Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 1

INTRODUCTION

IN MANY military network scenarios, connections of wireless devices carried by soldiers

may be temporarily disconnected by jamming, environmental factors, and mobility, especially
when they operate in hostile environments. Disruption-tolerant network (DTN) technologies
are becoming successful solutions that allow nodes to communicate with each other in these
extreme networking environments. Typically, when there is no end-to-end connection
between a source and a destination pair, the messages from the source node may need to wait
in the intermediate nodes for a substantial amount of time until the connection would be
eventually established. Roy and Chuah introduced storage nodes in DTNs where data is stored
or replicated such that only authorized mobile nodes can access the necessary information
quickly and efficiently. Many military applications require increased protection of
confidential data including access control methods that are cryptographically enforced. In
many cases, it is desirable to provide differentiated access services such that data access
policies are defined over user attributes or roles, which are managed by the key authorities.
For example, in a disruption-tolerant military network, a commander may store confidential
information at a storage node, which should be accessed by members of “Battalion 1” who are
participating in “Region 2.” In this case, it is a reasonable assumption that multiple key
authorities are likely to manage their own dynamic attributes for soldiers in their deployed
regions or echelons, which could be frequently changed (e.g., the attribute representing
current location of moving soldiers). We refer to this DTN architecture where multiple
authorities issue and manage their own attribute keys independently as a decentralized DTN.

The concept of attribute-based encryption (ABE) is a promising approach that fulfills the
requirements for secure data retrieval in DTNs. ABE features a mechanism that enables an
access control over encrypted data using access policies and ascribed attributes among private
keys and cipher texts. Especially, ciphertext-policy ABE (CP-ABE) provides a scalable way
of encrypting data such that the encryptor defines the attribute set that the decryptor needs to
possess in order to decrypt the ciphertext. Thus, different users are allowed to decrypt
different pieces of data per the security policy.

Dept. Computer Science Page 1

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

However, the problem of applying the ABE to DTNs introduces several security and privacy
challenges. Since some users may change their associated attributes at some point (for
example, moving their region), or some private keys might be compromised, key revocation
(or update) for each attribute is necessary in order to make systems secure. However, this
issue is even more difficult, especially in ABE systems, since each attribute is conceivably
shared by multiple users (henceforth, we refer to such a collection of users as an attribute
group). This implies that revocation of any attribute or any single user in an attribute group
would affect the other users in the group. For example, if a user joins or leaves an attribute
group, the associated attribute key should be changed and redistributed to all the other
members in the same group for backward or forward secrecy. It may result in bottleneck
during rekeying procedure or security degradation due to the windows of vulnerability if the
previous attribute key is not updated immediately.

Another challenge is the key escrow problem. In CP-ABE, the key authority generates private
keys of users by applying the authority’s master secret keys to users’ associated set of
attributes. Thus, the key authority can decrypt every ciphertext addressed to specific users by
generating their attribute keys. If the key authority is compromised by adversaries when
deployed in the hostile environments, this could be a potential threat to the data confidentiality
or privacy especially when the data is highly sensitive. The key escrow is an inherent problem
even in the multiple-authority systems as long as each key authority has the whole privilege to
generate their own attribute keys with their own master secrets. Since such a key generation
mechanism based on the single master secret is the basic method for most of the asymmetric
encryption systems such as the attribute- based or identity-based encryption protocols,
removing escrow in single or multiple-authority CP-ABE is a pivotal open problem.

The last challenge is the coordination of attributes issued from different authorities. When
multiple authorities manage and issue attributes keys to users independently with their own
master secrets, it is very hard to define fine-grained access policies over attributes issued from
different authorities. For example, suppose that attributes “role 1” and “region 1” are managed
by the authority A, and “role 2” and “region 2” are managed by the authority B. Then, it is
impossible to generate an access policy ((“role 1” OR “role 2”) AND (“region 1” or “region

Dept. Computer Science Page 2

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

2”)) in the previous schemes because the OR logic between attributes issued from different
authorities cannot be implemented.
This is due to the fact that the different authorities generate their own attribute keys using
their own independent and individual master secret keys. Therefore, general access policies,
such as “-out-of-” logic, cannot be expressed in the previous schemes, which is a very
practical and commonly required access policy logic.

A.RELATED WORK
ABE comes in two flavors called key-policy ABE (KP-ABE) and ciphertext-policy ABE (CP-
ABE). In KP-ABE, the encryptor only gets to label a ciphertext with a set of attributes. The
key authority chooses a policy for each user that determines which ciphertexts he can decrypt
and issues the key to each user by embedding the policy into the user’s key. However, the
roles of the ciphertexts and keys are reversed in CP-ABE. In CP-ABE, the ciphertext is
encrypted with an access policy chosen by an encryptor, but a key is simply created with
respect to an attributes set. CP-ABE is more appropriate to DTNs than KP-ABE because it
enables encryptors such as a commander to choose an access policy on attributes and to
encrypt confidential data under the access structure via encrypting with the corresponding
public keys or attributes.

1) Attribute Revocation:

Bethencourt et al. and Boldyreva et al. first suggested key revocation mechanisms in CP-
ABE and KP-ABE, respectively. Their solutions are to append to each attribute an expiration
date (or time) and distribute a new set of keys to valid users after the expiration. The periodic
attribute revocable ABE schemes have two main problems.

The first problem is the security degradation in terms of the backward and forward secrecy. It
is a considerable scenario that users such as soldiers may change their attributes frequently,
e.g., position or location move when considering these as attributes. Then, a user who newly
holds the attribute might be able to access the previous data encrypted before he obtains the
attribute until the data is reencrypted with the newly updated attribute keys by periodic

Dept. Computer Science Page 3

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

rekeying (backward secrecy). For example, assume that at time, a ciphertext is encrypted with
a policy that can be decrypted with a set of attributes (embedded in the users keys) for users
with. After time, say, a user newly holds the attribute set. Even if the new user should be
disallowed to decrypt the ciphertext for the time instance, he can still decrypt the previous
ciphertext until it is encrypted with the newly updated attribute keys. On the other hand, a
revoked user would still be able to access the encrypted data even if he does not hold the
attribute any more until the next expiration time (forward secrecy). For example, when a user
is disqualified with the attribute at time , he can still decrypt the ciphertext of the previous
time instance unless the key of the user is expired and the ciphertext is reencrypted with the
newly updated key that the user cannot obtain. We call this uncontrolled period of time
windows of vulnerability.

