6.11. SUMMARY 95
Each node in the scheme encrypts a randomly generated partial session key using KP-
ABE. KP-ABE is secure under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption
(e security proof can be found in [105]). With KP-ABE, even though the users collude, they
cannot decrypt data which has not been encrypted for their individual secret keys. In Eq. (6.7),
the session key is encrypted as Ce.P; P /
sK
l
. Assuming, the user has the correct authorization
key K
l
, in order to recover C , the user will have to calculate e.P; P /
s
, which it cannot calculate
unless it has the correct secret key. e adversary may also compromise sensor nodes. Because
each sensor node generates an encrypted partial session key C
p
i
individually, compromising
sensor nodes does not give the adversary any advantage too.
Authorization in the scheme is provided in the form of private keys K
l
, for authoriza-
tion level AL
l
. Since the authorization keys are in the form of a one way hash chain, a lower
authorization level’s key can be derived from a higher authorization key but not vice versa. at
is, if the underlying hash function is secure. For a particular authorization level AL
l
, the sensor
nodes encrypt the session key as Ce.P; P /
sK
l
. Nodes with the required authorization level can
calculate e.P; P /
s
and then .e.P; P /
s
/
K
l
to compute C and hence the session key S. e user
who does not have the correct authorization will not be able to compute .e.P; P /
s
/
K
l
and hence
cannot derive the correct session key to access data.
An adversary can compromise sensor nodes, which can corrupt the ciphertext Ce.P; P /
sK
l
to disrupt the key establishment process. If the user receives corrupted ciphertext, the key gen-
eration process will still go through and the user will generate incorrect data aggregation keys.
is is where PIP algorithm’s integrity preserving nature comes in. Since the user has derived
incorrect data aggregation keys, PIP will raise an alarm when the user tries to decrypt sensor
data using the incorrect keys. When this happens the user can inform the SCA, which will take
appropriate steps.
6.11 SUMMARY
In this chapter, we presented a user access control scheme for sensor clouds. is access control
scheme considers large sensor networks where sensor nodes collaborate and aggregate data in the
network to save energy and bandwidth. e scheme also provides the opportunity to the network
owners to modify the access control policies at run time and provides an efficient revocation
strategy. Finally, this scheme is also able to distinguish between different users with the same
query, which is very important for sensor cloud applications from an account management and
billing point of view. We conclude with the observation that although the scheme is designed
for sensor networks, it can also be adopted in other settings such as wired and mobile networks,
where the goal is to provide access control in a collaborative and data aggregation scenario.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.