research-article

PBES: a policy based encryption system with application to data sharing in the power grid

Authors:

Himanshu Khurana,

Farhana AshrafAuthors Info & Claims

ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

Pages 262 - 275

https://doi.org/10.1145/1533057.1533093

Published: 10 March 2009 Publication History

Abstract

In distributed systems users need the ability to share sensitive content with multiple other recipients based on their ability to satisfy arbitrary policies. One such system is electricity grids where finegrained sensor data sharing holds the potential for increased reliability and efficiency. However, effective data sharing requires technical solutions that support flexible access policies, for example, sharing more data when the grid is unstable. In such systems, both the messages and policies are sensitive and, therefore, they need to kept be secret. Furthermore, to allow for such a system to be secure and usable in the presence of untrusted object stores and relays it must be resilient in the presence of active adversaries and provide efficient key management. While several of these properties have been studied in the past we address a new problem in the area of policy based encryption in that we develop a solution with all of these capabilities. We develop a Policy and Key Encapsulation Mechanism -- Data Encapsulation Mechanism (PKEM-DEM) encryption scheme that is a generic construction secure against adaptive chosen ciphertext attacks and develop a Policy Based Encryption System (PBES) using this scheme that provides these capabilities. We provide an implementation of PBES and measure its performance.

References

[1]

M. Abe, R. Gennaro, and K. Kurosawa. Tag-KEM/DEM: A new framework for hybrid encryption. J. Cryptol., 21(1):97--130, 2008.

Digital Library

[2]

S. S. Al-Riyami, J. Malone-Lee, and N. P. Smart. Escrow-free encryption supporting cryptographic workflow. Int. J. Inf. Sec., 5(4):217--229, 2006.

Digital Library

[3]

Z. Anwar, R. Shankesi, and R. H. Campbell. Automatic Security Assessment of Critical Cyber-Infrastructures. In Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Springer, July 2008.

[4]

R. Arends, R. Austein, M. Larson, and D. Massey. Resource Records for the DNS Security Extensions. Technical report, RFC 4034, March 2005.

[5]

J. Bacon, D. M. Eyers, K. Moody, and L. I. W. Pesonen. Securing Publish/Subscribe for Multi-domain Systems. In G. Alonso, editor, Middleware, volume 3790 of Lecture Notes in Computer Science, pages 1--20. Springer, 2005.

Digital Library

[6]

J. Bacon, K. Moody, and W. Yao. A model of OASIS role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur., 5(4):492--540, 2002.

Digital Library

[7]

J. Baek and Y. Zheng. Identity-Based Threshold Decryption. Proc. of PKC, 4:262--276, 2004.

[8]

W. Bagga and R. Molva. Policy-Based Cryptography and Applications. In A. S. Patrick and M. Yung, editors, Financial Cryptography, volume 3570 of Lecture Notes in Computer Science, pages 72--87. Springer, 2005.

Digital Library

[9]

W. Bagga and R. Molva. Collusion-Free Policy-Based Encryption. In S. K. Katsikas, J. Lopez, M. Backes, S. Gritzalis, and B. Preneel, editors, ISC, volume 4176 of Lecture Notes in Computer Science, pages 233--245. Springer, 2006.

Digital Library

[10]

J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-Policy Attribute-Based Encryption. In IEEE Symposium on Security and Privacy, 2007.

Digital Library

[11]

D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. Advances in Cryptology-Crypto 2001: 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19--23, 2001, Proceedings, 2001.

Digital Library

[12]

R. W. Bradshaw, J. E. Holt, and K. E. Seamons. Concealing complex policies with hidden credentials. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 146--157, New York, NY, USA, 2004. ACM.

Digital Library

[13]

J. Cai, Z. Huang, J. Hauer, and K. Martin. Current Status and Experience of WAMS Implementation in North America. Transmission and Distribution Conference and Exhibition: Asia and Pacific, 2005 IEEE/PES, pages 1--7, 2005.

[14]

L. Cheung and C. Newport. Provably secure ciphertext policy ABE. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 456--465, New York, NY, USA, 2007. ACM.

Digital Library

[15]

R. Cramer and V. Shoup. Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack. SIAM Journal on Computing, 33(1):167--226, Feb. 2004.

Digital Library

[16]

J. Dagle. Postmortem analysis of power grid blackouts -- The role of measurement systems. Power and Energy Magazine, IEEE, 4(5):30--35, Sept.-Oct. 2006.

[17]

J. E. Dagle. North American SynchroPhasor Initiative. In Hawaii International Conference on System Sciences, 2008.

Digital Library

[18]

X. Ding and G. Tsudik. Simple Identity-Based Cryptography with Mediated RSA. Topics in Cryptology, CT-RSA 2003: The Cryptographers' Track at the Rsa Conference 2003, San Francisco, CA, USA April 13--17, 2003, Proceedings, 2003.

