File
Transcription
File
International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 Secure Data Retrival in Disruption Tolerant Military Networks using Attribute Encryption Standard K.Siva Sankari ,V.Ramesh Abstract-In general,mobile nodes are possible to affect by some of interference or illegal elements in military environments.To access the information between soldiers as confidential,distruption tolerant network solution are considered for wireless devices with each other.The most important confidential thought in this progress is secure retrieval of data.To access with control issues and authorization policies,cipher-text policy attribute based encryption is accurate solution. This Cryptrographic solution in DTNs introduces some problems such as privacy and security with attribute revocation.Multiple key authorities administrates their attributes independently using CP-ABE for decentralized DTNs.In disruption-tolerant military networks, proposed technique distributed data as secure and effectively with confidential manner. 1. INTRODUCTION In numerous military system situations, associations of remote gadgets conveyed by troopers may be briefly separated by sticking, natural variables, and mobility,especially when they work in threatening situations. Interruption tolerant system (DTN) innovations are getting to be fruitful arrangements that permit hubs to speak with one another in these compelling systems administration situations. Typically,when there is no limit to-end association between a source and a destination combine, the messages from the source hub may need to hold up in the middle of the road hubs for a significant measure of time until the association would be inevitably settled. Manuscript received March, 2015 K.Siva Sankari, PGStudent,Kalasalingam Institute of Technology. V.Ramesh., Assistant Professor,Kalasalingam Institute of Technology Roy and Chuah presented capacity hubs in DTNs where information is put away or reproduced such that just approved versatile hubs can get to the vital data rapidly and productively. Numerous military applications require expanded insurance of secret information including access control systems that are cryptographically upheld. Much of the time, it is attractive to give separated access administrations such that information access strategies are characterized over client traits or roles,which are overseen by the key powers. Case in point, in an interruption tolerant military system, an administrator may store a secret data at a stockpiling hub, which ought to be gotten to by individuals from "Regiment 1" who are partaking in"Region 2." For this situation, it is a sensible suspicion that numerous key powers are liable to deal with their own particular element properties for fighters in their conveyed locales or echelons,which could be every now and again changed. We allude to this DTN structural planning where numerous powers issue and deal with their own quality keys freely as a decentralized DTN.The idea of characteristic based encryption (ABE) is a guaranteeing approach that satisfies the necessities for secure information recovery in DTNs. ABE characteristics an instrument that empowers a right to gain entrance control over scrambled information utilizing access strategies and attributed qualities among private keys and ciphertexts.Especially, ciphertext-approach ABE (CP-ABE) gives a versatile method for encoding information such that the encryptor characterizes the characteristic set that the decryptor needs to have to decode the ciphertext. Consequently, diverse clients are permitted to decode distinctive bits of information every the security strategy.It may result in bottleneck during rekeying procedure, or security degradation due to the windows of vulnerability if the previous attribute key is not updated immediately.Another challenge is the key escrow problem. In CP-ABE,the key authority generates private keys of users by applying the All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 authority’s master secret keys to users’ associated set of attributes.Thus, the key authority can decrypt every ciphertext addressed to specific users by generating their attribute keys. The last challenge is the coordination of attributes issued from different authorities. When multiple authorities manage and issue attribute keys to users independently with their own master secrets, it is very hard to define fine-grained access policies over attributes issued from different authorities. For example,suppose that attributes “role 1” and “region 1” are managed by the authority A, and “role 2” and “region 2” are managed by the authority B. Then, it is impossible to generate an access policy ((“role 1” OR “role 2”) AND (“region 1” or “region 2”)) in the previous schemes because the OR logic between attributes issued from different authorities cannot be implemented.This is due