Secure Data Retrieval Based on Hybrid Encryption

SECURE DATA RETRIEVAL BASED ON HYBRID ENCRYPTION FOR DISRUPTION-TOLERANT NETWORK

Kollipara Durgesh, Dr.P. Sriramya

I. ABSTRACT

Military network is one of the most important network in any country but this network mostly suffers from intermittent network connectivity because of the hostile region and the battlefield. To solve the network problem faced by the military network we use Disruption-tolerant network (DTN) technologies which is widely becoming the successful solution. This technology allows the people to communicate with each other to access the confidential data even in the worst network by storing the data in the storage node. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Two types of encryption are used for the security. The two algorithms are Advanced Encryption Standard (AES) and Java Simplified Encryption (Jasypt). These two algorithms are combined to provide the secure data which is even more difficult to decrypt the confidential data by unauthorized people. In this paper, we propose a secure data retrieval scheme by generating a new secret key each time when the user sends a secure data to the destination, this proposed method enhances the security of the confidential data. We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant network.

Keywords: Disruption-tolerant network (DTN), Advanced Encryption Standard (AES), Java Simplified Encryption (Jasypt), secure data retrieval

II. INTRODUCTION

In most of the military network it is very difficult for the soldiers and majors to communicate with each other because of the difficult network environment and even if there is no proper to end-to-end connection between the sender and the receiver. Disruption-tolerant network (DTN) are widely used in the networks were there is no proper end-to-end connection between the sender and the receiver. In this paper we choose DTN to communicate between the soldiers and the others. Initially, if the end-to-end connection is missing between the source and destination pair the data from the source node has to wait until the network is recovered in the intermediate node which can be easily hacked by the third party user hence to solve this critical problem we use storage node which is introduced in the Disruption-tolerant network where in only the authorized users can access the respective data.

Most military data are said to very confidential and hence we use confidential access control methods that are cryptographically enforced. Here we provide different access services for different users that is the admin decides in who access the data based on the respective designation of the users. The registration of the user is completed only if the admin accepts and verifies the users’ account to be valid but if the user is not authorized he will not be allowed to access the data in spite of the registration. For example if the “user 1” sends a data to the “user 2” the data will be encrypted by combining two algorithms such as AES and Jasypt and the resulted data will be encrypted and stored in the storage node where even if there is no end-to-end connection between the source and the destination pair the data will be secured in the storage which can be accessed by the respective authorized person.

111. ALGORITHM

A. Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) algorithm is used in this paper to provide secure data retrieval scheme. AES algorithm is chosen to be used in this paper because it is said to be more secured which supports most of the secure retrieval scheme. This algorithm is considered to be more secured because it is more widely used by the U.S. government to protect classified information and is implemented in hardware and software throughout the world to encrypt secure and confidential data.

AES comprises three block ciphers, AES-128, AES-192 and AES-256. Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits, respectively. (Rijndael was designed to handle additional block sizes and key lengths, but the functionality was not adopted in AES.) Symmetric or secret-key ciphers use the same key for encrypting and decrypting, so both the sender and the receiver must know and use the same secret key. All key lengths are deemed sufficient to protect classified information up to the “Secret” level with “Top Secret” information requiring either 192- or 256-bit key lengths. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys — a round consists of several processing steps that include substitution, transposition and mixing of the input plain text and transform it into the final output of cipher text.

Various researchers have published attacks against reduced-round versions of the Advanced Encryption Standard, and a research paper published in 2011 demonstrated that using a technique called a biclique attack could recover AES keys faster than a brute-force attack by a factor of between three and five, depending on the cipher version. Even this attack, though, does not threaten the practical use of AES due to its high computational complexity.

In this paper AES is used along with the DTN technologies because of the many security and privacy challenges. Since some users may change their associated attributes at some point (for example, moving their region), or some private keys might be compromised, key revocation (or update) for each attribute is necessary in order to make systems secure. For example, if a user joins or leaves an attribute group, the associated attribute key should be changed and redistributed to all the other members in the group.

