Attribute-based authorization for structured Peer-to-Peer (P2P) networks

We present the deficiencies of traditional identity-based authorization models in structured Peer-to-Peer (P2P) networks where users' Public Key Certificates (PKCs) represent two roles, authentication and authorization, and the access to the network resources is controlled by Access Control Lis...

Descripción completa

Detalles Bibliográficos
Autores: Touceda, DS, Camara, JMS, Zeadally, S, Soriano, M
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2015
País:España
Institución:Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
Repositorio:r-CTTC. Repositorio Institucional Producción Científica del Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
OAI Identifier:oai:cttc.fundanetsuite.com:p1269
Acceso en línea:https://cttc.fundanetsuite.com/Publicaciones/ProdCientif/PublicacionFrw.aspx?id=1269
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84937622256&doi=10.1016%2fj.csi.2015.04.007&partnerID=40&md5=dfcff899f69d48f7153d1bdcf9fe3578
Access Level:acceso abierto
Palabra clave:Authentication
Attribute certificate
Authentication and authorization
Authorization
Certificate revocation
P2P security
Public key certificates
Structured P2P networks
Structured peer-to-peer
Peer to peer networks
Descripción
Sumario:We present the deficiencies of traditional identity-based authorization models in structured Peer-to-Peer (P2P) networks where users' Public Key Certificates (PKCs) represent two roles, authentication and authorization, and the access to the network resources is controlled by Access Control Lists (ACLs). With these deficiencies in mind, we propose a complete new framework for authorization in structured P2P networks based on Attribute Certificates (ACs) and a fully distributed certificate revocation system. We argue that the proposed framework yields a more flexible and secure authorization scheme for structured P2P networks while improving the efficiency of the assignment of privileges. © 2015 Elsevier B.V. All rights reserved.