to the fact that the different authorities generate their own attribute keys using their own independent and individual master secret keys. Therefore, general access policies, such as “ out-of- ” logic, cannot be expressed in the previous schemes, which is a very practical and commonly required access policy logic. A Retalted Work ABE comes in two flavors called key-arrangement ABE (KP-ABE) and ciphertext-approach ABE (CPABE). In KP-ABE, the en- cryptor just gets to mark a ciphertext with a set of characteristics. The key power picks an approach for every client that figures out which ciphertexts he can unscramble and issues the way to every client by implanting the arrangement into the client's key. In any case, the parts of the ciphertexts and keys are turned around in CP-ABE. In CP-ABE, the ciphertext is scrambled with a right to gain entrance strategy picked by an encryptor, however a key is essentially made as for a qualities set. CP-ABE is more fitting to DTNs than KP-ABE on the grounds that it empowers encryptors, for example, an officer to pick a right to gain entrance arrangement on credits and to encode confi- dential information under the right to gain entrance structure by means of encoding with the relating open keys or characteristics1) Attribute Revocation: Bethencourt et al. and Boldyreva et al. [16] first suggested key revocation mechanisms in CP-ABE and KP-ABE, respectively. Their solutions are to append to each attribute an expiration date (or time) and dis- tribute a new set of keys to valid users after the expiration. The periodic attribute revocable ABE schemes have two main problems. The first problem is the security degradation in terms of the backward and forward secrecy . It is a considerable sce- nario that users such as soldiers may change their attributes fre- quently, e.g., position or location move when considering these as attributes . Then, a user who newly holds the attribute might be able to access the previous data encrypted before he obtains the attribute until the data is reencrypted with the newly updated attribute keys by periodic rekeying (backward secrecy). The other is the scalability problem. The key authority pe- riodically announces a key update material by unicast at each time-slot so that all of the nonrevoked users can update their keys. This results in the “1-affects” problem, which means that the update of a single attribute affects the whole nonrevoked users who share the attribute [19]. This could be a bottleneck for both the key authority and all nonrevoked users. 2) Key Escrow: Most of the existing ABE schemes are con- structed on the architecture where a single trusted authority has the power to generate the whole private keys of users with its master secret information. Thus, the key escrow problem is inherent such that the key authority can decrypt every ciphertext addressed to users in the system by generating their secret keys at any time. Chase et al. presented a distributed KP-ABE scheme that solves the key escrow problem in a multiauthority system. In this approach, all (disjoint) attribute authorities are participating in the key generation protocol in a distributed way such that they cannot pool their data and link multiple attribute sets belonging to the same user. One disadvantage of this fully distributed ap- proach is the performance degradation. Since there is no cen- tralized authority all attribute with master secret information, authorities should communicate with each other in the system to generate a user’s secret key. This commu- nication overhead on the results in system setup and the rekeying phases and requires each user to store additional auxiliary key is components besides the attributes keys, where the number of authorities in the system. 3) Decentralized ABE: Huang et al. and Roy et al. proposed decentralized CP-ABE schemes in the multiauthority network environment. They achieved a combined access policy over the attributes issued from different authorities by simply encrypting All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 data multiple times. The main disadvantages of this approach are efficiency and expressiveness of access policy. For example, when a commander encrypts a secret mission to soldiers under the policy (“Battalion 1” AND (“Region 2” OR ‘Region 3”)), it cannot be expressed when each “Region” attribute is managed by different authorities, since simply mul- tiencrypting approaches can by no means express any general “ -out-of- ” logics . B Contribution In this paper, we propose a quality based secure information re - trieval plan utilizing CP-ABE for decentralized DTNs. The star postured plan offers the accompanying accomplishments. In the first place, imme diate characteristic denial improves regressive/forward mystery of private information by decreasing the windows of defenselessness. Second, encryptors can characterize