B. Java Simplified Encryption (Jasypt)

The other algorithm used in this paper is Java Simplified Encryption (Jasypt), it is chosen for the hybrid encryption for a full secured mode to provide secure data retrieval of confidential data. This algorithm is combined with the AES algorithm to provide hybrid encryption. The final challenge in this paper is to provide a new secret key each time a user sends a secret data to the receiver. The secret key generated is unique and it generates a new key each time, which is even more secured for the secure data retrieval. The admin plays a vital role here to manage the overall source and destination pair but the admin is not authorized to access the information because the secret key is generated automatically which is sent to the receiver’s personal account which is not managed by the admin.

Fig 1. Architecture of secure data retrieval in Disruption Tolerant Network (DTN)

IV. EXISTING SYSTEM

The existing system comprises a concept of attribute-based encryption (ABE) is a promising approach that fulfills the requirements for secure data retrieval in DTNs. ABE features a mechanism that enables an access control over encrypted data using access policies and ascribed attributes among private keys and ciphertexts. Especially, ciphertext-policy ABE (CP-ABE) provides a scalable way of encrypting data such that the encryptor defines the attribute set that the decryptor needs to possess in order to decrypt the ciphertext. Thus, different users are allowed to decrypt different pieces of data per the security policy.

The problem of applying the ABE to DTNs introduces several security and privacy challenges. Since some users may change their associated attributes at some point (for example, moving their region), or some private keys might be compromised, key revocation (or update) for each attribute is necessary in order to make systems secure. However, this issue is even more difficult, especially in ABE systems, since each attribute is conceivably shared by multiple users (henceforth, we refer to such a collection of users as an attribute group).

V. PROPOSED SYSTEM

In the proposed system we use hybrid encryption by combining two algorithms and hence we enhance the security of confidential data. Here the admin keeps in track of all the users account hence even if the attribute of the particular user is changed, the admin makes the notification of the changes. Thus, the disadvantages of the existing system is solved. Unauthorized users who do not have enough credentials satisfying the access policy should be deterred from accessing the plain data in the storage node. In addition, unauthorized access from the storage node or key authorities should be also prevented. If multiple users collude, they may be able to decrypt a ciphertext by combining their attributes even if each of the users cannot decrypt the ciphertext alone.

VI. MODULES

1. Key Authorities module

The key generation module generates secret key where the hybrid encryption occurs using AES and Jasypt algorithm. This key generation is very efficient because it combines the two encryption and produces the secret code. In this paper to increase the security of the military network, the secret key generated by the hybrid encryption is sent to the users personal email id, so that even the admin who manages the entire network will not be able to access the confidential data.

2. Storage node module

In the storage node module, the data from the sender is stored even when there is no stable network between the sender and the receiver since, we use Disruption Tolerant Network (DTN). The storage node consists of the encrypted data where only the corresponding receiver can access the respective data. To access the data from the storage node the receiver has to specify the secret code which is generated by the hybrid encryption and is secretly mailed to the receiver.

3. Sender module

The sender module is the one who holds the confidential data and wishes to store them into the external data storage node for ease of sharing or for reliable delivery to users in the extreme networking environments. A sender is responsible for defining (attribute based) access policy and enforcing it on its own data by encrypting the data under the policy before storing it to the storage node.

Fig 2. Hybrid Encryption of secret message

4. User Module

This the last module which tends to access the confidential data from the sender which is stored in the storage node. The receiver has to provide the correct secret key which will be sent to his corresponding mail id. If a user possesses a set of attributes satisfying the access policy of the encrypted data defined by the sender, and is not revoked in any of the attributes, then he will be able to decrypt the cipher text and obtain the data.

