Abstract
We present a new access control mechanism for P2P networks with distributed enforcement, called P2P Access Control System (PACS). PACS enforces powerful access control models like RBAC with administrative delegation inside a P2P network in a pure P2P manner, which is not possible in any of the currently used P2P access control mechanisms. PACS uses client-side enforcement to support the replication of confidential data. To avoid a single point of failure at the time of privilege enforcement, we use threshold cryptography to distribute the enforcement among the participants. Our analysis of the expected number of messages and the computational effort needed in PACS shows that its increased flexibility comes with an acceptable additional overhead.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Halevy, A.Y., et al.: Schema Mediation in Peer Data Management Systems. In: ICDE, pp. 505–516 (2003)
Sturm, C.: Orchestrating Access Control in Peer Data Management Systems. In: Grust, T., Höpfner, H., Illarramendi, A., Jablonski, S., Mesiti, M., Müller, S., Patranjan, P.-L., Sattler, K.-U., Spiliopoulou, M., Wijsen, J. (eds.) EDBT 2006. LNCS, vol. 4254, pp. 66–74. Springer, Heidelberg (2006)
Sturm, C., Dittrich, K., Ziegler, P.: An Access Control Mechanism for P2P Collaborations. In: DAMAP (2008)
Miklau, G., Suciu, D.: Controlling Access to Published Data Using Cryptography. In: VLDB, pp. 898–909 (2003)
Bouganim, L., et al.: Client-Based Access Control Management for XML Documents. In: VLDB, pp. 84–95 (2004)
Desmedt, Y.G.: Threshold Cryptography. European Transactions on Telecommunications and Related Technologies 5(4), 449–457 (1994)
NIST: Role Based Access Control. ANSI INCITS 359-2004 (February 2004)
Crispo, B., et al.: P-Hera: Scalable Fine-grained Access Control for P2P Infrastructures. In: ICPADS, pp. 585–591 (2005)
Berket, K., Essiari, A., Muratas, A.: PKI-Based Security for Peer-to-Peer Information Sharing. In: P2P, pp. 45–52 (2004)
Goh, E.J., et al.: SiRiUS: Securing Remote Untrusted Storage. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2003 (2003)
Koç, E.: Access Control in Peer-to-Peer Storage Systems. Master’s thesis, ETH Zurich (October 2006)
Koç, E., et al.: PACISSO: P2P Access Control Incorporating Scalability and Self-Organization for Storage Systems. Technical Report TR-2007-165, Sun Microsystems, Inc. (June 2007)
Sandhu, R., Zhang, X.: Peer-to-Peer Access Control Architecture Using Trusted Computing Technology. In: SACMAT, pp. 147–158 (2005)
Saxena, N., et al.: Threshold Cryptography in P2P and MANETs: The Case of Access Control. Comput. Netw. 51(12), 3632–3649 (2007)
Naor, M., Wool, A.: Access Control and Signatures via Quorum Secret Sharing. IEEE Trans. Parallel Distrib. Syst. 9(9), 909–922 (1998)
Castro, M., et al.: Secure Routing for Structured Peer-to-Peer Overlay Networks. SIGOPS Oper. Syst. Rev. 36(SI), 299–314 (2002)
Committee, O.A.C.T.: eXtensible Access Control Markup Language (XACML) Version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Stoica, I., et al.: Chord: A Scalable Peer-To-Peer Lookup Service for Internet Applications. In: SIGCOMM 2001, pp. 149–160 (2001)
Desmedt, Y.G., Frankel, Y.: Threshold Cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, New York (2002)
Rivest, R.L., et al.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Shamir, A.: How to Share a Secret. Commun. ACM 22(11), 612–613 (1979)
Desmedt, Y., Frankel, Y.: Shared Generation of Authenticators and Signatures. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 457–469. Springer, Heidelberg (1992)
Gennaro, R., et al.: Robust and Efficient Sharing of RSA Functions. Journal of Cryptology 13(2), 273–300 (2000)
Herzberg, A., et al.: Proactive Secret Sharing Or: How to Cope With Perpetual Leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Sturm, C., Hunt, E., Scholl, M.H. (2009). Distributed Privilege Enforcement in PACS. In: Gudes, E., Vaidya, J. (eds) Data and Applications Security XXIII. DBSec 2009. Lecture Notes in Computer Science, vol 5645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03007-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-03007-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03006-2
Online ISBN: 978-3-642-03007-9
eBook Packages: Computer ScienceComputer Science (R0)