does the partialmatch it first calculates its attributes using the same hashfunctions Only hash function is used hereby to achieve arelatively computational efficiency but it is obviously proneto dictionary attack As for confidentiality they used theinformation (evidencevalues) that the sender knows aboutthe destination node as keys so only the destination nodecan decrypt the cipher messages to get the plain messagesin a community scenario In this scheme the confidentialityis based on assumption that all in-community memberscan be trusted which obviously cannot be guaranteed inopportunistic network

In the neighboring area of DTN a bundle securityprotocol (BSP) [5] was defined to enhance the security ofcommunications in DTN In BSP a confidentiality block isincluded to enable the encryption of the entire payload at thesource and the decryption at the final destination based onthe identifier of the destination It does not enable encryptionbased on the interests of destinations or partial matches thatcan be used to make interest-centric forwarding decisionsThose features are thus not enough to satisfy the interest-centric scenario

Shikfa et al proposed a scheme for content-based andcontext-based opportunistic network in [1 6] In content-based scenario they defined a three-level privacy model andtwo security primitives ldquosecure look-uprdquo and ldquosetup of for-warding tablesrdquo and proposed a distributed security schemebased on multiple layer commutative encryption (MLCE)in which r-hop neighbor nodes share keys to encrypt anddecrypt messages There are two disadvantages one is thatonly single-word keyword is supported it is not flexible andthe other is that the number of shared keys will explode whentopology changes frequently In context-based scenario theyreplaced identities of classic identity-based encryption (IBE)with attributes contained in context to assure end-to-endconfidentiality Also they used improved public encryptionwith keyword search (PEKS) to make forwarding decisionsto protect usersrsquo privacy Their scheme is flexible enough tomeet the privacy requirements of context-based forwardingBut it only supports strictly limited attributes arrange rulessuch as ⟨[Mail] [Workplace] [Status]⟩ which is not suitablefor content-based forwarding In addition the sender cannotapply a fine-grained access control strategy to shared data

International Journal of Distributed Sensor Networks 3

Department manager

Technologydepartment

Quality controldepartment

And

Or

Or

Name Charlie EppesManagement level gt5

Figure 1 Access policy for example in introduction

There are also other researches concerning security inopportunistic network As for trust relationship Li and Dasdesigned a trust-based framework in [7] to more accuratelyevaluate an encounterrsquos competency met which can be flexi-bly integrated with a large family of existing data forwardingprotocols The proposed framework was implemented withPROPHET demonstrating great effectiveness against ldquoblackholerdquo attacks But in [7] neither privacy nor confidential-ity is considered Shin et al presented and implementedAnonySense a privacy-aware system for realizing pervasiveapplications based on collaborative opportunistic sensing bypersonal devices in [8] In their system the sensing tasks andsensor data can be anonymized through the collaborationof Tor network MIX network and anonymization service(AS) before being reported back Such a framework achievesgreat flexibility with usersrsquo privacy respected yet the privacyin opportunistic forwarding is not considered To improveprivacy and confidentiality in opportunistic network weshould mine deeper in modern cryptography

PEKS was presented by Boneh et al [9] based on bilinearpairings which makes searching on encrypted data possiblePEKS was improved and used in [1] But only explicitkeywords are not enough to fit in complex applicationrequirements especially when users know little about thenetwork When users submit complete queries they will feelldquoleft in the darkrdquo [10] and have to use a try-and-see approachfor finding information In this respect fuzzy interests andmatch of them which can enhance the user interactivity areneeded which current PEKS implemented in opportunisticnetwork cannot achieve In [11] wildcard-based fuzzy setconstruction was introduced but for a word of length 119897 andsimilarity 119889 quantized by edit distance [12] the size of fuzzyset is 119874(119897

119889) In this fuzzy set many meaningless words that

existed bring spatial redundancy Later in [13] dictionary-based fuzzy set construction was proposed to improve theefficiency dramatically

Shikfa introduced IBE and their scheme fits well incontext-based opportunistic network IBE is proposed byShamir [14] and Boneh and Franklin [15] based on bilinear

pairings It enables resource providers (publishers in oppor-tunistic network) to utilize userrsquos identity as public keywithout querying for public key certificate onlineThis featurefits the relaxed-connection environment of opportunisticnetwork very well and was demonstrated in Shikfarsquos work

Based on IBE Sahai and Waters proposed attribute-based encryption or fuzzy identity-based encryption (ABE)in 2005 [16] Research in ABE has been hot since then Su etal compared ABE with IBE and summed up for advancedfeatures in [17] All these features are very suitable foropportunistic networksThe first is thatABE enables resourceproviders to encrypt messages with only attributes withoutconsidering the number or identities in the group whichcan reduce the encryption cost on opportunistic networknodes and protect usersrsquo privacy in a tailor-made no-explicit-destination environment of opportunistic network Secondlyonly the one whose attribute-based identity satisfying therequirement of cipher text can decrypt the cipher text whichassures end-to-end confidentiality in a relaxed connectedenvironment of opportunistic network Third is that in ABEusersrsquo key was related to random polynomial or randomnumber thus no collusion is possible among opportunisticnetwork usersThe last is that flexible access control strategiessuch as the AND OR NOT and THRESHOLD of attributesare supported which will dramatically increase the flexibilityThe first basic ABE [16] scheme only supports thresholdaccess strategy then researchers developed it and proposedkey-policy attribute-based encryption (KP-ABE) [18] andciphertext-policy attribute-based encryption (CP-ABE) [19]to achieve more flexible access control strategies The formerenables users to make rules about the messages they aregoing to receive and the latter allows senders to make accessstrategies for ciphertexts

From the aforementioned work it could be concludedthat none of related research work has achieved privacyor confidentiality with good flexibility in content-basedopportunistic network Some kind of improved PEKS andABE can be our first choice Therefore we propose a privacyprotecting forwarding decision scheme based on PEFKS anda confidentiality protecting scheme based on CP-ABE