VII. CONCLUSION

DTN technologies are becoming successful which allows for the communication between devices which do not have stable network and hence this can be more efficiently used in the military network. AES and Jasypt are scalable cryptographic solution to the access control and secure data retrieval. In this paper we proposed efficient data retrieval method using hybrid encryption by combining two algorithms. The encrypted data is then stored in the storage node which can be accessed only by the corresponding user by providing the respective secret key. In addition admin monitors all the attributes of the users which allows fine-grained key revocation for each attribute group. We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network.

VIII. REFERENCES

[1] J. Burgess, B. Gallagher, D. Jensen, and B. N. Levine, “Maxprop: Routing for vehicle-based disruption tolerant networks,” in Proc. IEEE INFOCOM, 2006, pp. 1–11. [2] M. Chuah andP.Yang,“Nodedensity-basedadaptiveroutingscheme for disruption tolerant networks,” in Proc. IEEE MILCOM, 2006, pp. 1–6.

[3] M. M. B. Tariq, M. Ammar, and E. Zequra, “Mesage ferry route design for sparse ad hoc networks with mobile nodes,” in Proc. ACM MobiHoc, 2006, pp. 37–48.

[4] S.Roy and M.Chuah,“Secure data retrieval based on cipher text policy attribute-based encryption (CP-ABE) system for the DTNs,” Lehigh CSE Tech. Rep., 2009.

[5] M. Chuah and P. Yang, “Performance evaluation of content-based information retrieval schemes for DTNs,” in Proc. IEEE MILCOM, 2007, pp. 1–7.

[6] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable secure file sharing on untrusted storage,” in Proc. Conf. File Storage Technol., 2003, pp. 29–42.

[7] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Mediated ciphertext-policy attribute-based encryption and its application,” in Proc.WISA, 2009, LNCS 5932, pp. 309–323.

[8] N. Chen, M. Gerla, D. Huang, and X. Hong, “Secure, selective group broadcast in vehicular networks using dynamic attribute based encryption,” in Proc. Ad Hoc Netw. Workshop, 2010, pp. 1–8.

[9] D. Huang and M. Verma, “ASPE: Attribute-based secure policy enforcement in vehicular adho cnetworks,” AdHocNetw.,vol.7,no.8, pp. 1526–1535, 2009.

[10]A.LewkoandB.Waters,“Decentralizing attribute-based encryption,” Cryptology ePrint Archive: Rep. 2010/351, 2010.

[11] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Proc. Eurocrypt, 2005, pp. 457–473.

[12] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proc.ACMConf.Comput.Commun.Security,2006,pp.89–98.

[13] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,” in Proc. IEEE Symp. Security Privacy, 2007, pp. 321–334.

[14] R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic access structures,” in Proc. ACM Conf. Comput. Commun. Security, 2007, pp. 195–203.

[15] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation,”in Proc.ASIACCS,2010,pp.261–270.

[16] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient revocation,”inProc.ACMConf.Comput.Commun.Security, 2008, pp. 417–426.

[17]M.Pirretti,P.Traynor,P.McDaniel,andB.Waters,“Secure attribute based systems,”inProc.ACMConf.Comput.Commun.Security,2006, pp. 99–112.

[18]S.RafaeliandD.Hutchison,“A survey of key management for secure group communication,” Comput. Surv., vol. 35, no. 3, pp. 309–329, 2003.

[19] S. Mittra, “Iolus: A framework for scalable secure multicasting,” in Proc. ACM SIGCOMM, 1997, pp. 277–288.

[20] P.Golle, J.Staddon, M. Gagne,and P. Rasmussen,“A content-driven access control system,” in Proc. Symp. Identity Trust Internet, 2008, pp. 26–35.

[21] L.Cheungand C.Newport,“Provably secure cipher text policy ABE,” inProc.ACMConf.Comput.Commun.Security,2007,pp.456–465.

[22] V.Goyal, A.Jain,O.Pandey, and A.Sahai,“Bounded cipher text policy attribute-based encryption,”inProc.ICALP,2008,pp.579–591.