The other is the scalability problem. The key authority periodically announces a key update
material by unicast at each time-slot so that all of the no revoked users can update their keys.
This results in the “1-affects- ” problem, which means that the update of a single attribute
affects hewhole nonrevoked users who share the attribute. This could be a bottleneck for both
the key authority and all nonrevoked users. The immediate key revocation can be done by
revoking users using ABE that supports negative clauses. To do so, one just adds
conjunctively the AND of negation of revoked user identities (where each is considered as an
attribute here).

However, this solution still somewhat lacks efficiency performance. This scheme will pose
overhead group elements1 additively to the size of the ciphertext and multiplicatively to the
size of private key over the original CP-ABE scheme of Bethencourt et al., where is the
maximum size of revoked attributes set. Golle et al. also proposed a user revocable KP-ABE
scheme, but their scheme only works when the number of attributes associated with a
ciphertext is exactly half of the universe size.

Dept. Computer Science Page 4

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

2) Key Escrow:

Most of the existing ABE schemes are constructed on the architecture where a single trusted
authority has the power to generate the whole private keys of users with its master secret
information. Thus, the key escrow problem is inherent such that the key authority can decrypt
every ciphertext addressed to users in the system by generating their secret keys at any time.
Chase et al. presented a distributed KP-ABE scheme that solves the key escrow problem in a
multiauthority system. In this approach, all (disjoint) attribute authorities are participating in
the key generation protocol in a distributed way such that they cannot pool their data and link
multiple attribute sets belonging to the same user. One disadvantage of this fully distributed
approach is the performance degradation. Since there is no centralized authority with master
secret information, all attribute authorities should communicate with each other in the system
to generate a user’s secret key. This results in communication overhead on the system setup
and the rekeying phases and requires each user to store additional auxiliary key components
besides the attributes keys, where is the number of authorities in the system.

3) Decentralized ABE:

Huang et al. and Roy et al. proposed decentralized CP-ABE schemes in the multiauthority
network environment. They achieved a combined access policy over the attributes issued from
different authorities by simply encrypting data multiple times. The main disadvantages of this
approach are efficiency and expressiveness of access policy. For example, when a commander
encrypts a secret mission to soldiers under the policy (“Battalion 1” AND (“Region 2” OR
‘Region 3”)), it cannot be expressed when each “Region” attribute is managed by different
authorities, since simply multiencrypting approaches can by no means express any general “ -
out-of- ” logics (e.g., OR, that is 1-out-of- ). For example, let be the key authorities, and be
attributes sets they independently manage, respectively. Then, the only access policy
expressed with is , which can be achieved by encrypting a message with by , and then
encrypting the resulting ciphertext with by (where is the ciphertext encrypted under ), and
then encrypting resulting ciphertext with by , and so on, until this multiencryption generates
the final ciphertext .

Dept. Computer Science Page 5

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Thus, the access logic should be only AND, and they require iterative encryption operations
where is the number of attribute authorities. Therefore, they are somewhat restricted in terms
of expressiveness of the access policy and require computation and storage costs. Chase and
Lewko et al. proposed multiauthority KP-ABE and CP-ABE schemes, respectively. However,
their schemes also suffer from the key escrow problem like the prior decentralized schemes.

B. CONTRIBUTION
In this system, we propose an attribute-based secure data retrieval scheme using CP-ABE for
decentralized DTNs. The proposed scheme features the following achievements. First,
immediate attribute revocation enhances backward/forward secrecy of confidential data by
reducing the windows of vulnerability. Second, encryptors can define a fine-grained access
policy using any monotone access structure under attributes issued from any chosen set of
authorities. Third, the key escrow problem is resolved by an escrow-free key issuing protocol
that exploits the characteristic of the decentralized DTN architecture. The key issuing protocol
generates and issues user secret keys by performing a secure two-party computation (2PC)
protocol among the key authorities with their own master secrets. The 2PC protocol deters the
key authorities from obtaining any master secret information of each other such that none of
them could generate the whole set of user keys alone. Thus, users are not required to fully
trust the authorities in order to protect their data to be shared. The data confidentiality and
privacy can be cryptographically enforced against any curious key authorities or data storage
nodes in the proposed scheme.

Dept. Computer Science Page 6

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 2

LITERATURE SURVEY

2.1 ATTRIBUTE-BASED ENCRYPTION FOR FINE-GRAINED ACCESS CONTROL

OF ENCRYPTED DATA

As more sensitive data is shared and stored by third-party sites on the Internet, there will be a
need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be
selectively shared only at a coarse-grained level (i.e., giving another party your private key).
We develop a new cryptosystem for ¯ne-grained sharing of encrypted data that we call Key-
Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled
with sets of attributes and private keys are associated with access structures that control which
ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to
sharing of audit-log information and broadcast encryption. Our construction supports
delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE).

2.2 DECENTRALIZING ATTRIBUTE-BASED ENCRYPTION

We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any

party can become an authority and there is no requirement for any global coordination other
than the creation of an initial set of common reference parameters. A party can simply act as
an ABE authority by creating a public key and issuing private keys to different users that reect
their attributes. A user can encrypt data in terms of any Boolean formula over attributes issued
from any chosen set of authorities. Finally, our system does not require any central authority.
In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior
Attribute-Based Encryption systems achieved collusion resistance when the ABE system
authority \tied" together different components (representing different attributes) of a user's
private key by randomizing the key. However, in our system each component will come from
a potentially different authority, where we assume no coordination between such authorities.
We create new techniques to tie key components together and prevent collusion attacks
between users with different global identifiers.

