6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing

Research Article

A selective encryption approach to fine-grained access control for P2P file sharing

Download217 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2010.4,
        author={Aditi Gupta and Salmin Sultana and Michael Kirkpatrick and Elisa Bertino},
        title={A selective encryption approach to fine-grained access control for P2P file sharing},
        proceedings={6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2011},
        month={5},
        keywords={Access control Companies Encryption Measurement Peer to peer computing Prototypes},
        doi={10.4108/icst.collaboratecom.2010.4}
    }
    
  • Aditi Gupta
    Salmin Sultana
    Michael Kirkpatrick
    Elisa Bertino
    Year: 2011
    A selective encryption approach to fine-grained access control for P2P file sharing
    COLLABORATECOM
    ICST
    DOI: 10.4108/icst.collaboratecom.2010.4
Aditi Gupta1,*, Salmin Sultana2,*, Michael Kirkpatrick1,*, Elisa Bertino1,*
  • 1: Department of Computer Science, Purdue University
  • 2: Department of Electrical and Computer Engineering, Purdue University
*Contact email: aditi@purdue.edu, ssultana@purdue.edu, mkirkpat@cs.purdue.edu, bertino@cs.purdue.edu

Abstract

As the use of peer-to-peer (P2P) services for distributed file sharing has grown, the need for fine-grained access control (FGAC) has emerged. Existing access control frameworks use an all-or-nothing approach that is inadequate for sensitive content that may be shared by multiple users. In this paper, we propose a FGAC mechanism based on selective encryption techniques. Using this approach, the owner of a file specifies access control policies over various byte ranges in the file. The separate byte ranges are then encrypted and signed with different keys. Users of the file only receive the encryption keys for the ranges they are authorized to read and signing keys for the ranges they are authorized to write. We also propose an optional enhancement of the scheme where a file owner can hide location of the file. Our approach includes a key distribution scheme based on a public key infrastructure (PKI) and access control vectors. We also discuss how policy changes and file modifications are handled in our scheme. We have integrated our FGAC mechanism with the Chord structured P2P network. In this paper, we discuss relevant issues concerning the implementation and integration with Chord and present the performance results for our prototype implementation.