3 Problem Statement

31 Reference Model The involved nodes of interest-centricopportunistic network are some people working in thesame or near places carrying portable devices with oneor more wireless communication interfaces such as Wi-Fi near field communication (NFC) and Bluetooth Theydevote themselves to the opportunistic network system to getinformation (news e-mails gossip etc) through multi hopforwarding based on their opportunistic mobilityTheir rolesin such a system are equal and could work as a subscriberan intermediate node and a publisher [20] at the same timeIn fact all users are supposed to be greedy and intend toget without sharing Therefore some incentive system existsaiming at leading users to offer their devicesrsquo capacity such asstorage space and computing power

Figure 2 depicts the reference model of opportunisticcommunication in previously mentioned application sce-nario in which a subscriber 119860 broadcasts its interest advise-ments 119877119860 while a publisher 119862 publishes contents 119875119862Intermediate nodes are responsible for two things setup offorwarding tables 119865119879 according to interest advisements anddecision making based on forwarding tables

To specify the limitation of interest keywords 1198630 isdefined as a dictionary containing all valid English wordswhich might be chosen as candidate interests Every validuser has a subset of candidate keywords 119882

lowast

119906which would

be constant in the lifetime of an opportunistic networkAdditionally all people involved have their own attributesset 119884 = 1199101199061 1199101199062 119910119906119899 to describe their identitiesUsersrsquo interests vary over time with the change of hot topicsSo interest-centric opportunistic network enables users toupdate their current interests which all come from119882

lowast

119906

Subscriberrsquos interest advertisement message is composedof two parts control information 119862119868119860 of the message andidentity 119868119863119860 of 119860 expressed as 119877119860 = [119862119868119860 119868119863119860] Withoutconsidering security of the network 119862119868119860 is a sub set of 119882lowast

119860

119868119863119860 is identity of subscriber 119860Publisherrsquos publishedmessage is composed of three parts

control information payload and access policy which couldbe represented as 119875119862 = [119862119868119862 119875119862 119860119875119862] 119862119868119862 representspublisher-defined keywords which can be used as an indexof the payload 119875119862 119860119875119862 is access policy of 119875119862 which supportsAND OR and THRESHOLD of interests In this paper werefer to the definition of access policy from [19] directly

An intermediate nodersquos 119896th record in forwarding tableis composed of two parts routing information and set ofidentities of subscribers who are interested in the routinginformation We express it like 119865119879[119896] = [119877119868119896 119878119868119863119896] 119877119868119896 isthe routing information and 119878119868119863119896 is the set of identities ofsubscribers who are interested in the routing informationWhat is more every intermediate node will maintain amessage list 119871119894119904119905119861 = 1198751198621198611 1198751198621198612 119875119862119861119871119861 containingthe messages to be forwarded with the size of 119871119861

32 Threat Model In this paper we focus on two kindsof threats one is user privacy leakage through index-ing information embedded in interest advertisements andpublished contents and the other is information stealing

from published contents The threat model is illustrated inFigure 3

The first kind of threats aims at acquiring and recordingthe trends of usersrsquo interests and published contents which areconsidered as privacy The executors could be an adversaryor a malicious authenticated user Here we suppose that it isextremely hard to pass the authentication for an adversarythus neither impersonation nor forgery is possible As formortype the main attacking measure is eavesdropping and bruteforce attack Adversary whose computation capability ispowerful would sniff all the packets in its communicationrange and try to reveal the privacy As the latter executorshave normal computation power and act just like the normalusers by advertising forwarding and publishing What ismore they would advertise or publish some specific topicsto confuse and pry into privacy

The second kind of threats could also be performed by theafoementioned two kinds of executors An adversary wouldkeep attacking with brute force and malicious users wouldadvertise interests as many as possible on purpose and try tofind some clues of personal information

33 Design Goals There are two goals we would like toachieve in our research

(i) We intend to design a privacy preserving forward-ing decision scheme which on one hand enablessubscribers to publish encrypted fuzzy interests onthe other hand enables intermediate nodes to for-wardmessages according to encrypted fuzzy interestsThe scheme can assure usersrsquo full privacy in thecircumstance of opportunistic network and enhanceanonymity through fuzzy interests

(ii) We want to embed the concept of attribute-basedidentity into opportunistic network to adapt to thefeature of no explicit destinations And we intendto design a confidentiality preserving scheme with afine-grained access control strategy on shared datain which publishers make and attach an expressiveaccess control strategy to the messages they are aboutto sendOnly subscribers whose attribute-based iden-tities satisfy the access control strategy are legalized todecrypt the ciphertext

4 Proposed Scheme

In this chapter we will firstly introduce the security pre-liminaries needed in the demonstration of our scheme inSection 41 Then our PEFKS- and CP-ABE-based distributedsecurity scheme will be described in Sections 42 and 43

41 Preliminaries

(1) PEKS will be used in in forwarding decision schemeto protect privacy It consists of three preliminariesPEKS Trapdoor and Test


Destinations

RI[1]RI[2]RI[3]middot middot middot middot middot middot

middot middot middot


SID[1]SID[2]SID[3]

Forwarder

Forwarder

Forwarder

Opportunisticrouting

PCPC

RA

Subscriber

Publisher

Routinginformation

119860 119861119899

1198621198611

Figure 2 Opportunistic network application scenario model

Normal user

Malicious user

Adversary

One connected area

Server andsniffer

Figure 3 Threat model of the working people application scenario

(i) PEKS it inputs public key of some node 119860 anda keyword 119908 outputs a searchable encryptedkeyword11990810158401199081015840 cannot be obtained only with119908

1199081015840= 119875119864119870119878 (119860pub 119908) (1)

(ii) Trapdoor it inputs private key of some node 119860and a keyword119908 and outputs the trapdoor119879119863119908

of 119908 119879119863119908 is private because computation of itneeds private key

119879119863119908 = 119879119903119886119901119889119900119900119903 (119860priv 119908) (2)