a fine -grained access approach utilizing any monotone access structure under properties issued from any picked set of powers. Third, the key escro w issue is re comprehended by a without escrow key issuing convention that adventures the normal for the decentralized D TN structural engineering. The key issuing convention produces and issues client mystery keys by every structuring a protected two -gathering reckoning (2PC) convention among the key powers with their o wn expert insider facts. The 2PC master tocol deflect s the key powers from getting any expert mystery data of one another such that none of them could gen- erate the entire set of client keys alone. Accordingly, clients are not re - quired to completely believe the prevailing voices to secure their informatio n to be imparted. The information privacy and protection can be crypto- graphically upheld against any inquisitive key po wers or information stockpiling hubs in the proposed plan. 2 NETWORK ARCHITECTURE In this section, we describe the architecture and define the security model. DTN Fig 1.Architecture of Security Data Retrival in Disruption Military Networks A System Description and Assumption Fig. 1 shows the architecture of the DTN. As shown in Fig. 1, the architecture consists of the following system entities. 1) Key Authorities: T h e y a r e k e y e r a er ate f o c u s e s that ge no p e n / m y s t e r y p a r a m e t e r s for CP AB E. The key au thorities co mpr ise o f a fo cal po wer and d i ff e r e n t n e a r b y p o we r s . We e x p e c t that th er e are sec ur e and so lid c o r r e s p o n d e n c e c h a n n e l s b e t we e n a fo ca l p o we r and eve r y n e i g h b o r h o o d po wer a mi d the s t a r t i n g key set up and g e n - e r a t i o n s t a g e . Ever y n e i g h b o r h o o d po wer o v e r s e e s d i v e r s e at- t r i b u t e s and i s s u e s c o m p a r i n g c r ed it keys to c l i e n t s . T he y s t i p e n d d i f f e r e n t i a l acce s s r i g h t s to i n d i v i d u a l c l i e n t s in li g ht of the c l i e n t s ' c h a r a c t e r i s t i c s . The key p o we r s are as- su med f r a n k l y yet i n q u i s i t i v e . T hat is, they will s i n c e r e ly e x e c u t e the r e l e g a t e d e r r a n d s in the fr a me wo r k, h o we v e r they mi g h t want to lear n d ata of s c r a m b l e d s u b s t a n c e h o we v e r mu ch as co u ld be e x p e c t e d . 2) Storage node: This is an element that stores information from senders and give relating access to clients. It might be mo- bile or static [4], [5]. Like the past plans, we likewise expect the stockpiling hub to be semitrusted, that is fair however inquisitive. All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 that any user who comes to hold an attribute (that satisfies the access policy) should be pre- vented from accessing the plaintext of the previous data exchanged before he holds the attribute. On the other hand, forward secrecy means that any user who drops an attribute should be prevented from accessing the plaintext of the subsequent data exchanged after he drops the attribute, un- less the other valid attributes that he is holding satisfy the access policy. 3) Sender: This is an element who claims private messages or information (e.g., an administrator) and wishes to store them into the outer information stockpiling hub for simplicity of imparting or for solid conveyance to clients in the great systems administration envi- ronments. A sender is in charge of characterizing (quality based) access approach and upholding it all alone information by scrambling the information under the arrangement before putting away it to the capacity hub. 4) User:. Since the key powers are semi-believed, they ought to be de-terred from getting to plaintext of the information in the stockpiling hub; in the interim, they ought to be still ready to issue mystery keys to clients. The 2PC convention keeps them from knowing one another's expert privileged insights so that none of them can produce the entire set of mystery keys of clients exclusively. Therefore, we take a presumption that the focal power does not plot with the neighborhood powers. B Thread Model and Security Requirments 1) Data confidentiality: Unauthorized users who do not have enough credentials satisfying the access policy should be deterred from accessing the plain data in the storage node. In addition, unauthorized access from the storage node or key authorities should be also prevented. 