Aditi Gupta, Salmin Sultana, Michael S. Kirkpatrick, E. Bertino
{"title":"一种用于P2P文件共享的细粒度访问控制的选择性加密方法","authors":"Aditi Gupta, Salmin Sultana, Michael S. Kirkpatrick, E. Bertino","doi":"10.4108/ICST.COLLABORATECOM.2010.4","DOIUrl":null,"url":null,"abstract":"As the use of peer-to-peer (P2P) services for distributed file sharing has grown, the need for fine-grained access control (FGAC) has emerged. Existing access control frameworks use an all-or-nothing approach that is inadequate for sensitive content that may be shared by multiple users. In this paper, we propose a FGAC mechanism based on selective encryption techniques. Using this approach, the owner of a file specifies access control policies over various byte ranges in the file. The separate byte ranges are then encrypted and signed with different keys. Users of the file only receive the encryption keys for the ranges they are authorized to read and signing keys for the ranges they are authorized to write. We also propose an optional enhancement of the scheme where a file owner can hide location of the file. Our approach includes a key distribution scheme based on a public key infrastructure (PKI) and access control vectors. We also discuss how policy changes and file modifications are handled in our scheme. We have integrated our FGAC mechanism with the Chord structured P2P network. In this paper, we discuss relevant issues concerning the implementation and integration with Chord and present the performance results for our prototype implementation.","PeriodicalId":354101,"journal":{"name":"6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A selective encryption approach to fine-grained access control for P2P file sharing\",\"authors\":\"Aditi Gupta, Salmin Sultana, Michael S. Kirkpatrick, E. Bertino\",\"doi\":\"10.4108/ICST.COLLABORATECOM.2010.4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the use of peer-to-peer (P2P) services for distributed file sharing has grown, the need for fine-grained access control (FGAC) has emerged. Existing access control frameworks use an all-or-nothing approach that is inadequate for sensitive content that may be shared by multiple users. In this paper, we propose a FGAC mechanism based on selective encryption techniques. Using this approach, the owner of a file specifies access control policies over various byte ranges in the file. The separate byte ranges are then encrypted and signed with different keys. Users of the file only receive the encryption keys for the ranges they are authorized to read and signing keys for the ranges they are authorized to write. We also propose an optional enhancement of the scheme where a file owner can hide location of the file. Our approach includes a key distribution scheme based on a public key infrastructure (PKI) and access control vectors. We also discuss how policy changes and file modifications are handled in our scheme. We have integrated our FGAC mechanism with the Chord structured P2P network. In this paper, we discuss relevant issues concerning the implementation and integration with Chord and present the performance results for our prototype implementation.\",\"PeriodicalId\":354101,\"journal\":{\"name\":\"6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-03-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/ICST.COLLABORATECOM.2010.4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/ICST.COLLABORATECOM.2010.4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A selective encryption approach to fine-grained access control for P2P file sharing
As the use of peer-to-peer (P2P) services for distributed file sharing has grown, the need for fine-grained access control (FGAC) has emerged. Existing access control frameworks use an all-or-nothing approach that is inadequate for sensitive content that may be shared by multiple users. In this paper, we propose a FGAC mechanism based on selective encryption techniques. Using this approach, the owner of a file specifies access control policies over various byte ranges in the file. The separate byte ranges are then encrypted and signed with different keys. Users of the file only receive the encryption keys for the ranges they are authorized to read and signing keys for the ranges they are authorized to write. We also propose an optional enhancement of the scheme where a file owner can hide location of the file. Our approach includes a key distribution scheme based on a public key infrastructure (PKI) and access control vectors. We also discuss how policy changes and file modifications are handled in our scheme. We have integrated our FGAC mechanism with the Chord structured P2P network. In this paper, we discuss relevant issues concerning the implementation and integration with Chord and present the performance results for our prototype implementation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