(iii) Test it inputs a searchable encrypted keyword1199081015840 and a trapdoor 119863 outputs 119905119903119906119890 if and only

if 119879119863 is the trapdoor of 119908 otherwise outputs119891119886119897119904119890

119865119897119886119892 = 119879119890119904119905 (1199081015840 119879119863) (3)

(2) CP-ABE will be used in the confidentiality preserv-ing scheme to realize a fine-grained access controlstrategy It consists of four preliminaries CPA SetupCPA Encrypt CPA KeyGen and CPA Decrypt

(i) CPA Setup setup ofCP ABE needs a third partyauthority Firstly let 1198661 be a bilinear group ofprime order 119901 and let 119892 be a generator of1198661 Secondly choose two random components120572 120573 isin 119885119901 and then publish the public key andmaster key

119862119875119860pub

= 1198661 119892 ℎ = 119892120573 119891 = 119892

1120573 119890(119892 119892)

120572

119862119875119860master = 120573 119892120572

(4)

(ii) CPA Encrypt sender makes the access policy119879119872 for the message about to be sent encryptsplain text119872 and gets cipher text 119862119879

119862119879 = 119862119875119860 119864119899119888119903119910119901119905 (119862119875119860pub119872 119879119872) (5)


(iii) CPA KeyGen the receiver submits its attributesset 119878 to authority and authority uses 119862119875119860masterand 119878 to compute the private key 119862119875119860priv119878

119862119875119860priv119878

= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119878) (6)

(iv) CPA Decrypt in the end receiver uses119862119875119860priv119878to decrypt 119862119879 if 119878 satisfies 119879119872 receiver will get119872119872 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119878 119879119872) (7)

42 PEFKS-Based Privacy Preserving Forwarding Scheme

(1) Initialization The initialization is completed by thetrusted third party 119879119879119875 It possesses a public key 119879119879119875puband a private key 119879119879119875priv It should be noticed that 119879119879119875 isnot always on-line in lifetime of opportunistic network infact it only works when a new user registers to participateAs for PEFKS 119879119879119875 will distribute its 119879119879119875pub to every userregistering When a subscriber 119860 119894 submits its candidateinterests set119882lowast

119860119894to 119879119879119875 119879119879119875 constructs a fuzzy set for every

word in 119882lowast

119860119894using dictionary-based fuzzy set construction

[13]

1198651198630

119908119889= 1199081015840 119890119889 (119908

1015840 119908) le 119889 119908

1015840isin 1198630

for each 119908 in 119882lowast

119860119894

(8)

Then trusted third party (TTP) constructs trapdoor setsfor all fuzzy sets using private key of TTP and returns themto 119860 119894

119879119860119894 119908 = 119879119863 = 119879119903119886119901119889119900119900119903 (119879119879119875priv 1199081015840)

for each 1199081015840 in 119865

1198630

119908119889

(9)

After the registration 119879119879119875 can be off-line for some timeThere may be a doubt why 119879119879119875 cannot always be on-lineto process the subscriberrsquos changing interests The reason issimple in opportunistic network stable connections cannotbe guaranteed nor a centric security service

(2) Construction of Forwarding Tables If one subscriber 119860 119894wants to broadcast its interest advertisement it chooses thenecessary trapdoor sets from all candidate ones obtainedwhen registering then uses the trapdoor sets as new 119862119868119860119894 and broadcasts new 119877119860 119894 to all intermediate nodes it meetsAfter intermediate node 119861119896 receives 119877119860 119894 it will create a newrecord in its forwarding table composed of two parts the firstpart is 119862119868119860119894 of 119877119860 119894 and the second is the identity of 119860 119894 Theprocess is described in Figure 4

When intermediate119861meets119863 it firstly does the lookup of119865119879119861 and delivers messages in 119871119894119904119905119861Then it fetches all recordsfrom its 119865119879119861 adds self-identity to the second part of everyforwarding table record and exchanges it with119863

(3) Secure Lookup of Forwarding Tables When publisher119862119895 has new payload 119875119862119895 to publish it chooses key-words that can index the payload to form a set 119882119862119895 =

Foreach 119891119905 in 119865119879119861If (119863 isin 119891119905 sdot 119878119868119863) == 119905119903119906119890)

Foreach 119901119888 in 119871119894119904119905119861119904119894119898119894119897119886119903119894119905119910 = 119865119906119911119911119910119879119864119878119879 (119891119905 sdot 119877119868 119901119888 sdot 119862119868)If (119904119894119898119897119886119903119894119905119910 ge 119879119867) TH threshold to deliver

deliver 119901119888 sdot 119875 to 119863break

EndEnd

EndEnd

Algorithm 1 SecureLookup (119865119879119861 119863)

Define Counter = 0Foreach 119905119889 in 119878

119879119863

Foreach 1199081015840 in 1198781199081015840

If (119879119890119904119905 (1199081015840 119905119889) == 119905119903119906119890) Counter ++

EndEnd

EndReturn Counter

Algorithm 2 119865119906119911119911119910119879119890119904119905 (119878119879119863 1198781199081015840 )

119908119862119895 1 119908119862119895 2 119908119862119895 119872119862119895 and then encrypts them based on

119875119864119870119878 to get a set of searchable encrypted keywords whichwill be used as new 119862119868119862119895

119875119864119870119878119862119895 = 1199081015840= 119875119864119870119878 (119879119879119875pub 119908) for each 119908 in 119882119862119895

(10)

With 119862119868119862119895 the encrypted payload 119864(119875119862119895) and the accesspolicy 119879119875119862119895 together 119862119895 forms a new 119875119862119895 and broadcasts it toevery intermediate node it meets Details about 119864(119875119862119895) and119879119875119862119895

will be discussed in the following section The process isdescribed in Figure 5

When intermediate node 119861 meets some other one D itwould execute SecureLookup algorithm and decide whetherto forward some messages to it

In SecureLookup algorithm the subfunction FuzzyTestfunction is used to calculate the similarity between 119878119879119863 and1198781199081015840 (see Algorithms 1 and 2) Here 119878119879119863 means the controlinformation from a record of forwarding table and 1198781199081015840

means the control information of a published content Alarger returned value means a higher similarity If the resultof FuzzyTest is higher than threshold the payload will bedelivered to D

43 CP-ABE-Based Confidentiality Preserving Scheme

(1) Initialization 119879119879119875 is responsible for initialization of CP-ABE including the creation of public key 119862119875119860pub and themaster key 119862119875119860master Having finished the key generation


119879119879119875 will broadcast 119862119875119860pub to every user intending toparticipate in the system The registration stage also involvesauthentication which is beyond the scope of this paper Afterthe registration a subscriber 119860 119894 submits its attributes set 119884119860119894to the trusted third party which is responsible for calculatingthe corresponding private key 119862119875119860priv119884119860119894

and returning itto 119860 119894 After the registration 119879119879119875 could be away from theconnected areas of the system

119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)

(2) Encryption of Published ContentWhen a publisher119862119895 hasnew contents to publish he firstly creates an access policyin which designated subscribersrsquo attribute requirements aredescribed and then he would encrypt the content with119862119875119860pub to get cipher text 119864(119875119862119895)

119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)

(3) Decryption of PublishedContentThe encrypted publishedcontent message is then forwarded according to some kindof content-based routing scheme which of course could beour proposed PEFKS-based interest-centric routing schemeWhen a subscriber who is interested in the content receivesthe message it tries to decrypt If and only if the subscriberrsquospersonal attribute set satisfies the access policy the decryp-tion succeeds and he gets the plaintext

119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)

The subscheme mentioned previously is illustrated inFigure 6

5 Evaluation and Analysis

In this chapter we will evaluate and analyze the security andthe performance of our schemes

51 Security First is the security requirement of privacy Inour scheme usersrsquo full privacy is well preserved by PEFKS

PEFKS is reliable in terms of cryptography concernsowing to deriving from 119875119864119870119878 In [9] Boneh proved thatPEKS is able to resist chosen keyword attack in randomoraclemodel [21] in the assumption that bilinear Diffie-Hellmanproblem is difficult In other words having no trapdoors ofkeywords obtaining the plain text of keyword is impossibleIn our PEFKS utilizing the creation process of trapdoorsrelies on private key of TTP which indicates that only TTP isallowed to calculate and distribute the trapdoors To supportsearch on encrypted fuzzy keywords a fuzzy set related toevery submitted keyword is created firstly For every singleword in a fuzzy set the analysis is the same as in the case ofPEKS [9]

Some people might have doubts about the possibility ofbrute force attack performed by adversary who has almost

Alice

Bob

TTP

119882lowastAlice

While registeringWhile TTP offline

Choose 119879Alice 119908

RAAlice = [119879Alice 119908 Alice] for each 119908 in119882Alice

119879Alice 119908 for each 119908 in119882lowastAlice

Figure 4 Setup of one record in forwarding table


Bob

TTPTTPpub

Cathy

PCCathy = [PEKSCathy 119864(119875Cathy ) 119879119875Cathy ]

Figure 5 Create and publish new content

unlimited calculation power and storage spaceThe adversarywould try generating as many encrypted keywords as pos-sible using the public key In our proposed solution fuzzyinterests add a second layer of anonymity for users by blurringusersrsquo real interests The reason is that only one keyword ina fuzzy set could reveal real interests of some users Even ifan adversary consumes huge time and space to achieve theindexes of published contents what he actually gets is only aset of fuzzy words which makes it very hard to acknowledgeuserrsquos true privacy Such a trick corresponds to k-anonymityprotection model introduced in [22]

As for threats caused by malicious users who are alreadyauthenticated by TTP they also could not work out in ourproposed scheme The most dangerous security pitfall is


119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE

Create CPApub and CPAmaster

CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]

Encrypt and get 119864(119875119862119895 ) send to 119861119896

Define access control tree 119879119875119862119895 for 119875119862119895

119884119860119909 do not satisfy 119879119875119862119895 decrypt failure and get nothing

119884119860119894 satisfy 119879119875119862119895 decrypt success and get 119875119862119895

Figure 6 CP-ABE-based confidentiality protecting scheme

6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)

0 10 20 30 40 50 60 70 80 90Number of policy leaves

Enc timeDec time

(b)

Figure 7 CP-ABE encryption and decryption time cost (a) the 119909-axis corresponds to the complexity of the access policy (b) the 119909-axiscorresponds to the complexity of access control strategy tree

when malicious users act as intermediate nodes which isprevented completely in our scheme On one hand creationand exchange of forwarding tables involve no cryptographicoperations on encrypted keywords which keeps valuableinformation safe On the other hand lookup of forwardingtables and decisions of forwarding is based on FuzzyTest inwhich the similarity is calculated using a trapdoor set and

a searchable encrypted keyword set as inputs In all theseprocesses neither plaintext of interests nor relation betweenan interest keyword and a user is leaked Thus full privacypresented by Shikfa et al [1] is achieved

Second is the confidentiality requirement In looselytrusted environment of opportunistic network the mainchallenge for confidentiality is collusion attack which is also


Table 1 Comparison of security features

Security feature Nguyen et al[4]

Symington et al[5]

Shikfa et al 2009[6]


Proposedscheme

End-to-end payload encryption Yes Yes Yes Yes YesResilience to dictionary attack No Yes Yes Yes YesUserrsquos full privacy No No Yes Yes YesDecryption based on contentcontext No No No Yes YesSecure partial match in forwarding No No No Yes YesSecure fuzzy keyword index No No No No YesSecure multiple keyword index No No No No YesSecure access control strategy for message No No No No Yes

Table 2 File size before and after encryption of CP-ABE

Publishedcontent ID

File size (KB)Before encryption After encryption Added size

1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2

the core challenge ofABE InCP-ABEKeyGen uses two layersof random masking to create private keys Private key forevery user is related to the second layer of random maskingthus even if two or more subscribers conclude sharing theirsubmitted attributes and related private keys the collusionattack will not take effect The detailed demonstration isillustrated in [16 19]