2) Collusion-resistance: If multiple users collude, they may be able to decrypt a ciphertext by combining their attributes even if each of the users cannot decrypt the ciphertext alone. For example, suppose there exist a user with attributes {”Battalion 1”, “Region 1”} and another user with attributes {”Battalion 2”, “Region 2”}. They may succeed in decrypting a ciphertext encrypted under the ac- cess policy of (“Battalion 1” AND “Region 2”), even if each of them cannot decrypt it individually. We do not want these colluders to be able to decrypt the secret informa- tion by combining their attributes. We also consider collu- sion attack among curious local authorities to derive users’ keys. 3) Backward and forward Secrecy: In the context of ABE, backward secrecy means 3 PROPOSED SYSTEM In this section, we provide a multiauthority CP-ABE scheme for secure data retrieval in decentralized DTNs. Each local authority issues partial personalized and attribute key components to a user by performing secure 2PC protocol with the central authority. Each attribute key of a user can be updated individually and immediately. Thus, the scalability and security can be enhanced in the proposed scheme. Since the first CP-ABE scheme proposed by Bethencourt et al. [13], dozens of CP-ABE schemes have been proposed. The subsequent CP-ABE schemes are mostly motivated by more rigorous security proof in the standard model. However, most of the schemes failed to achieve the expressiveness of the Bethencourt et al.’s scheme,which described an efficient system that was expressive in that it allowed an encryptor to express an access predicate in terms of any monotonic formula over attributes. Therefore, in this section, we develop a variation of the CP-ABE algorithm partially based on (but not limited to) Bethencourt et al.’s construction in order to enhance the expressiveness of the access control policy instead of building a new CP-ABE scheme from scratch A Access Tree 1) Description: Let be a tree representing an access structure.Each nonleaf node of the tree represents a threshold gate.If is the number of children of a node and is its threshold value, then 0<=km<=numx. Each leaf node of the tree is described by an attribute and a threshold value denotes the attribute associated with the leaf node in the tree. represents the parent of the node in the tree. The children of every node are numbered from 1 to num. The function returns such a number associated with the node .The index values are uniquely assigned to nodes in the access structure for a given key in an arbitrary manner. All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 2) Satisfying an Access Tree: Let be the subtree of rooted at the node . If a set of attributes satisfies the access tree , we denote it as . We compute recursively as follows. If is a nonleaf node, evaluate for all children of node . returns 1 iff at least children return 1. If is a leaf node, then returns 1 iff . proposed plan is exhibited in the system reproduction as far as the correspondence cost. We likewise examine its effectiveness when actualized with particular parameters and contrast these outcomes with those acquired by alternate plans Efficiency B Scheme Construction Let be a bilinear group of prime order , and let be a generator of . Let denote the bilinear map. A security parameter, , will determine the size of the groups.We will also make use of Lagrange coefficients for any and a set, , of elements in : define .We will additionally employ a hash function to associate each attribute with a random group element in , which we will model as a random oracle C Alogrithm Blowfish is a symmetric-key block cipher, included in a large number of cipher suites and encryption products. Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits.[2] It is a 16-round Feistel cipher and uses large keydependent S-boxes. In structure it resembles CAST128, which uses fixed S-boxes. The algorithm keeps two subkey arrays: the 18-entry P-array and four 256entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries. Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order. This is not so obvious because xor is commutative and associative. A common misconception is to use inverse order of encryption as decryption algorithm. Blowfish is a fast block cipher, except when changing keys. Each new key requires pre-processing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others. Blowfish was one of the first secure block ciphers not subject to any patents and therefore freely available for anyone to use. This benefit has contributed to its popularity in cryptographic software. 