Digital Library

[19]

M. Donnelly, M. Ingram, and J. R. Carroll. Eastern Interconnection Phasor Project. In Hawaii International International Conference on Systems Science (HICSS-39 2006), January 2006.

Digital Library

[20]

S. Farrell and R. Housley. An Internet Attribute Certificate Profile for Authorization (RFC 3281). Internet Engineering Task Force, Network Working Group, April, 2002.

Digital Library

[21]

K. Fisler, S. Krishnamurthi, L. Meyerovich, and M. Tschantz. Verification and change-impact analysis of access-control policies. Proceedings of the 27th international conference on Software engineering, pages 196--205, 2005.

Digital Library

[22]

W. Ford and M. J. Wiener. A key distribution method for object-based protection. In CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security, pages 193--197, New York, NY, USA, 1994. ACM.

Digital Library

[23]

K. B. Frikken, M. J. Atallah, and J. Li. Attribute-Based Access Control with Hidden Policies and Hidden Credentials. IEEE Trans. Computers, 55(10):1259--1270, 2006.

Digital Library

[24]

R. Gennaro. Robust and Efficient Sharing of RSA Functions. Journal of Cryptology, 13(2):273--300, 2000.

Digital Library

[25]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM conference on Computer and communications security, pages 89--98, 2006.

Digital Library

[26]

L. Granboulan. RSA hybrid encryption schemes. Technical report, Dec. 2001.

[27]

C. H. Hauser, D. E. Bakken, I. Dionysiou, K. H. Gjermundr&phis;d, V. S. Irava, J. Helkey, and A. Bose. Security, Trust, and QoS in Next-Generation Control and Communication for Large Power Systems. International Journal of System of Critical Infrastructures, 4(1/2), 2008.

[28]

A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. Proactive public key and signature systems. Proceedings of the 4th ACM conference on Computer and communications security, pages 100--110, 1997.

Digital Library

[29]

J. P. Jones, D. F. Berger, and C. V. Ravishankar. Layering Public Key Distribution Over Secure DNS using Authenticated Delegation. In ACSAC, pages 409--418. IEEE Computer Society, 2005.

Digital Library

[30]

A. Kapadia, P. P. Tsang, and S. W. Smith. Attribute-Based Publishing with Hidden Credentials and Hidden Policies. In Proceedings of The 14th Annual Network and Distributed System Security Symposium (NDSS), pages 179--192, March 2007.

[31]

J. Li and N. Li. Policy-hiding access control in open environment. In PODC '05: Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing, pages 29--38, New York, NY, USA, 2005. ACM.

Digital Library

[32]

J. Linn and M. Branchaud. An examination of asserted PKI issues and proposed alternatives. Proceedings of the 3rd Annual PKI R & D WorkshopGaithers-burg: NIST, 2004.

[33]

P. Myrda, E. Gunther, M. Gehrs, and J. Melcher. EIPP Data Management Task Team Architecture. In Hawaii International International Conference on Systems Science (HICSS-40 2007), page 118, January 2007.

Digital Library

[34]

T. Nishide, K. Yoneyama, and K. Ohta. Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures. In S. M. Bellovin, R. Gennaro, A. D. Keromytis, and M. Yung, editors, ACNS, volume 5037 of Lecture Notes in Computer Science, pages 111--129, June 2008.

Digital Library

[35]

V. Shoup. A Proposal for an ISO Standard for Public Key Encryption. Cryptology ePrint Archive, Report 2001/112, 2001. http://eprint.iacr.org/.

[36]

D. K. Smetters and G. Durfee. Domain-Based Authentication of Identity-Based Cryptosystems for Secure Email and IPsec. In 12th Usenix Security Symposium, Washington, D.C., August 2003.

Digital Library

[37]

M. Srivatsa and L. Liu. Key Derivation Algorithms for Monotone Access Structures in Cryptographic File Systems. In European Symposium on Research in Computer Security, Hamburg, Germany, pages 347--361, September 2006.

Digital Library

[38]

M. Srivatsa and L. Liu. Secure Event Dissemination in Publish-Subscribe Networks. In ICDCS '07: Proceedings of the 27th International Conference on Distributed Computing Systems, page 22, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[39]

P. P. Tsang and S. W. Smith. YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems. In S. Jajodia, P. Samarati, and S. Cimato, editors, SEC, volume 278 of IFIP, pages 445--459. Springer, 2008.

[40]

U.S.-Canada Power System Outage Task Force. Final Report on the August 14, 2003 Blackout in the United States and Canada: Causes and Recommendations, April 2004.

[41]

P. Veríssimo, N. F. Neves, and M. Correia. The CRUTIAL reference critical information infrastructure architecture: a blueprint. International Journal of System of Systems Engineering, 1(1/2), 2008.

[42]

H. Wang, S. Jha, T. W. Reps, S. Schwoon, and S. G. Stubblebine. Reducing the Dependence of SPKI/SDSI on PKI. In European Symposium on Research in Computer Security, Hamburg, Germany, pages 156--173, September 2006.