Comparison of security features between our proposedscheme and other aforementioned schemes in context ofcontent-based opportunistic network is shown in Table 1It could be seen that the proposed scheme achieves mostsecurity features of them

52 Performance The performance of PEFKS mainly relieson the size of the trapdoor set from a forwarding table recordand the size of the searchable keyword set from a publishedcontent Dictionary-based filter strategy used here coulddecrease the size of a fuzzy set dramatically thus speeding upthe calculation of FuzzyTest algorithm

To evaluate the performance of CP-ABE we conductedseveral experiments on a virtual machine equipped withCore 2 Duo based on jPBC library [23] which is a javaversion PBC library [24] We measured the time required forencryption and decryption under various scenarios Besideswe measured the cipher text size overhead incurred by ourscheme to see if an acceptable cost exists in storage

FromFigure 7 we can see that the encryption and decryp-tion time of CP-ABE has a significant linear correlation withthe size of published content and the complexity of accesspolicy Considering the file size even for a file of 120Mbytesit costs less than 6 seconds Considering the complexity ofaccess policy encryption and decryption time for an accesscontrol strategy tree with 80 leaves is still no more than 6seconds In an age that mobile devices strong in computingpower and storage are widespread such a time cost isacceptable What is more in the application environmentof opportunistic network publishers or subscribers are notworried to encrypt or decrypt which will leave enough timefor security operations

From Table 2 we can see that no matter what sizethe original published content is the cipher text is always2 Kbytes larger meaning CP-ABE costs almost no storageredundancy in practice

6 Conclusion

In this paper we introduced the concept of interest-centricand attribute-based identities into opportunistic networkWefocused on the security issues of user privacy and end-to-endconfidentiality in a specific distributed application scenario ofwireless opportunistic network in which people work in nearareas and share information without revealing their identity

Finally we proposed our PEFKS- and CP-ABE-baseddistributed security scheme which consists of two subschemes The first is a PEFKS-based privacy preservingforwarding decision scheme which assures usersrsquo full privacyand enhances anonymity through fuzzy interests As faras we know we are the first to employ fuzzy techniquein opportunistic network and to allow partial match onencrypted fuzzy control information The second is a CP-ABE-based confidentiality protecting scheme in which pub-lishers make and attach an expressive access control strategyto the messages they are about to send and then subscriberswhose attribute-based identities satisfy the access controlstrategy are legalized to decrypt cipher-text finally achievingconfidentiality with a fine-grained access control strategy onshared data Both schemes rely on an offline TTP which isneeded only when opportunistic network user registers

We evaluated our scheme from aspects of security andperformance which leads to the conclusion that our scheme


suits the features of opportunistic network very well becauseof not only the relatively low cost in computation and storagebut also its satisfaction with necessitous need for fine-grainedaccess control

Acknowledgments

This paper is supported in part by Important NationalScience amp Technology Specific Projects under Grantnos (2010ZX03006-002 2010ZX03006-007) NationalBasic Research Program of China (973 Program) (no2011CB302803) and National Natural Science Foundationof China (NSFC) under Grant no (61173132 61003307) Theauthors alone are responsible for the content of the paper

References

[1] A Shikfa M Onen and R Molva ldquoPrivacy and confidentialityin context-based and epidemic forwardingrdquoComputer Commu-nications vol 33 no 13 pp 1493ndash1504 2010

[2] P Hui A Chaintreau R Gass J Scott J Crowcroft and CDiot ldquoPocket switched networking challenges feasibility andimplementation issuesrdquo Lecture Notes in Computer Science vol3854 pp 1ndash12 2006

[3] L Lilien Z Kamal V Bhuse and A Gupta ldquoOpportunisticnetworks the concept and research challenges in privacy andsecurityrdquo in Proceedings of the NSF International Workshop onResearch Challenges in Security and Privacy for Mobile andWireless Networks 2006

[4] H A Nguyen S Giordano and A Puiatti ldquoProbabilisticrouting protocol for intermittently connected mobile ad hocnetworklowast (PROPICMAN)rdquo in Proceedings of the IEEE Interna-tional Symposium on a World of Wireless Mobile and Multime-dia Networks (WOWMOM rsquo07) pp 1ndash6 Espoo Finland June2007

[5] S Symington S Farrell H Weiss and P Lovel Bundle SecurityProtocol Specification Draft-Irtf-Dtnrg-Bundle-Security-19 2011

[6] A Shikfa M Onen and R Molva ldquoPrivacy in content-basedopportunistic networksrdquo in Proceedings of the InternationalConference on Advanced Information Networking and Applica-tions Workshops (WAINA rsquo09) pp 832ndash837 Bradford UK May2009

[7] N Li and S K Das ldquoA trust-based framework for dataforwarding in opportunistic networksrdquo Ad Hoc Networks 2011

[8] M Shin C Cornelius D Peebles A Kapadia D Kotz and NTriandopoulos ldquoAnonySense a system for anonymous oppor-tunistic sensingrdquo Pervasive and Mobile Computing vol 7 no 1pp 16ndash30 2011

[9] D Boneh G D Crescenzo R Ostrovsky and G PersianoldquoPublic key encryption with keyword searchrdquo Lecture Notes inComputer Science vol 3027 pp 506ndash522 2004

[10] S Ji G Li C Li and J Feng ldquoEfficient interactive fuzzy keywordsearchrdquo in Proceedings of the 18th International Conference onWorld Wide Web Madrid Spain 2009

[11] J Li Q Wang C Wang N Cao K Ren and W Lou ldquoFuzzykeyword search over encrypted data in cloud computingrdquo inProceedings of the IEEE (INFOCOM rsquo10) pp 1ndash5 San DiegoCalif USA March 2010

[12] E S Ristad and P N yianilos ldquoLearning string-edit distancerdquoIEEE Transactions on Pattern Analysis andMachine Intelligencevol 20 no 5 pp 522ndash532 1998