4 Table I shows the authority architecture, logic expressive- ness of access structure that can be defined under different dis- joint sets of attributes (managed by different authorities), key escrow, and revocation granularity of each CP-ABE scheme. ANALYSIS In this segment, we first break down and analyze the productivity of the proposed plan to the past multiauthority CP-ABE plots in hypothetical viewpoints. At that point, the proficiency of the Table 1 EXPRESSIVENESS, KEY ESCROW, AND REVOCATION ANALYSIS In the proposed scheme, the logic can be very expressive as in the single authority system like BSW such that the access policy can be expressed with any monotone access structure under attributes of any chosen set of authorities; while HV and RC schemes only allow the AND gate among the sets of attributes managed by different authorities. The revocation in the proposed scheme can be done in an immediate way as opposed to BSW. Therefore, attributes of users can be revoked at any time even before the expiration time that might be set to the attribute. This enhances security of the stored data by reducing the windows of vulnerability. In addition, the proposed scheme realizes more finegrained user revocation for each attribute rather than for the whole system as opposed to RC. Thus,even if a user comes to hold or drop any attribute during the service in the proposed scheme, he can still access the data with other attributes that he is holding as long as they satisfy the access policy defined in the ciphertext. The key escrow problem is also resolved in the proposed scheme such that the confidential data would not be revealed to any curious key authorities. All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 Table II Efficiency Analysis Table II summarizes the efficiency comparison results among CP-ABE schemes. In the comparison, rekeying message size represents the communication cost that the key authority or the storage node needs to send to update nonrevoked users’ keys for an attribute. Private key size represents the storage cost required for each user to store attribute keys or KEKs. Public key size represents the size of the system public parameters. In this comparison, the access tree is constructed with attributes of different authorities except in BSW of which total size is equal to that of the single access tree in BSW. B Simulations In this simulation, we consider DTN applications using the Internet protected by the attribute-based encryption. Almeroth and Anmar demonstrated the group behavior in the In- ternet’s multicast backbone network (MBone). They showed that the number of users joining a group follows a Poisson distribution with rate , and the membership duration time follows an exponential distribution with a mean duration . Since each attribute group can be shown as an independent network mul- ticast group where the members of the group share a common attribute, we show the simulation result following this proba- bilistic behavior distribution. Fig 2. Number of users in an attribute group. Fig. 3. Communication cost in the multiauthority CPABE systems. We suppose that user join and leave events are independently and identically distributed in each attribute group following Poisson distribution. The membership duration time for an attribute is assumed to follow an exponential distribution. Fig. 2 represents the number of current users and revoked users in an attribute group during 100 h. Fig. 3 shows the total communication cost that the sender or the storage node needs to send on a membership change in each multiauthority CP-ABE scheme. It includes the ciphertext and rekeying messages for nonrevoked users. 5 SECURITY A Collusion Resistance In CP-ABE, the mystery imparting must be inserted into the ciphertext rather to the private keys of clients. Like the past ABE plans , the private keys of clients are randomized with customized arbitrary qualities chose by the such that they can't be consolidated in the proposed plan. Keeping in mind the end goal to decode a ciphertext, the conspiring aggressor ought to recuperate . To recoup this, the assailant must match from the ciphertext and from the other plotting clients' private keys for a trait (we assume that the aggressor does not hold the characteristic ). Notwithstanding, this outcomes in the worth blinded by some arbitrary quality, which is interestingly alloted to every client, regardless of the fact that the property gathering keys for the properties that the client keeps are still legitimate. This quality can be blinded out if All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 and if the client has the enough key parts to fulfill the mystery imparting plan installed in the ciphertext. An alternate agreement assault situation is the conspiracy between disavowed clients keeping in mind the end goal to acquire the substantial characteristic gathering keys for a few qualities that they are not approved to have (e.g., because of disavowal). B REFERENCES [1] Hur and Kang“Security Data Retrival for Decentalized Diruption Military Networks ”,2014 Data Confidentiality In our trust show, the numerous key powers are no more completely trusted and the stockpiling hub regardless of the fact that they are fair. Accordingly, the plain information to be put away ought to be kept mystery from them and also from unapproved users.Data secrecy on the put away information against unapproved clients can be inconsequentially ensured. On the off chance that the set of traits of a client can't fulfill the right to gain