ABSTRACT
In distributed systems users need the ability to share sensitive content with multiple other recipients based on their ability to satisfy arbitrary policies. One such system is electricity grids where finegrained sensor data sharing holds the potential for increased reliability and efficiency. However, effective data sharing requires technical solutions that support flexible access policies, for example, sharing more data when the grid is unstable. In such systems, both the messages and policies are sensitive and, therefore, they need to kept be secret. Furthermore, to allow for such a system to be secure and usable in the presence of untrusted object stores and relays it must be resilient in the presence of active adversaries and provide efficient key management. While several of these properties have been studied in the past we address a new problem in the area of policy based encryption in that we develop a solution with all of these capabilities. We develop a Policy and Key Encapsulation Mechanism -- Data Encapsulation Mechanism (PKEM-DEM) encryption scheme that is a generic construction secure against adaptive chosen ciphertext attacks and develop a Policy Based Encryption System (PBES) using this scheme that provides these capabilities. We provide an implementation of PBES and measure its performance.
- M. Abe, R. Gennaro, and K. Kurosawa. Tag-KEM/DEM: A new framework for hybrid encryption. J. Cryptol., 21(1):97--130, 2008. Google ScholarDigital Library
- S. S. Al-Riyami, J. Malone-Lee, and N. P. Smart. Escrow-free encryption supporting cryptographic workflow. Int. J. Inf. Sec., 5(4):217--229, 2006. Google ScholarDigital Library
- Z. Anwar, R. Shankesi, and R. H. Campbell. Automatic Security Assessment of Critical Cyber-Infrastructures. In Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Springer, July 2008.Google Scholar
- R. Arends, R. Austein, M. Larson, and D. Massey. Resource Records for the DNS Security Extensions. Technical report, RFC 4034, March 2005.Google Scholar
- J. Bacon, D. M. Eyers, K. Moody, and L. I. W. Pesonen. Securing Publish/Subscribe for Multi-domain Systems. In G. Alonso, editor, Middleware, volume 3790 of Lecture Notes in Computer Science, pages 1--20. Springer, 2005. Google ScholarDigital Library
- J. Bacon, K. Moody, and W. Yao. A model of OASIS role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur., 5(4):492--540, 2002. Google ScholarDigital Library
- J. Baek and Y. Zheng. Identity-Based Threshold Decryption. Proc. of PKC, 4:262--276, 2004.Google Scholar
- W. Bagga and R. Molva. Policy-Based Cryptography and Applications. In A. S. Patrick and M. Yung, editors, Financial Cryptography, volume 3570 of Lecture Notes in Computer Science, pages 72--87. Springer, 2005. Google ScholarDigital Library
- W. Bagga and R. Molva. Collusion-Free Policy-Based Encryption. In S. K. Katsikas, J. Lopez, M. Backes, S. Gritzalis, and B. Preneel, editors, ISC, volume 4176 of Lecture Notes in Computer Science, pages 233--245. Springer, 2006. Google ScholarDigital Library
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-Policy Attribute-Based Encryption. In IEEE Symposium on Security and Privacy, 2007. Google ScholarDigital Library
- D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. Advances in Cryptology-Crypto 2001: 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19--23, 2001, Proceedings, 2001. Google ScholarDigital Library
- R. W. Bradshaw, J. E. Holt, and K. E. Seamons. Concealing complex policies with hidden credentials. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 146--157, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- J. Cai, Z. Huang, J. Hauer, and K. Martin. Current Status and Experience of WAMS Implementation in North America. Transmission and Distribution Conference and Exhibition: Asia and Pacific, 2005 IEEE/PES, pages 1--7, 2005.Google Scholar
- L. Cheung and C. Newport. Provably secure ciphertext policy ABE. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 456--465, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- R. Cramer and V. Shoup. Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack. SIAM Journal on Computing, 33(1):167--226, Feb. 2004. Google ScholarDigital Library
- J. Dagle. Postmortem analysis of power grid blackouts -- The role of measurement systems. Power and Energy Magazine, IEEE, 4(5):30--35, Sept.-Oct. 2006.Google ScholarCross Ref
- J. E. Dagle. North American SynchroPhasor Initiative. In Hawaii International Conference on System Sciences, 2008. Google ScholarDigital Library
- X. Ding and G. Tsudik. Simple Identity-Based Cryptography with Mediated RSA. Topics in Cryptology, CT-RSA 2003: The Cryptographers' Track at the Rsa Conference 2003, San Francisco, CA, USA April 13--17, 2003, Proceedings, 2003. Google ScholarDigital Library
- M. Donnelly, M. Ingram, and J. R. Carroll. Eastern Interconnection Phasor Project. In Hawaii International International Conference on Systems Science (HICSS-39 2006), January 2006. Google ScholarDigital Library
- S. Farrell and R. Housley. An Internet Attribute Certificate Profile for Authorization (RFC 3281). Internet Engineering Task Force, Network Working Group, April, 2002. Google ScholarDigital Library
- K. Fisler, S. Krishnamurthi, L. Meyerovich, and M. Tschantz. Verification and change-impact analysis of access-control policies. Proceedings of the 27th international conference on Software engineering, pages 196--205, 2005. Google ScholarDigital Library