[13] L Chang Z Liehuang L Longyijia and T Yuran ldquoFuzzykeyword search on encrypted cloud storage data with smallindexrdquo in Proceedings of the IEEE International Conference onCloud Computing and Intelligence Systems (CCIS rsquo11) pp 269ndash273 2011

[14] A Shamir ldquoIdentity-based cryptosystems and signatureschemesrdquo in Advances in Cryptology G Blakley and D ChaumEds vol 196 pp 47ndash53 Springer Berlin Germany 1985

[15] D Boneh and M Franklin ldquoIdentity-based encryption fromthe weil pairingrdquo in Proceedings of the Advances in Cryptology(CRYPTOrsquo01) J Kilian Ed vol 2139 pp 213ndash229 SpringerBerlin Germany 2001

[16] A Sahai and B Waters ldquoFuzzy identity-based encryptionrdquo inProceedings of the 24th Annual International Conference on theTheory and Applications of Cryptographic Techniques Advancesin Cryptology (EUROCRYPT rsquo05) pp 457ndash473 May 2005

[17] J S Su D Cao X F Wang Y P Sun and Q L Hu ldquoAttribute-based encryption schemesrdquo Journal of Software vol 22 pp1299ndash1315 2011

[18] V Goyal O Pandey A Sahai and B Waters ldquoAttribute-basedencryption for fine-grained access control of encrypted datardquoin Proceedings of the 13th ACM Conference on Computer andCommunications Security (CCS rsquo06) pp 89ndash98 Alexandria VAUSA November 2006

[19] J Bethencourt A Sahai and B Waters ldquoCiphertext-policyattribute-based encryptionrdquo in Proceedings of the S and P IEEESymposium on Security and Privacy (SP rsquo07) pp 321ndash334Berkeley Calif USA May 2007

[20] A ShikfaMOnen andRMolva ldquoPrivacy-preserving content-based publishsubscribe networksrdquo Emerging Challenges forSecurity Privacy and Trust vol 297 pp 270ndash282 2009

[21] X Jia B Li and Y Liu ldquoRandom oracle modelrdquo Journal ofSoftware vol 23 pp 140ndash151 2012

[22] L Sweeney ldquok-anonymity a model for protecting privacyrdquoInternational Journal of Uncertainty Fuzziness and Knowlege-Based Systems vol 10 no 5 pp 557ndash570 2002

[23] jPBC ldquoJava Pairing Based Cryptographyrdquo httpgasdiaunisaitprojectsjpbc

[24] PBC ldquoParing Based Cryptographyrdquo httpcryptostanfordedupbc

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



subscribers and intermediate nodes to know their interestsThe situation is almost the same as publishers they do notwant other publishers intermediate nodes or subscribersthat are not designated to obtain the interest orientationsof their published contents However in precedent researchabout interest-centric network forwarding relies on explicitqueries or indexes which leads to possible threat of privacyleakage due to matching between message indexes and usersrsquoidentities

Second is end-to-end confidentiality which is consideredas a fundamental security requirement Publishers not onlywant to impose a ban on the access to the plaintext payloadof their published contents but also want to attach a preciseaccess control strategy to their every message so that onlythe designated subscribers who have certain credentials orattributes can access the payload For example when toplayer of some IT company wants to publish a product faultsurvey they may make such an access control structure asshown in Figure 1 whichmeans only the departmentmanagerof Technology Department or Quality Control Departmentstaff with management level over 5 or a consultant calledCharlie Eppes could access the survey However the reasonsof no stable end-to-end connection and group target of amessage not only make traditional end-to-end encryptionunsuitable but also increase the difficulty of fine-grainedaccess control on shared data

In this paper we propose a PEFKS- and CP-ABE-baseddistributed security scheme in interest-centric opportunisticnetwork

The main contributions of this paper are as follows

(i) We design a PEFKS-based privacy protecting for-warding decision scheme which on one hand enablessubscribers to publish encrypted fuzzy interests andon the other hand enables intermediate nodes toforwardmessages according to encrypted fuzzy inter-ests The scheme ensures usersrsquo full privacy in thecircumstance of opportunistic network and enhancesanonymity through fuzzy interests To the best of ourknowledge we are the first to enable partial match onfuzzy interests in opportunistic network

(ii) We embed the concept of attribute-based identityinto opportunistic network to adapt to the feature ofno explicit destinations Then we design a CP-ABE-based confidentiality protecting scheme in whichpublishers make and attach an expressive access con-trol strategy to the messages they are about to sendSubscribers whose attribute-based identities satisfythe access control strategy are legalized to decryptthe ciphertext finally achieving confidentiality witha fine-grained access control strategy on shared data

(iii) We implement and analyze the security and perfor-mance of the schemes and verify the feasibility of oursecurity schemes

2 Related WorkRelated research work is still scarce because security incontent-based opportunistic network is a quickly emerging

problem and most of the security schemes existing inInternet wireless sensor networks (WSNs) mobile ad hocnetworks (DTN or MANET) are not suitable

As far as we are concerned Lilien et al [3] were thefirst to consider security in opportunistic network Theyproposed several challenges in privacy and confidentiality ofopportunistic network in particular the requirement for end-to-end confidentiality but they did not propose any possiblesecurity solutionWhat ismore they did not analyze the issueof context privacy or content privacy

Nguyen et al proposed a probabilistic routing protocolfor ICMAN (intermittently connected mobile ad hoc net-work) in [4] which indicates the very first idea to protectprivacy and confidentiality In their protocol if senders wantto send messages to receivers it hashes all the values ofmessage head Before intermediate node does the partialmatch it first calculates its attributes using the same hashfunctions Only hash function is used hereby to achieve arelatively computational efficiency but it is obviously proneto dictionary attack As for confidentiality they used theinformation (evidencevalues) that the sender knows aboutthe destination node as keys so only the destination nodecan decrypt the cipher messages to get the plain messagesin a community scenario In this scheme the confidentialityis based on assumption that all in-community memberscan be trusted which obviously cannot be guaranteed inopportunistic network