entrance tree in the ciphertext. An alternate assault on the put away information can be dispatched by the capacity hub and the key powers. Since they can't be completely trusted, privacy for the put away information against them is an- other fundamental security criteria for secure information recovery in DTNs. The nearby powers issue a set of characteristic keys for their manmaturing credits to a verified client , which are blinded by mystery data that is disseminated to the client from . They likewise issue the client a customized mystery key by performing the safe 2PC convention with . As we examined in Theorem 1, this key era convention demoralizes each one gathering to acquire one another's expert mystery key and focus the mystery key is- sued from one another. In this manner, they couldn't have enough data to focus the entire set of mystery key of the client independently. 6 more, the fine-grained key denial could be possible for each one property bunch. We evil presence strate how to apply the proposed instrument to safely and productively deal with the classified information disseminated in the dis- ruption-tolerant military system. CONCLUSION DTN advancements are getting to be effective arrangements in mil- itary applications that permit remote gadgets to speak with one another and access the secret data reli- capably by misusing outer stockpiling hubs. CP-ABE is a versatile cryptographic answer for the right to gain entrance control and secure information re- trieval issues. In this paper, we proposed an effective and secure information recovery strategy utilizing CP-ABE for decentralized DTNs where various key powers deal with their properties indepen- dently. The natural key escrow issue is determined such that the privacy of the put away information is ensured even under the threatening environment where key powers may be com- guaranteed or not completely trusted. What's [2] M. Chuah and P. Yang, “Node density-based adaptive routing scheme for disruption tolerant networks,” in Proc. IEEE MILCOM, 2006, pp.1–6. [3] M. M. B. Tariq, M. Ammar, and E. Zequra, “Mesage ferry route de- sign for sparse ad hoc networks with mobile nodes,” in Proc. ACM MobiHoc, 2006, pp. 37–48. [4] S. Roy and M. Chuah, “Secure data retrieval based on ciphertext policy attribute-based encryption (CPABE) system for the DTNs,” Lehigh CSE Tech. Rep., 2009. [5] M. Chuah and P. Yang, “Performance evaluation of content-based information retrieval schemes for DTNs,” in Proc. IEEE MILCOM,2007, pp. 1–7. [6] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable secure file sharing on untrusted storage,” in Proc. Conf. File Storage Technol., 2003, pp. 29–42. [7] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, and W. Jonker, “Medi- ated ciphertext-policy attribute-based encryption and its application,” in Proc. WISA, 2009, LNCS 5932, pp. 309–323. [8] N. Chen, M. Gerla, D. Huang, and X. Hong, “Secure, selective group broadcast in vehicular networks using dynamic attribute based encryp- tion,” in Proc. Ad Hoc Netw. Workshop, 2010, pp. 1–8. [9] D. Huang and M. Verma, “ASPE: Attributebased secure policy en- forcement in vehicular ad hoc networks,” Ad Hoc Netw., vol. 7, no. 8, pp. 1526– 1535, 2009. [10] A. Lewko and B. Waters, “Decentralizing attribute-based encryption,” Cryptology ePrint Archive: Rep. 2010/351, 2010. [11] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Proc.Eurocrypt, 2005, pp. 457–473. All Rights Reserved © 2014 IJDCN International Journal of Digital Communication and Networks (IJDCN) Volume 2, Issue 3, March 2015 [12] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based en- cryption for fine-grained access control of encrypted data,” in Proc. ACM Conf. Comput. Commun. Security, 2006, pp. 89–98. [13] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute- based encryption,” in Proc. IEEE Symp. Security Privacy, 2007, pp.321– 334. [14] R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic access structures,” in Proc. ACM Conf. Comput. Commun. Security, 2007, pp. 195–203. [15] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation,” in Proc. ASIACCS, 2010, pp. 261–270. [16] A. Boldyreva, V. Goyal, and V. Kumar, “Identity-based encryption with efficient revocation,” in Proc. ACM Conf. Comput. Commun. Se- curity, 2008, pp. 417–426. [17] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, “Secure attribute- based systems,” in Proc. ACM Conf. Comput. Commun. Security, 2006, pp. 99– 112. [18] S. Rafaeli and D. Hutchison, “A survey of key management for secure group communication,” Comput. Surv., vol. 35, no. 3, pp. 309–329,2003. [19] S. Mittra, “Iolus: A framework for scalablesecure multicasting,” in Proc. ACM SIGCOMM, 1997, pp. 277–288. [20] P. Golle, J. Staddon, M. Gagne, and P. Rasmussen, “A content-driven access control system,” in Proc. Symp. Identity Trust Internet, 2008, pp. 26–35. All Rights Reserved © 2014 IJDCN