- W. Ford and M. J. Wiener. A key distribution method for object-based protection. In CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security, pages 193--197, New York, NY, USA, 1994. ACM. Google ScholarDigital Library
- K. B. Frikken, M. J. Atallah, and J. Li. Attribute-Based Access Control with Hidden Policies and Hidden Credentials. IEEE Trans. Computers, 55(10):1259--1270, 2006. Google ScholarDigital Library
- R. Gennaro. Robust and Efficient Sharing of RSA Functions. Journal of Cryptology, 13(2):273--300, 2000.Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM conference on Computer and communications security, pages 89--98, 2006. Google ScholarDigital Library
- L. Granboulan. RSA hybrid encryption schemes. Technical report, Dec. 2001.Google Scholar
- C. H. Hauser, D. E. Bakken, I. Dionysiou, K. H. Gjermundr&phis;d, V. S. Irava, J. Helkey, and A. Bose. Security, Trust, and QoS in Next-Generation Control and Communication for Large Power Systems. International Journal of System of Critical Infrastructures, 4(1/2), 2008.Google Scholar
- A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. Proactive public key and signature systems. Proceedings of the 4th ACM conference on Computer and communications security, pages 100--110, 1997. Google ScholarDigital Library
- J. P. Jones, D. F. Berger, and C. V. Ravishankar. Layering Public Key Distribution Over Secure DNS using Authenticated Delegation. In ACSAC, pages 409--418. IEEE Computer Society, 2005. Google ScholarDigital Library
- A. Kapadia, P. P. Tsang, and S. W. Smith. Attribute-Based Publishing with Hidden Credentials and Hidden Policies. In Proceedings of The 14th Annual Network and Distributed System Security Symposium (NDSS), pages 179--192, March 2007.Google Scholar
- J. Li and N. Li. Policy-hiding access control in open environment. In PODC '05: Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing, pages 29--38, New York, NY, USA, 2005. ACM. Google ScholarDigital Library
- J. Linn and M. Branchaud. An examination of asserted PKI issues and proposed alternatives. Proceedings of the 3rd Annual PKI R & D WorkshopGaithers-burg: NIST, 2004.Google Scholar
- P. Myrda, E. Gunther, M. Gehrs, and J. Melcher. EIPP Data Management Task Team Architecture. In Hawaii International International Conference on Systems Science (HICSS-40 2007), page 118, January 2007. Google ScholarDigital Library
- T. Nishide, K. Yoneyama, and K. Ohta. Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures. In S. M. Bellovin, R. Gennaro, A. D. Keromytis, and M. Yung, editors, ACNS, volume 5037 of Lecture Notes in Computer Science, pages 111--129, June 2008. Google ScholarDigital Library
- V. Shoup. A Proposal for an ISO Standard for Public Key Encryption. Cryptology ePrint Archive, Report 2001/112, 2001. http://eprint.iacr.org/.Google Scholar
- D. K. Smetters and G. Durfee. Domain-Based Authentication of Identity-Based Cryptosystems for Secure Email and IPsec. In 12th Usenix Security Symposium, Washington, D.C., August 2003. Google ScholarDigital Library
- M. Srivatsa and L. Liu. Key Derivation Algorithms for Monotone Access Structures in Cryptographic File Systems. In European Symposium on Research in Computer Security, Hamburg, Germany, pages 347--361, September 2006. Google ScholarDigital Library
- M. Srivatsa and L. Liu. Secure Event Dissemination in Publish-Subscribe Networks. In ICDCS '07: Proceedings of the 27th International Conference on Distributed Computing Systems, page 22, Washington, DC, USA, 2007. IEEE Computer Society. Google ScholarDigital Library
- P. P. Tsang and S. W. Smith. YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems. In S. Jajodia, P. Samarati, and S. Cimato, editors, SEC, volume 278 of IFIP, pages 445--459. Springer, 2008.Google Scholar
- U.S.-Canada Power System Outage Task Force. Final Report on the August 14, 2003 Blackout in the United States and Canada: Causes and Recommendations, April 2004.Google Scholar
- P. Veríssimo, N. F. Neves, and M. Correia. The CRUTIAL reference critical information infrastructure architecture: a blueprint. International Journal of System of Systems Engineering, 1(1/2), 2008.Google ScholarCross Ref
- H. Wang, S. Jha, T. W. Reps, S. Schwoon, and S. G. Stubblebine. Reducing the Dependence of SPKI/SDSI on PKI. In European Symposium on Research in Computer Security, Hamburg, Germany, pages 156--173, September 2006. Google ScholarDigital Library
Index Terms
- PBES: a policy based encryption system with application to data sharing in the power grid
Recommendations
Secure wireless communication platform for EV-to-Grid research
IWCMC '10: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference"Vehicle to Grid" power or V2G will be a new green energy scheme that allows electricity to flow from Electric Vehicles (EVs) to power lines. The objective of this paper is to design and develop a secure wireless communication platform for V2G research, ...
Data Privacy Protection and Sharing in Smart Grid Based on Blockchain Technology
ICCSIE '23: Proceedings of the 8th International Conference on Cyber Security and Information EngineeringWith the rapid development of science and technology, the scale of power grid construction is gradually expanding, and the level of intelligence is also constantly improving, which also brings the problem of data leakage and data loss to the smart grid. ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part IDesign a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Comments