In the neighboring area of DTN a bundle securityprotocol (BSP) [5] was defined to enhance the security ofcommunications in DTN In BSP a confidentiality block isincluded to enable the encryption of the entire payload at thesource and the decryption at the final destination based onthe identifier of the destination It does not enable encryptionbased on the interests of destinations or partial matches thatcan be used to make interest-centric forwarding decisionsThose features are thus not enough to satisfy the interest-centric scenario

Shikfa et al proposed a scheme for content-based andcontext-based opportunistic network in [1 6] In content-based scenario they defined a three-level privacy model andtwo security primitives ldquosecure look-uprdquo and ldquosetup of for-warding tablesrdquo and proposed a distributed security schemebased on multiple layer commutative encryption (MLCE)in which r-hop neighbor nodes share keys to encrypt anddecrypt messages There are two disadvantages one is thatonly single-word keyword is supported it is not flexible andthe other is that the number of shared keys will explode whentopology changes frequently In context-based scenario theyreplaced identities of classic identity-based encryption (IBE)with attributes contained in context to assure end-to-endconfidentiality Also they used improved public encryptionwith keyword search (PEKS) to make forwarding decisionsto protect usersrsquo privacy Their scheme is flexible enough tomeet the privacy requirements of context-based forwardingBut it only supports strictly limited attributes arrange rulessuch as ⟨[Mail] [Workplace] [Status]⟩ which is not suitablefor content-based forwarding In addition the sender cannotapply a fine-grained access control strategy to shared data


Department manager



And

Or

Or












3 Problem Statement




lowast

119906which would


lowast

119906


119860











4 Proposed Scheme


41 Preliminaries



Destinations




SID[1]SID[2]SID[3]

Forwarder

Forwarder

Forwarder


PCPC

RA

Subscriber

Publisher

Routinginformation

119860 119861119899

1198621198611


Normal user

Malicious user

Adversary

One connected area

Server andsniffer



1199081015840= 119875119864119870119878 (119860pub 119908) (1)



119879119863119908 = 119879119903119886119901119889119900119900119903 (119860priv 119908) (2)



119865119897119886119892 = 119879119890119904119905 (1199081015840 119879119863) (3)



119862119875119860pub

= 1198661 119892 ℎ = 119892120573 119891 = 119892

1120573 119890(119892 119892)

120572

119862119875119860master = 120573 119892120572

(4)


119862119879 = 119862119875119860 119864119899119888119903119910119901119905 (119862119875119860pub119872 119879119872) (5)



119862119875119860priv119878

= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119878) (6)







[13]

1198651198630

119908119889= 1199081015840 119890119889 (119908

1015840 119908) le 119889 119908

1015840isin 1198630


119860119894

(8)


119879119860119894 119908 = 119879119863 = 119879119903119886119901119889119900119900119903 (119879119879119875priv 1199081015840)

for each 1199081015840 in 119865

1198630

119908119889

(9)








EndEnd

EndEnd



119879119863

Foreach 1199081015840 in 1198781199081015840

If (119879119890119904119905 (1199081015840 119905119889) == 119905119903119906119890) Counter ++

EndEnd

EndReturn Counter

Algorithm 2 119865119906119911119911119910119879119890119904119905 (119878119879119863 1198781199081015840 )



119875119864119870119878119862119895 = 1199081015840= 119875119864119870119878 (119879119879119875pub 119908) for each 119908 in 119882119862119895

(10)











119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)


119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)


119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)







Alice

Bob

TTP

119882lowastAlice







Bob

TTPTTPpub

Cathy






119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Department manager



And

Or

Or












3 Problem Statement




lowast

119906which would


lowast

119906


119860











4 Proposed Scheme


41 Preliminaries



Destinations




SID[1]SID[2]SID[3]

Forwarder

Forwarder

Forwarder


PCPC

RA

Subscriber

Publisher

Routinginformation

119860 119861119899

1198621198611


Normal user

Malicious user

Adversary

One connected area

Server andsniffer



1199081015840= 119875119864119870119878 (119860pub 119908) (1)



119879119863119908 = 119879119903119886119901119889119900119900119903 (119860priv 119908) (2)



119865119897119886119892 = 119879119890119904119905 (1199081015840 119879119863) (3)



119862119875119860pub

= 1198661 119892 ℎ = 119892120573 119891 = 119892

1120573 119890(119892 119892)

120572

119862119875119860master = 120573 119892120572

(4)


119862119879 = 119862119875119860 119864119899119888119903119910119901119905 (119862119875119860pub119872 119879119872) (5)



119862119875119860priv119878

= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119878) (6)







[13]

1198651198630

119908119889= 1199081015840 119890119889 (119908

1015840 119908) le 119889 119908

1015840isin 1198630


119860119894

(8)


119879119860119894 119908 = 119879119863 = 119879119903119886119901119889119900119900119903 (119879119879119875priv 1199081015840)

for each 1199081015840 in 119865

1198630

119908119889

(9)








EndEnd

EndEnd



119879119863

Foreach 1199081015840 in 1198781199081015840

If (119879119890119904119905 (1199081015840 119905119889) == 119905119903119906119890) Counter ++

EndEnd

EndReturn Counter

Algorithm 2 119865119906119911119911119910119879119890119904119905 (119878119879119863 1198781199081015840 )



119875119864119870119878119862119895 = 1199081015840= 119875119864119870119878 (119879119879119875pub 119908) for each 119908 in 119882119862119895

(10)











119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)


119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)


119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)







Alice

Bob

TTP

119882lowastAlice







Bob

TTPTTPpub

Cathy






119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










3 Problem Statement




lowast

119906which would


lowast

119906


119860











4 Proposed Scheme


41 Preliminaries



Destinations




SID[1]SID[2]SID[3]

Forwarder

Forwarder

Forwarder


PCPC

RA

Subscriber

Publisher

Routinginformation

119860 119861119899

1198621198611


Normal user

Malicious user

Adversary

One connected area

Server andsniffer



1199081015840= 119875119864119870119878 (119860pub 119908) (1)