Digital Library

Cited By

Huang KHu XZhou RXiang D(2024)Optimization and privacy protection of microgrid power trading system based on attribute encryption technologyEAI Endorsed Transactions on Energy Web10.4108/ew.543111Online publication date: 15-Mar-2024
https://doi.org/10.4108/ew.5431
Batista ADos Santos A(2024)A Survey on Resilience in Information Sharing on Networks: Taxonomy and Applied TechniquesACM Computing Surveys10.1145/365994456:12(1-36)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3659944
Zhang LYang GSong CWu Q(2023)Accountable multi-authority attribute-based data access control in smart gridsJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.10159735:7Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1016/j.jksuci.2023.101597
Show More Cited By

Index Terms

PBES: a policy based encryption system with application to data sharing in the power grid

Recommendations

Secure wireless communication platform for EV-to-Grid research
IWCMC '10: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference

"Vehicle to Grid" power or V2G will be a new green energy scheme that allows electricity to flow from Electric Vehicles (EVs) to power lines. The objective of this paper is to design and develop a secure wireless communication platform for V2G research, ...
Data Privacy Protection and Sharing in Smart Grid Based on Blockchain Technology
ICCSIE '23: Proceedings of the 8th International Conference on Cyber Security and Information Engineering

With the rapid development of science and technology, the scale of power grid construction is gradually expanding, and the level of intelligence is also constantly improving, which also brings the problem of data leakage and data loss to the smart grid. ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

March 2009

408 pages

ISBN:9781605583945

DOI:10.1145/1533057

General Chairs:
Wanqing Li
University of Wollongong, Australia
,
Willy Susilo
University of Wollongong, Australia
,
Udaya Tupakula
Macquarie University, Australia
,
Program Chairs:
Rei Safavi-Naini
University of Calgary, Canada
,
Vijay Varadharajan
Macquarie University, Australia

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

Asia CCS 09

Sponsor:

SIGSAC

Asia CCS 09: Asia CCS 2009 ACM Symposium on Information, Computer and Communications Security

March 10 - 12, 2009

Sydney, Australia

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
628
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)2

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huang KHu XZhou RXiang D(2024)Optimization and privacy protection of microgrid power trading system based on attribute encryption technologyEAI Endorsed Transactions on Energy Web10.4108/ew.543111Online publication date: 15-Mar-2024
https://doi.org/10.4108/ew.5431
Batista ADos Santos A(2024)A Survey on Resilience in Information Sharing on Networks: Taxonomy and Applied TechniquesACM Computing Surveys10.1145/365994456:12(1-36)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3659944
Zhang LYang GSong CWu Q(2023)Accountable multi-authority attribute-based data access control in smart gridsJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.10159735:7Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1016/j.jksuci.2023.101597
Zhang LLi JHu FHuang YBai J(2020)Smart grid data access control scheme based on blockchainComputational Intelligence10.1111/coin.1238536:4(1773-1784)Online publication date: 26-Nov-2020
https://doi.org/10.1111/coin.12385
Luo JYao SZhang JXu WHe YZhang M(2020)A Secure and Anonymous Communication Scheme for Charging Information in Vehicle-to-GridIEEE Access10.1109/ACCESS.2020.30054008(126733-126742)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3005400
Prince PLovesum S(2020)Privacy Enforced Access Control Model for Secured Data Handling in Cloud-Based Pervasive Health Care SystemSN Computer Science10.1007/s42979-020-00246-41:5Online publication date: 21-Jul-2020
https://dl.acm.org/doi/10.1007/s42979-020-00246-4
Luo JYao SGou JShuai LCao Y(2019)A Secure Transmission Scheme of Sensitive Power Information in Ubiquitous Power IoTProceedings of the 2019 3rd International Conference on Computer Science and Artificial Intelligence10.1145/3374587.3374631(252-257)Online publication date: 6-Dec-2019
https://dl.acm.org/doi/10.1145/3374587.3374631
Limbasiya TArya A(2018)Attacks on Authentication and Authorization Models in Smart GridSmart Micro-Grid Systems Security and Privacy10.1007/978-3-319-91427-5_4(53-70)Online publication date: 28-Aug-2018
https://doi.org/10.1007/978-3-319-91427-5_4
Kishimoto HYanai NOkamura S(2018)An Anonymous Authentication Protocol for the Smart GridSmart Micro-Grid Systems Security and Privacy10.1007/978-3-319-91427-5_3(29-52)Online publication date: 28-Aug-2018
https://doi.org/10.1007/978-3-319-91427-5_3
Doshi N(2018)Analysis of Attribute-Based Secure Data Sharing with Hidden Policies in Smart Grid of IoTIntelligent Computing & Optimization10.1007/978-3-030-00979-3_54(515-521)Online publication date: 28-Sep-2018
https://doi.org/10.1007/978-3-030-00979-3_54
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents