SECURE DATA RETRIEVAL FOR

DECENTRALIZED
DISRUPTION-TOLERANT
MILITARY NETWORKS
External Demonstration

1. Introduction
1.1 Introduction & Objective
1.2 Disruption Tolerant Networks (DTN)
1.3 Attribute Based Encryption (ABE)
1.2.1 KP-ABE
1.2.2 CP-ABE

1.1 Introduction & Objective

In many military network scenarios, connections of
wireless devices carried by soldiers may be
temporarily disconnected by jamming, environmental
factors and mobility, especially when they operate in
hostile conditions.
Many applications require increased protection of
confidential data including access control methods
that are cryptographically enforced.
Our objective is to provide increased protection even
under a disruption prone network

1.2 Disruption Tolerant Networks (DTN)

We make use
of
Decentralized
Disruption
Tolerant
Network.

Disruption Tolerant Network is designed to

provide connectivity where
thenetworkwould normally be subject to
frequent and long lasting disruptions.
Intensively applicable for:
Disaster relief missions
Peace keeping missions
Vehicular Networks

1.3 Attribute Based Encryption (ABE)

We make use
of following
two attributes:
1.Battalion
2. Region

In traditional public-key cryptography,

a message is encrypted for a specific
receiver using the receivers public-key.
But ABE defines the receiver as a set of
attributes, instead of a specific identity.
Hence messages can be encrypted/
decrypted with respect to subsets of
attributes or policies defined over a set
of attributes.

Why ABE?
Eliminates dependency on a single user.
The message can be configured for future access,
ie; only after the user achieves the set of attributes.
Forward and Backward secrecy is maintained.
Threat of collusion can be overcome.

1.2.2 KP-ABE (1 of 2)
In KP-ABE, the sender only gets to label a ciphertext with a set of attributes.
The key authority chooses a policy for each user
that determines which cipher-texts he can decrypt
and issues the key to each user by embedding the
policy into the users key.
Hence the policy is contained in the Users key.

1.2.2 KP-ABE (2 of 2)

Key
(Using Policy)

Admin
(Key Authorities)

User

Sender

Uses Key
To decrypt

Uses Policy to
encrypt

Message

1.2.3 CP-ABE (1 of 2)

However, the roles of the cipher-texts and keys are

reversed in CP-ABE.
In CP-ABE, the cipher-text is encrypted with an access
policy chosen by an sender, but a key is simply created
with respect to an attributes set.
CP-ABE is more appropriate to DTNs than KP-ABE
because it enables sender such as a commander to
choose an access policy on attributes and to encrypt
confidential data under the access structure via
encrypting with the corresponding public keys or
attributes.

1.2.3 CP-ABE (2 of 2)

Key
(Using Attribute)

Admin
(Key Authorities)

User

Sender

Uses Key
To decrypt

Uses Attributes to
encrypt

Message

Example (Hospital)
Employee list

Access Chart

Sl. no

Role

Department

Doctor

Doctor

Ward Boy

Cleaner

Security

Doctor

Patient
OR
AND
Doctor

A doctor from either Department A or

Department B
should attend the patient.

AND
A

Doctor

2.Literature survey
1.

2.

3.

4.

A. Lewko and B. Waters, Decentralizing attribute-based

encryption, Cryptology ePrint Archive: Rep. 2010/351, 2010.
M. Chuah and P. Yang, Performance evaluation of contentbased information retrieval schemes for DTNs, in Proc. IEEE
MILCOM,2007, pp. 17.
V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based
encryption for fine-grained access control of encrypted data,
in Proc. ACM Conf. Comput. Commun. Security, 2006, pp. 89
98.
S. Rafaeli and D. Hutchison, A survey of key management for
secure group communication, Comput. Surv., vol. 35, no. 3, pp.
309329,2003.

3. Implementation
3.1 Network Architecture
3.2 Elliptical Curve Cryptography
3.3 Algorithm

3.1 Network Architecture

Secure data retrieval in a Military DTN

System Descrip7on
Key Authori7es: They are key genera7on centre
that generate public/secret parameters for CP-ABE.
Storage node: This stores data from senders and
provide corresponding access to users. It may be
mobile or sta7c.
Sender: Sender is responsible for dening access
policy and enforcing it on its data by encryp7ng the
data under the policy before storing it to the
storage node(e.g., a commander).
User: This is a mobile node who wants to access
the data stored at the storage node (e.g., a soldier).

3.2 Elliptic Curve Cryptography(ECC)

ECC is an Asymmetric cryptography/ Public key
Cryptography we would use.
It is based on the algebraic structure of ellip7c
curves.
Why ECC over RSA?
Provides Higher security with Smaller key size.
E.g., a 256-bit ECC public key should provide
comparable security to a 3072-bit RSA public key

3.3 Algorithm (1 of 3)
Key Generation
To generate public key
Q = d*P

Where,
n P

& Q : Public key

n d
: Private key (a random number)

3.3 Algorithm (2 of 3)
For Encryption
Two cipher texts C1 and C2
C1 = k*P
C2 = M + k*Q
Where,
n k

: Random number
n M
: Plain Text
n P & Q : Public key

3.3 Algorithm (3 of 3)
For Decryption
To get back the message M
M = C2 - d*C1

Where,
n d
n M

: Private key
: Plain Text

4.System Design and Data Flow

4.1 System Architecture
4.2 Context Analysis
4.3 Admin DFD
4.4 Sender DFD
4.5 User DFD

4.1 System Architecture

4.2 Context Analysis

4.3 Admin DFD

4.4 Sender DFD

4.5 User DFD

6.Conclusion
6.1 Challenges in Implementation
6.2 Results
6.3 Future Enhancements
6.4 Other Applications

6.1 Challenges in Implementation

Confidentiality in Message Visibility: Unauthorized

users who do not have enough credentials satisfying the
access policy should be deterred from viewing the
messages in the storage node.
Backward secrecy and Forward secrecy: In order to
impart secrecy, we had to revoke the before held key
as and when the user changes attributes.
Choice of Attributes to avoid Collusion: Choice of
attributes must be such that, though multiple users could
possess the same value for few attributes, but the
attribute set for each user must be unique.

6.2 Results
CP-ABE imparts higher Data Confidentiality.
2pc Protocol eliminates the dependency on multiple
authorities to compose a master key.
Decentralization of Storage nodes give continuous
connectivity between all users.
If any storage node is under jamming then other
storage node will respond to Receiver and Sender
request/response related queries.

6.3 Future Enhancements

Decentralize storage nodes onto user devices as
mini storage nodes, to improve connectivity and
data deliverability.
Incorporate Location Based Services, to track
location as an attribute.
Can be extended into Vehicular Adhoc network
(GreenNetwork).
Online Education.

6.4 Other Applications

Broadcast encryption: It is the cryptographic problem

of delivering encrypted content (e.g. TV programs or
data on DVDs) over a broadcast channel in such a way
that only qualified users (e.g. subscribers who have
paid their fees )can decrypt the content.
Attribute-Based Anonymous Credential
System(ABACS): It allows the verifier to authenticate
anonymous users according to any access.
Log Encryption: Instead of encrypting each part of a
log with the keys of all recipients, it is possible to
encrypt the log only with attributes which match
recipients attributes.

THANK YOU