Dept. Computer Science Page 7

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

We prove our system secure using the recent dual system encryption methodology where the
security proof works by first converting the challenge ciphertext and private keys to a semi-
functional form and then arguing security. We follow a recent variant of the dual system proof
technique due to Lewko and Waters and build our system using bilinear groups of composite
order. We prove security under similar static assumptions to the LW paper in the random
oracle model.

2.3 IDENTITY-BASED ENCRYPTION WITH EFFICIENT REVOCATION

Identity-based encryption (IBE) is an exciting alternative to public-key encryption, as IBE

eliminates the need for a Public Key Infrastructure (PKI). Any setting, PKI- or identity-based,
must provide a means to revoke users from the system. Efficient revocation is a well-studied
problem in the traditional PKI setting. However in the setting of IBE, there has been little
work on studying the revocation mechanisms. The most practical solution requires the senders
to also use time periods when encrypting, and all the receivers (regardless of whether their
keys have been compromised or not) to update their private keys regularly by contacting the
trusted authority. We note that this solution does not scale well – as the number of users
increases, the work on key updates becomes a bottleneck. We propose an IBE scheme that
significantly improves key-update efficiency on the side of the trusted party (from linear to
logarithmic in the number of users), while staying efficient for the users. Our scheme builds
on the ideas of the Fuzzy IBE primitive and binary tree data structure, and is provably secure.

2.4 MESSAGE FERRY ROUTE DESING FOR SPARSE AD HOC NETWORKS WITH
MOBILE NODES

Message ferrying is a networking paradigm where a special node, called a message ferry,
facilitates the connectivity in a mobile ad hoc network where the nodes are sparsely deployed.
One of the key challenges under this paradigm is the design of ferry routes to achieve certain
properties of end to-end connectivity, such as, delay and message loss among the nodes in the
ad hoc network. This is a difficult problem when the nodes in the network move arbitrarily.
As we cannot be certain of the location of the nodes, we cannot design a route where the ferry
can con act the nodes with certainty.

Dept. Computer Science Page 8

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Due to this difficulty, prior work has either considered ferry route design for ad hoc networks
where the nodes are stationary, or where the nodes and the ferry move pro-actively in order to
meet at certain locations. Such systems either require long-range radio or disrupt nodes'
mobility patterns which can be dictated by non-communication tasks. We present a message
ferry route design algorithm that we call the Optimized Way-points, or OPWP, that generates
a ferry route which assures good performance without requiring any online collaboration
between the nodes and the ferry. The OPWP ferry route comprises a set of way-points and
waiting times at these way-points, that are chosen carefully based on the node mobility model.
Each time that the ferry traverses this route, it contacts each mobile node with a certain
minimum probability. The node-ferry contact probability in turn determines the frequency of
node-ferry contacts and the properties of end-to-end delay. We show that OPWP consistently
outperforms other naive ferry routing approaches.

2.5PERFORMANCE EVALUATIONS OFDATA-CENTRIC INFORMATION

RETRIEVAL SCHEMES FOR DTNs

Mobile nodes in some challenging network scenarios, e.g. battlefield and disaster recovery
scenarios, suffer from intermittent connectivity and frequent partitions. Disruption Tolerant
Network (DTN) technologies are designed to enable communications in such environments.
Several DTN routing schemes have been proposed. However, not much work has been done
on designing schemes that provide efficient information access in such challenging network
scenarios. In this paper, we explore how a content-based information retrieval system can be
designed for DTNs. There are three important design issues, namely (a) how data should be
replicated and stored at multiple nodes, (b) how a query is disseminated in sparsely connected
networks, (c) how a query response is routed back to the issuing node. We first describe how
to select nodes for storing the replicated copies of data items. We consider the random and the
intelligent caching schemes. In the random caching scheme, nodes that are encountered first
by a data-generating node are selected to cache the extra copies while in the intelligent
caching scheme, nodes that can potentially meet more nodes, e.g. faster nodes, are selected to
cache the extra data copies. The number of replicated data copies K can be the same for all
data items or varied depending on the access frequencies of the data items. In this work, we
consider fixed, proportional and square-root replication schemes. Then, we describe two

Dept. Computer Science Page 9

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

query dissemination schemes: (a) W-copy Selective Query Spraying (WSS) scheme, (b) L hop
Neighbourhood Spraying (LNS) scheme. In the WSS scheme, nodes that can move faster are
selected to cache the queries while in the LNS scheme, nodes that are within L-hops of a
querying node will cache the queries. For message routing, we use an enhanced Prophet
scheme where a next-hop node is selected only if its predicted delivery probability to the
destination is higher than a certain threshold. We conduct extensive simulation studies to
evaluate different combinations of the replication and query dissemination algorithms. Our
results reveal that the scheme that performs the best is the one that uses the WSS scheme
combined with binary spread of replicated data copies. The WSS scheme can achieve a higher
query success ratio when compared to a scheme that does not use any data and query
replication. Furthermore, the square-root and proportional replication schemes provide higher
query success ratio than the fixed copy approach with varying node density. In addition, the
intelligent caching approach can further improve the query success ratio by 5.3% to 15.8%
with varying node density. Our results using different mobility models reveal that the query
success ratio degrades at most 7.3% when the community-based model is used compared to
the Random Waypoint (RWP) model. Compared to the RWP and the community-based
mobility models, the UmassBusNet model from the DieselNet project achieves much lower
query success ratio because of the longer inter-node encounter time.

Dept. Computer Science Page 10

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 3

REQUIREMENT SPECIFICATION

This Chapter describes about the requirements. It specifies the hardware and software
requirements that are required in order to run the application properly. The Software
Requirement Specification (SRS) is explained in detail, which includes overview of this
dissertation as well as the functional and non-functional requirement of this dissertation.

HARDWARE REQUIREMENTS:

Processor : Pentium IV
Hard Disk : 40GB
RAM : 512MB or more

SOFTWARE REQUIREMENTS:

Operating system : Windows XP or Windows 7, Windows 8.

