A selective encryption approach to fine-grained access control for P2P file sharing

Abstract

As the use of peer-to-peer (P2P) services for distributed file sharing has grown, the need for fine-grained access control (FGAC) has emerged. Existing access control frameworks use an all-or-nothing approach that is inadequate for sensitive content that may be shared by multiple users. In this paper, we propose a FGAC mechanism based on selective encryption techniques. Using this approach, the owner of a file specifies access control policies over various byte ranges in the file. The separate byte ranges are then encrypted and signed with different keys. Users of the file only receive the encryption keys for the ranges they are authorized to read and signing keys for the ranges they are authorized to write. We also propose an optional enhancement of the scheme where a file owner can hide location of the file. Our approach includes a key distribution scheme based on a public key infrastructure (PKI) and access control vectors. We also discuss how policy changes and file modifications are handled in our scheme. We have integrated our FGAC mechanism with the Chord structured P2P network. In this paper, we discuss relevant issues concerning the implementation and integration with Chord and present the performance results for our prototype implementation.