119879119863119908 = 119879119903119886119901119889119900119900119903 (119860priv 119908) (2)



119865119897119886119892 = 119879119890119904119905 (1199081015840 119879119863) (3)



119862119875119860pub

= 1198661 119892 ℎ = 119892120573 119891 = 119892

1120573 119890(119892 119892)

120572

119862119875119860master = 120573 119892120572

(4)


119862119879 = 119862119875119860 119864119899119888119903119910119901119905 (119862119875119860pub119872 119879119872) (5)



119862119875119860priv119878

= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119878) (6)







[13]

1198651198630

119908119889= 1199081015840 119890119889 (119908

1015840 119908) le 119889 119908

1015840isin 1198630


119860119894

(8)


119879119860119894 119908 = 119879119863 = 119879119903119886119901119889119900119900119903 (119879119879119875priv 1199081015840)

for each 1199081015840 in 119865

1198630

119908119889

(9)








EndEnd

EndEnd



119879119863

Foreach 1199081015840 in 1198781199081015840

If (119879119890119904119905 (1199081015840 119905119889) == 119905119903119906119890) Counter ++

EndEnd

EndReturn Counter

Algorithm 2 119865119906119911119911119910119879119890119904119905 (119878119879119863 1198781199081015840 )



119875119864119870119878119862119895 = 1199081015840= 119875119864119870119878 (119879119879119875pub 119908) for each 119908 in 119882119862119895

(10)











119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)


119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)


119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)







Alice

Bob

TTP

119882lowastAlice







Bob

TTPTTPpub

Cathy






119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Destinations




SID[1]SID[2]SID[3]

Forwarder

Forwarder

Forwarder


PCPC

RA

Subscriber

Publisher

Routinginformation

119860 119861119899

1198621198611


Normal user

Malicious user

Adversary

One connected area

Server andsniffer



1199081015840= 119875119864119870119878 (119860pub 119908) (1)



119879119863119908 = 119879119903119886119901119889119900119900119903 (119860priv 119908) (2)



119865119897119886119892 = 119879119890119904119905 (1199081015840 119879119863) (3)



119862119875119860pub

= 1198661 119892 ℎ = 119892120573 119891 = 119892

1120573 119890(119892 119892)

120572

119862119875119860master = 120573 119892120572

(4)


119862119879 = 119862119875119860 119864119899119888119903119910119901119905 (119862119875119860pub119872 119879119872) (5)



119862119875119860priv119878

= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119878) (6)







[13]

1198651198630

119908119889= 1199081015840 119890119889 (119908

1015840 119908) le 119889 119908

1015840isin 1198630


119860119894

(8)


119879119860119894 119908 = 119879119863 = 119879119903119886119901119889119900119900119903 (119879119879119875priv 1199081015840)

for each 1199081015840 in 119865

1198630

119908119889

(9)








EndEnd

EndEnd



119879119863

Foreach 1199081015840 in 1198781199081015840

If (119879119890119904119905 (1199081015840 119905119889) == 119905119903119906119890) Counter ++

EndEnd

EndReturn Counter

Algorithm 2 119865119906119911119911119910119879119890119904119905 (119878119879119863 1198781199081015840 )



119875119864119870119878119862119895 = 1199081015840= 119875119864119870119878 (119879119879119875pub 119908) for each 119908 in 119882119862119895

(10)











119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)


119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)


119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)







Alice

Bob

TTP

119882lowastAlice







Bob

TTPTTPpub

Cathy






119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











119862119875119860priv119878

= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119878) (6)







[13]

1198651198630

119908119889= 1199081015840 119890119889 (119908

1015840 119908) le 119889 119908

1015840isin 1198630


119860119894

(8)


119879119860119894 119908 = 119879119863 = 119879119903119886119901119889119900119900119903 (119879119879119875priv 1199081015840)

for each 1199081015840 in 119865

1198630

119908119889

(9)








EndEnd

EndEnd



119879119863

Foreach 1199081015840 in 1198781199081015840

If (119879119890119904119905 (1199081015840 119905119889) == 119905119903119906119890) Counter ++

EndEnd

EndReturn Counter

Algorithm 2 119865119906119911119911119910119879119890119904119905 (119878119879119863 1198781199081015840 )



119875119864119870119878119862119895 = 1199081015840= 119875119864119870119878 (119879119879119875pub 119908) for each 119908 in 119882119862119895

(10)











119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)


119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)


119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)







Alice

Bob

TTP

119882lowastAlice







Bob

TTPTTPpub

Cathy






119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(11)


119862119875119860priv119884119860119894= 119862119875119860 119870119890119910119866119890119899 (119862119875119860master 119862119875119860pub 119884119860119894)

(12)


119875119862119895 = 119862119875119860 119863119890119888119903119910119901119905 (119862119879 119862119875119860priv119884119860119894 119864 (119875119862119895)) (13)







Alice

Bob

TTP

119882lowastAlice







Bob

TTPTTPpub

Cathy






119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










119860 119894

119860119909

PC119895

PC119895

CPApriv 119884119860119894

119884119860119894

119862119895

Setup for CP-ABE


CPApub

1198610

119861119896

TTP

Routing


PC119895 = [PEKS119862119895 119864(119875119862119895 ) 119879119862119895 ]






6

4

2

0

Tim

e (s)

0 20000 40000 60000 80000 100000 120000File size (KB)

Enc timeDec time

(a)

6

5

4

3

2

1

0

Tim

e (s)


Enc timeDec time

(b)








Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












Symington et al[5]



Proposedscheme



Publishedcontent ID


1 239 241 22 473 475 23 951 953 24 1843 1845 25 3711 3713 26 7365 7367 27 14844 14846 28 29511 29513 29 58678 58680 210 116632 116634 2







6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









Documents

Research Article A PEFKS- and CP-ABE-Based Distributed ...downloads.hindawi.com/journals/ijdsn/2013/469076.pdf · content-based opportunistic network is a quickly emerging problem