Coding Language : Java – AWT, Swings, Networking
Data Base : My Sql / MS Access.
Documentation : MS Office
IDE : Eclipse Galileo
Development Kit : JDK 1.6

3.1 FUNCTIONAL REQUIREMENT:

Functional Requirement defines a function of a software system and how the system must
behave when presented with specific inputs or conditions. These may include calculations,
data manipulation and processing and other specific functionality. In this system following are
the functional requirements:-

 The Service provider /Sender are responsible for registering the Users by providing
their details, including Battalion and Region.

Dept. Computer Science Page 11

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

 The Service Provider/Sender Browses the data File, encrypts it and generates the key
from Key Authority Server (KA1, KA2, and KA3) and uploads file to the destination.

 The DTN Router stores the encrypted data file and their details in the Storage Node.

 The End User Request to the storage node using their credentials like file Name, secret
key, Battalion and Region.

 Then storage node connects to the respective Key authority server. If all credentials
are correct then user is authorized to receive the file.

 If the user gives wrong credentials file name, secret key, Battalion, Region, then the
end user will considered as non-authorized user.

 The Attributes are File Management, Attackers, Access control, attribute-based

encryption (ABE), disruption-tolerant network (DTN), and multiauthority, secure data
retrieval

3.2 NON FUNCTIONAL REQUIREMENT:

Non – Functional requirements, as the name suggests, are those requirements that are not
directly concerned with the specific functions delivered by the system. They may relate to
emergent system properties such as reliability response time and store occupancy.
Alternatively, they may define constraints on the system such as the capability of the Input
Output devices and the data representations used in system interfaces. Many non-functional
requirements relate to the system as whole rather than to individual system features. This
means they are often critical than the individual functional requirements. The following non-
functional requirements are worthy of attention.

 Security: The system should allow a secured communication between Sender and
Router and Receiver.

 Energy Efficiency: The Time consumed by the Router to transfer the File’s Packets
from the Receiver.
 Reliability: The system should be reliable and must not degrade the performance of the
existing system and should not lead to the hanging of the system.

Dept. Computer Science Page 12

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 4

SYSTEM ANALYSIS

4.1 EXISTING SYSTEM:

ABE comes in two flavors called key-policy ABE (KP-ABE) and cipher text-policy ABE
(CP-ABE). In KP-ABE, the encryptor only gets to label a cipher text with a set of attributes.
The key authority chooses a policy for each user that determines which cipher texts he can
decrypt and issues the key to each user by embedding the policy into the user’s key. However,
the roles of the cipher texts and keys are reversed in CP-ABE. In CP-ABE, the cipher text is
encrypted with an access policy chosen by an encryptor, but a key is simply created with
respect to an attributes set. CP-ABE is more appropriate to DTNs than KP-ABE because it
enables encryptors such as a commander to choose an access policy on attributes and to
encrypt confidential data under the access structure via encrypting with the corresponding
public keys or attributes.

DISADVANTAGES OF EXISTING SYSTEM:

 The problem of applying the ABE to DTNs introduces several security and privacy
challenges. Since some users may change their associated attributes at some point (for
example, moving their region), or some private keys might be compromised, key
revocation (or update) for each attribute is necessary in order to make systems secure.
 However, this issue is even more difficult, especially in ABE systems, since each
attribute is conceivably shared by multiple users (henceforth, we refer to such a
collection of users as an attribute group)
 Another challenge is the key escrow problem. In CP-ABE, the key authority generates
private keys of users by applying the authority’s master secret keys to users’
associated set of attributes.
 The last challenge is the coordination of attributes issued from different authorities.
When multiple authorities manage and issue attributes keys to users independently

Dept. Computer Science Page 13

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

with their own master secrets, it is very hard to define fine-grained access policies over
attributes issued from different authorities.

4.2 PROPOSED SYSTEM:

In this section, we provide a multi authority CP-ABE scheme for secure data retrieval in
decentralized DTNs. Each local authority issues partial personalized and attribute key
components to a user by performing secure 2PC protocol with the central authority. Each
attribute key of a user can be updated individually and immediately. Thus, the scalability and
security can be enhanced in the proposed scheme.

Since the first CP-ABE scheme proposed by Bethencourt et al , dozens of CP-ABE schemes
have been proposed. The subsequent CP-ABE schemes are mostly motivated by more
rigorous security proof in the standard model. However, most of the schemes failed to achieve
the expressiveness of the Bethencourt et al.’s scheme, which described an efficient system
that was expressive in that it allowed an encryptor to express an access predicate in terms of
any monotonic formula over attributes. Therefore, in this section, we develop a variation of
the CP-ABE algorithm partially based on (but not limited to) Bethencourt et al.’s construction
in order to enhance the expressiveness of the access control policy instead of building a new
CP-ABE scheme from scratch.

ADVANTAGES OF PROPOSED SYSTEM:

 Data confidentiality: Unauthorized users who do not have enough credentials

satisfying the access policy should be deterred from accessing the plain data in the
storage node. In addition, unauthorized access from the storage node or key authorities
should be also prevented.
 Collusion-resistance: If multiple users collude, they may be able to decrypt a cipher
text by combining their attributes even if each of the users cannot decrypt the cipher text
alone.
 Backward and forward Secrecy: In the context of ABE, backward secrecy means that
any user who comes to hold an attribute (that satisfies the access policy) should be

Dept. Computer Science Page 14

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

prevented from accessing the plaintext of the previous data exchanged before he holds
the attribute. On the other hand, forward secrecy means that any user who drops an
attribute should be prevented from accessing the plaintext of the subsequent data

4.3 FEASIBILITY ANALYSIS:

An important outcome of preliminary investigation is the determination that the system

request is feasible. This is possible only if it is feasible within limited resource and time. The
different feasibilities that have to be analyzed are

1. Operational Feasibility

2. Economic Feasibility

3. Technical Feasibility

Operational Feasibility
Operational Feasibility deals with the study of prospects of the system to be developed. This
system operationally eliminates all the tensions of the Admin and helps him in effectively
tracking the project progress. This kind of automation will surely reduce the time and energy,
which previously consumed in manual work. Based on the study, the system is proved to be
operationally feasible.

