88 6. ACCESS CONTROL OF AGGREGATED DATA IN SENSOR CLOUDS
user’s query and the attributes, such as the one in Figure 6.2. e access tree is then augmented
by ANDing a new node, “ID” to the root node as shown in Figure 6.5. is makes sure that the
secret key is always bound to an ID. is would help in easy revocation at a later time. To create
a unique identity attribute for the user, the SCA then randomly generates a previously unused
number t
j
from Z
q
and its public component t
j
P . Once the access tree T
j
is created, SCA
proceeds to generate the secret key SK
j
as follows. Starting from the root node, SCA constructs
a random polynomial u
x
of degree d
x
C 1 for each node x in T
j
, where d
x
is the degree of that
node. For the root node r it sets u
r
.0/ D y and chooses the rest of the points randomly. For all
other nodes it sets u
x
.0/ D u
parent.x/
.index.x//, where parent.x/ denotes the parent of node x
and index.x/ returns an enumeration on the children of the parent of node x. All other points
are chosen randomly. e secret key SK is then defined as
SK
j
D
D
k
D
u
k
.0/
t
k
P; k 2
;
where, is the set of leaf nodes in T
j
including the node ID and D
k
is calculated for all the leaf
nodes k in T
j
. SCA then gives the secret key SK
j
, the access tree T
j
, nonce b, and T
j
to the user
U
j
.
AND
OR
AND
ID ID
R
1
R
2
O
1
O
2
O
3
O
1
O
2
O
3
T
1
T
2
T
1
T
2
AND
OR
2 of
3
2 of
3
Figure 6.5: Access tree augmented with ID.
6.6.3 DATA AGGREGATION KEY GENERATION
When a user U
j
contacts GN
j
for data, it provides the query as the tuple < U
j
; T
j
; T
j
; r >, where
T
j
is the access tree for the query, T
j
is the public component of the user’s identity and r is a