Economic Feasibility

Economic Feasibility or Cost-benefit is an assessment of the economic justification for a

computer based project. As hardware was installed from the beginning & for lots of purposes
thus the cost on project of hardware is low. Since the system is a network based, any number
of employees connected to the LAN within that organization can use this tool from at any
time. The Virtual Private Network is to be developed using the existing resources of the
organization. So the project is economically feasible.

Technical Feasibility
According to Roger S. Pressman, Technical Feasibility is the assessment of the technical
resources of the organization. The organization needs IBM compatible machines with a
graphical web browser connected to the Internet and Intranet. The system is developed for

Dept. Computer Science Page 15

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

platform Independent environment. Java Server Pages, JavaScript, HTML, SQL server and
Web Logic Server are used to develop the system.

The technical feasibility has been carried out. The system is technically feasible for
development and can be developed with the existing facility.

4.4 FEASIBILITY ANALYSIS:

Not all request projects are desirable or feasible. Some organization receives so many project
requests from client users that only few of them are pursued. However, those projects that are
both feasible and desirable should be put into schedule. After a project request is approved, it
cost, priority, completion time and personnel requirement is estimated and used to determine
where to add it to any project list. Truly speaking, the approval of those above factors,
development works can be launched.

4.5 TECHNOLOGIES USED:

 JAVA

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be characterized by all of
the following buzzwords:

 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust

Dept. Computer Science Page 16

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

 Dynamic
 Secure

With most programming languages, you either compile or interpret a program so that you can
run it on your computer. The Java programming language is unusual in that a program is both
compiled and interpreted. With the compiler, first you translate a program into an intermediate
language called Java byte codes —the platform-independent codes interpreted by the
interpreter on the Java platform. The interpreter parses and runs each Java byte code
instruction on the computer. Compilation happens just once; interpretation occurs each time
the program is executed. The following figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web
browser that can run applets, is an implementation of the Java VM. Java byte codes help make
“write once, run anywhere” possible. You can compile your program into byte codes on any
platform that has a Java compiler. The byte codes can then be run on any implementation of
the Java VM. That means that as long as a computer has a Java VM, the same program written
in the Java programming language can run on Windows 2000, a Solaris workstation, or on an
iMac.

Dept. Computer Science Page 17

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

The Java Platform

A platform is the hardware or software environment in which a program runs. We’ve already
mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and
MacOS. Most platforms can be described as a combination of the operating system and
hardware. The Java platform differs from most other platforms in that it’s a software-only
platform that runs on top of other hardware-based platforms.

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped
into libraries of related classes and interfaces; these libraries are known as packages. The next
section, What Can Java Technology Do? Highlights what functionality some of the packages
in the Java API provide.

The following figure depicts a program that’s running on the Java platform. As the figure
shows, the Java API and the virtual machine insulate the program from the hardware.

Dept. Computer Science Page 18

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Native code is code that after you compile it, the compiled code runs on a specific hardware
platform. As a platform-independent environment, the Java platform can be a bit slower than
native code. However, smart compilers, well-tuned interpreters, and just-in-time byte code
compilers can bring performance close to that of native code without threatening portability.

Networking

TCP/IP stack

The TCP/IP stack is shorter than the OSI one:

IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers each
datagram independently of the others. Any association between datagram must be supplied by
the higher layers. The IP layer supplies a checksum that includes its own header. The header
includes the source and destination addresses. The IP layer handles routing through an

Dept. Computer Science Page 19

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Internet. It is also responsible for breaking up large datagram into smaller ones for
transmission and reassembling them at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the contents
of the datagram and port numbers. These are used to give a client/server model - see later.

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides a
virtual circuit that two processes can use to communicate.

Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address scheme for
machines so that they can be located. The address is a 32 bit integer which gives the IP
address. This encodes a network ID and more addressing. The network ID falls into various
classes according to the size of the network address.

Network address

Class A uses 8 bits for the network address with 24 bits left over for other addressing. Class B
uses 16 bit network addressing. Class C uses 24 bit network addressing and class D uses all
32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is currently on one
sub network and uses 10-bit addressing, allowing 1024 different hosts.

Host address

8 bits are finally used for host addresses within our subnet. This places a limit of 256
machines that can be on the subnet.

Dept. Computer Science Page 20

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Total address

The 32 bit address is usually written as 4 integers separated by dots.

Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit number. To send a
message to a server, you send it to the port for that service of the host that it is running on.
This is not location transparency! Certain of these ports are "well known".

Sockets

A socket is a data structure maintained by the system to handle network connections. A socket
is created using the call socket. It returns an integer that is like a file descriptor. In fact, under
Windows, this handle can be used with Read File and Write File functions.

#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will be zero, and type will
depend on whether TCP or UDP is used. Two processes wishing to communicate over a
network create a socket each. These are similar to two ends of a pipe - but the actual pipe does
not yet exist.

Dept. Computer Science Page 21

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 5

SYSTEM DESIGN

5.1 ARCHITECTURE DIAGRAM:

Dept. Computer Science Page 22

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

5.2. BLOCK DIAGRAMS:

Dept. Computer Science Page 23

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

5.3 DATAFLOW DIAGRAMS:

Dept. Computer Science Page 24

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Dept. Computer Science Page 25

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

5.4 SEQUENCE DIAGRAM:

Dept. Computer Science Page 26

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

5.5 USE CASE DIAGRAM:

Dept. Computer Science Page 27

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 6

IMPLEMENTATION

It has been modularized into following modules:

1. Key Authorities
2. Storage Nodes
3. Sender
4. User

6.1 KEY AUTHORITIES:

They are key generation centers that generate public/secret parameters for CP-ABE. The key
authorities consist of a central authority and multiple local authorities. We assume that there
are secure and reliable communication channels between a central authority and each local
authority during the initial key setup and generation phase. Each local authority manages
different attributes and issues corresponding attribute keys to users. They grant differential
access rights to individual users based on the users’ attributes. The key authorities are
assumed to be honest-but-curious. That is, they will honestly execute the assigned tasks in the
system; however they would like to learn information of encrypted contents as much as
possible.

6.2 STORAGE NODE:

This is an entity that stores data from senders and provide corresponding access to users. It
may be mobile or static. Similar to the previous schemes, we also assume the storage node to
be semi-trusted that is honest-but-curious.

6.3 SENDER:

This is an entity who owns confidential messages or data (e.g., a commander) and wishes to
store them into the external data storage node for ease of sharing or for reliable delivery to

Dept. Computer Science Page 28

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

users in the extreme networking environments. A sender is responsible for defining (attribute
based) access policy and enforcing it on its own data by encrypting the data under the policy
before storing it to the storage node.

6.4 USER:

This is a mobile node who wants to access the data stored at the storage node (e.g., a soldier).
If a user possesses a set of attributes satisfying the access policy of the encrypted data defined
by the sender, and is not revoked in any of the attributes, then he will be able to decrypt the
cipher text and obtain the data.

Dept. Computer Science Page 29

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 7

TESTING

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality
of components, sub-assemblies, assemblies and/or a finished product It is the process of
exercising software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.

TYPES OF TESTS
Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches
and internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests
perform basic tests at component level and test a specific business process, application, and/or
system configuration. Unit tests ensure that each unique path of a business process performs
accurately to the documented specifications and contains clearly defined inputs and expected
results.

Integration testing
Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of
components is correct and consistent. Integration testing is specifically aimed at exposing the
problems that arise from the combination of components.

Dept. Computer Science Page 30

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Functional test
Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and technical requirements, system documentation, and user
manuals.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

System Test
System testing ensures that the entire integrated software system meets requirements. It tests a
configuration to ensure known and predictable results. An example of system testing is the
configuration oriented system integration test. System testing is based on process descriptions
and flows, emphasizing pre-driven process links and integration points.

White Box Testing

White Box Testing is a testing in which in which the software tester has knowledge of the
inner workings, structure and language of the software, or at least its purpose. It is purpose. It
is used to test areas that cannot be reached from a black box level.

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests,
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the
software under test is treated, as a black box .you cannot “see” into it. The test provides inputs
and responds to outputs without considering how the software works.

Dept. Computer Science Page 31

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Test Test Name Input Output Expected Result Status

Id

Sender browsing the file Data stored Data stored in encrypted

data form
1 PASS

Data is not Present in

directory
Sender browsing data data Display Data FAIL

2 Sender Requesting key Key Authority Key Generated and send Key generated for file PASS
to Key Authority IP address back to sender

Sender Requesting key Invalid Key Key Not Generated and not Key generated for file Fail
to Key Authority Authority IP send back to sender
address

3 Sender Sending data Storage node Data stored in storage node Data stored in storage PASS
to Storage node IP address node

Sender Sending data Invalid server Data cannot stored in Data stored in storage Fail
to Storage node IP address storage node node

Authority IP Battalion Registered in Battalion Registered in

address Authority Authority
4 Sender Registering the PASS
Battalion

Invalid Battalion Not Registered in Battalion Registered in

Authority IP Authority Authority
Sender Registering the address FAIL
Battalion

Sender Giving Authority IP Download Permission Download Permission

Permission to the address Given to the Battalion Given to the Battalion
5 Battalion PASS

Sender Giving Invalid Download Permission not Download Permission

Permission to the Authority IP Given to the Battalion Given to the Battalion
Battalion address FAIL

Dept. Computer Science Page 32

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

CHAPTER: 8

SCREEN SHOTS

Login Page

Dept. Computer Science Page 33

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Registration Page

Dept. Computer Science Page 34

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Home Page

Sender Page

Dept. Computer Science Page 35

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Storage Node

Key Authorities

Dept. Computer Science Page 36

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

End User

Dept. Computer Science Page 37

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

SOURCE CODE

End User Login Page

import java.awt.*;

import java.awt.event.ActionEvent;

import java.awt.event.ActionListener;

import java.io.DataInputStream;

import java.io.DataOutputStream;

import java.net.Socket;

import javax.swing.ImageIcon;

import javax.swing.JButton;

Dept. Computer Science Page 38

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

import javax.swing.JFrame;

import javax.swing.JLabel;

import javax.swing.JOptionPane;

import javax.swing.JPasswordField;

import javax.swing.JTextField;

import javax.swing.UIManager;

public class EndUserLogin extends JFrame implements ActionListener

Container c;

Font f1 = new Font("Times new Roman",Font.BOLD,18);

JButton login,reset;

JLabel j1,j2;

JTextField tf1;

String key="";

String sig="";

JPasswordField tf2;

EndUserLogin()

c = getContentPane();

c.setLayout(null);

Dept. Computer Science Page 39

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

c.setBackground(new Color(107, 168, 104));

setTitle("User Login::Secure Data Retrieval for Decentralized Disruption-

Tolerant Military Networks");

j1 = new JLabel("Name:");

j1.setBounds(100,100,100,50);

j1.setFont(f1);

c.add(j1);

tf1 = new JTextField(20);

tf1.setBounds(200,110,100,30);

c.add(tf1);

tf2 = new JPasswordField(20);

tf2.setEchoChar('*');

tf2.setBounds(200,160,100,30);

c.add(tf2);

j2 = new JLabel("Password:");

j2.setBounds(100,150,100,50);

j2.setFont(f1);

c.add(j2);

login = new JButton("Login");

login.setBounds(120,250,100,30);

login.addActionListener(this);

Dept. Computer Science Page 40

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

c.add(login);

reset = new JButton("Reset");

reset.setBounds(240,250,100,30);

reset.addActionListener(this);

c.add(reset);

setSize(490,400);

setVisible(true);

public void actionPerformed(ActionEvent e)

if(e.getSource()==reset)

tf1.setText("");

tf2.setText("");

if(e.getSource()==login)

String name = tf1.getText();

String pass = tf2.getText();

String kip=JOptionPane.showInputDialog("Enter Key Authority IP

Address");

Dept. Computer Science Page 41

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

try

Socket sc = new Socket(kip,302); //eNTER iP of cs

DataOutputStream dout = new

DataOutputStream(sc.getOutputStream());

dout.writeUTF(name);

dout.writeUTF(pass);

DataInputStream din = new

DataInputStream(sc.getInputStream());

String msg = din.readUTF();

if(msg.equalsIgnoreCase("success"))

tf1.setText("");

tf2.setText("");

new Enduser(name);

try

UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel")
;

}catch(Exception es){System.out.println(es);}

else if(msg.equalsIgnoreCase("failure"))
Dept. Computer Science Page 42
Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

JOptionPane.showMessageDialog(null,"INVALID
DETAILS or Not Registered");

catch(Exception e1)

e1.printStackTrace();

public static void main(String[] args) {

new EndUserLogin();

try

UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel")
;

}catch(Exception es){System.out.println(es);}

} }

Dept. Computer Science Page 43

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Registration Page

import java.awt.Container;

import java.awt.Font;

import java.awt.event.ActionEvent;

import java.awt.event.ActionListener;

import java.io.DataInputStream;

import java.io.DataOutputStream;

import java.io.File;

import java.io.FileOutputStream;

Dept. Computer Science Page 44

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

import java.io.PrintStream;

import java.net.Socket;

import java.util.Random;

import javax.swing.*;

import java.awt.*;

public class Register extends JFrame implements ActionListener

Container c;

Font f1 = new Font("times new roman",Font.BOLD,16);

Font f2 = new Font("times new roman",Font.BOLD,16);

JLabel j1,j2,j3,j4,j5,j6,j7,j8,jcp;

JTextField t1,t5,t8,tcp;

JComboBox t3,t4;

JButton jb1,jb2;

JComboBox jc,jc2;

JPasswordField t2;

Register()

setTitle("Registration::Secure Data Retrieval for Decentralized Disruption-

Tolerant Military Networks");

c = getContentPane();

c.setLayout(null);

Dept. Computer Science Page 45

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

c.setBackground(new Color(170,230,150));

jb1 = new JButton("Submit");

jb1.setBounds(0,400,150,30);

jb1.addActionListener(this);

c.add(jb1);

jb2 = new JButton("Reset");

jb2.setBounds(160,400,150,30);

jb2.addActionListener(this);

c.add(jb2);

j1= new JLabel("Name:");

j1.setFont(f1);

j1.setBounds(20,100,100,50);

c.add(j1);

t1 = new JTextField(20);

t1.setFont(f2);

t1.setBounds(120,110,150,30);

c.add(t1);

j2= new JLabel("Password:");

j2.setFont(f1);

j2.setBounds(20,150,100,50);

c.add(j2);

t2 = new JPasswordField(20);

Dept. Computer Science Page 46

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

t2.setEchoChar('*');

t2.setFont(f2);

t2.setBounds(120,160,150,30);

c.add(t2);

jcp= new JLabel("Confirm PW:");

jcp.setFont(f1);

jcp.setBounds(20,200,100,50);

c.add(jcp);

tcp = new JPasswordField(20);

((JPasswordField) tcp).setEchoChar('*');

tcp.setFont(f2);

tcp.setBounds(120,210,150,30);

c.add(tcp);

j3= new JLabel("Battalion");

j3.setFont(f1);

j3.setBounds(20,250,100,50);

c.add(j3);

String list1[]={"B1","B2","B3","B4"};

String list2[]={"R1","R2","R3","R4"};

t3 = new JComboBox(list1);

t3.setFont(f2);

t3.setBounds(120,260,150,30);

Dept. Computer Science Page 47

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

c.add(t3);

j4= new JLabel("Region:");

j4.setFont(f1);

j4.setBounds(20,300,100,50);

c.add(j4);

t4 = new JComboBox(list2);

t4.setFont(f2);

t4.setBounds(120,310,150,30);

c.add(t4);

setSize(350,500);

setVisible(true);

public void actionPerformed(ActionEvent e)

if(e.getSource()==jb1)

String ip=JOptionPane.showInputDialog(null,"Enter Ip SN
server");

try

Dept. Computer Science Page 48

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

String name=t1.getText();

String pass1=t2.getText();

String pass2=tcp.getText();

String Bat=t3.getSelectedItem().toString();

String Region=t4.getSelectedItem().toString();

if(name.equals(" ")||pass1.equals(" ")||pass2.equals(" ")||

Bat.equals(" ")||Region.equals(" "))

JOptionPane.showMessageDialog(null,"Enter All
details"); }

else

if(pass1.equals(pass2))

Socket sc = new Socket(ip,6563);

DataOutputStream dout = new

DataOutputStream(sc.getOutputStream());

dout.writeUTF(name);

dout.writeUTF(pass1);

dout.writeUTF(Bat);

dout.writeUTF(Region);

DataInputStream din = new

DataInputStream(sc.getInputStream());

Dept. Computer Science Page 49

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

String msg = din.readUTF();

JOptionPane.showMessageDialog(null,"Registration Successfull");

else

JOptionPane.showMessageDialog(null,"Password Confirmation Failed");

catch(Exception e1)

e1.printStackTrace();

if(e.getSource()==jb2)

t1.setText(" ");
Dept. Computer Science Page 50
Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

t2.setText("");

tcp.setText("");

public static void main(String[] args) {

new Register();

try

UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel")
;

}catch(Exception es){System.out.println(es);}

CHAPTER: 9

CONCLUSION

DTN technologies are becoming successful solutions in military applications that allow
wireless devices to communicate with each other and access the confidential information
reliably by exploiting external storage nodes. CP-ABE is a scalable cryptographic solution to
the access control and secure data retrieval issues. In this paper, we proposed an efficient and
secure data retrieval method using CP-ABE for decentralized DTNs where multiple key
authorities manage their attributes independently. The inherent key escrow problem is
resolved such that the confidentiality of the stored data is guaranteed even under the hostile

Dept. Computer Science Page 51

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

environment where key authorities might be compromised or not fully trusted. In addition, the
fine-grained key revocation can be done for each attribute group. We demonstrate how to
apply the proposed mechanism to securely and efficiently manage the confidential data
distributed in the disruption- tolerant military network.

CHAPTER: 10

BIBLIOGRAPHY
References:

[1] J. Burgess, B. Gallagher, D. Jensen, and B. N. Levine, “Maxprop: Routing for vehicle-
based disruption tolerant networks,” in Proc. IEEE INFOCOM, 2006, pp. 1–11.
[2] M. Chuah and P. Yang, “Node density-based adaptive routing scheme for disruption
tolerant networks,” in Proc. IEEE MILCOM, 2006, pp. 1–6.
[3] M. M. B. Tariq, M. Ammar, and E. Zequra, “Mesage ferry route design for sparse ad hoc
networks with mobile nodes,” in Proc. ACM MobiHoc, 2006, pp. 37–48.

Dept. Computer Science Page 52

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

[4] S. Roy andM. Chuah, “Secure data retrieval based on ciphertext policy attribute-based
encryption (CP-ABE) system for the DTNs,” Lehigh CSE Tech. Rep., 2009.
[5] M. Chuah and P. Yang, “Performance evaluation of content-based information retrieval
schemes for DTNs,” in Proc. IEEE MILCOM, 2007, pp. 1–7.
[6] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable secure
file sharing on untrusted storage,” in Proc. Conf. File Storage Technol., 2003, pp. 29–42.
[7] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Mediated ciphertext-policy
attribute-based encryption and its application,” in Proc. WISA, 2009, LNCS 5932, pp. 309–
323.
[8] N. Chen, M. Gerla, D. Huang, and X. Hong, “Secure, selective group broadcast in
vehicular networks using dynamic attribute based encryption,” in Proc. Ad Hoc Netw.
Workshop, 2010, pp. 1–8.
[9] D. Huang and M. Verma, “ASPE: Attribute-based secure policy enforcement in vehicular
ad hoc networks,” Ad Hoc Netw., vol. 7, no. 8, pp. 1526–1535, 2009.
[10] A. Lewko and B. Waters, “Decentralizing attribute-based encryption,” Cryptology ePrint
Archive: Rep. 2010/351, 2010.
[11] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Proc. Eurocrypt, 2005, pp.
457–473.
[12] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-
grained access control of encrypted data,” in Proc. ACM Conf. Comput. Commun. Security,
2006, pp. 89–98.
[13] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,”
in Proc. IEEE Symp. Security Privacy, 2007, pp. 321–334.
[14] R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic
access structures,” in Proc. ACM Conf. Comput. Commun. Security, 2007, pp. 195–203.
[15] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute
revocation,” in Proc. ASIACCS, 2010, pp. 261–270.
[16] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient
revocation,” in Proc. ACM Conf. Comput. Commun. Security, 2008, pp. 417–426.
[17] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, “Secure attributebased systems,” in
Proc. ACMConf. Comput. Commun. Security, 2006, pp. 99–112.

Dept. Computer Science Page 53

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

[18] S. Rafaeli and D. Hutchison, “A survey of key management for secure group
communication,” Comput. Surv., vol. 35, no. 3, pp. 309–329, 2003.
[19] S. Mittra, “Iolus: A framework for scalable secure multicasting,” in Proc. ACM
SIGCOMM, 1997, pp. 277–288.
[20] P. Golle, J. Staddon, M. Gagne, and P. Rasmussen, “A content-driven access control
system,” in Proc. Symp. Identity Trust Internet, 2008, pp. 26–35.
[21] L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proc. ACM
Conf. Comput. Commun. Security, 2007, pp. 456–465.
[22] V.Goyal, A. Jain,O. Pandey, andA. Sahai, “Bounded ciphertext policy attribute-based
encryption,” in Proc. ICALP, 2008, pp. 579–591.
[23] X. Liang, Z. Cao, H. Lin, and D. Xing, “Provably secure and efficient bounded ciphertext
policy attribute based encryption,” in Proc. ASIACCS, 2009, pp. 343–352.
[24] M. Chase and S. S. M. Chow, “Improving privacy and security inmultiauthority attribute-
based encryption,” in Proc. ACM Conf. Comput. Commun. Security, 2009, pp. 121–130.
[25] M. Chase, “Multi-authority attribute based encryption,” in Proc. TCC, 2007, LNCS 4329,
pp. 515–534.
[26] S. S.M. Chow, “Removing escrow from identity-based encryption,” in Proc. PKC, 2009,
LNCS 5443, pp. 256–276.
[27] M. Belenkiy, M. Chase, M. Kohlweiss, and A. Lysyanskaya, “P-signatures and
noninteractive anonymous credentials,” in Proc. TCC, 2008, LNCS 4948, pp. 356–374.
[28] M.Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss,A.Hysyanskaya, and H. Shacham,
“Randomizable proofs and delegatable anonymous credentials,” in Proc. Crypto, LNCS 5677,
pp. 108–125.
[29] D. Naor, M. Naor, and J. Lotspiech, “Revocation and tracing schemes for stateless
receivers,” in Proc. CRYPTO, 2001, LNCS 2139, pp. 41–62.
[30] C. K.Wong,M. Gouda, and S. S. Lam, “Secure group communications using key graphs,”
in Proc. ACM SIGCOMM, 1998, pp. 68–79.
[31] A. T. Sherman and D. A. McGrew, “Key establishment in large dynamic groups using
one-way function trees,” IEEE Trans. Softw. Eng., vol. 29, no. 5, pp. 444–458, May 2003.
[32] K. C. Almeroth and M. H. Ammar, “Multicast group behavior in the Internet’s multicast
backbone (MBone),” IEEE Commun. Mag., vol. 35, no. 6, pp. 124–129, Jun. 1997.

Dept. Computer Science Page 54

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

[33] “The Pairing-Based Cryptography Library,” Accessed Aug. 2010 [Online]. Available:
http://crypto.stanford.edu/pbc/

Dept. Computer Science Page 55