Peer-to-Peer Computing, IEEE International Conference on (2006)
Cambridge, United Kingdom
Sept. 6, 2006 to June 8, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/P2P.2006.7
Esther Palomar , Carlos III University, Spain
Juan M. Estevez-Tapiador , Carlos III University, Spain
Julio C. Hernandez-Castro , Carlos III University, Spain
Arturo Ribagorda , Carlos III University, Spain
Pure Peer-to-Peer (P2P) networks are characterized as being extremely decentralized and self-organized, properties which are essential in a number of environments, including teamwork, collaborative, and ad-hoc systems. One of the features offered by P2P networks is the possibility of having several replicas of the same content distributed among multiple nodes. Despite its advantages (e.g. robustness and fault tolerance), it is crucial to guarantee content authenticity, as well as to enforce appropriate access control policies. However, the extremely decentralized nature of these environments makes impossible to apply classic solutions that rely on some kind of fixed infrastructure, typically in the form of on-line trusted third parties. In a previous work, we presented a protocol for content authentication based on public key certificates that does not rely on the existence of a public key infrastructure. In this paper, we show how these certificates can be extended to provide authorization capabilities. In our scheme, each peer classifies her contents according to several security labels. Peers allowed to access a given content must have a security clearance of at least the same level that the content?s. These security clearances, which take the form of attributes in public key certificates, can be discretionally issued by the content provider.
J. C. Hernandez-Castro, J. M. Estevez-Tapiador, E. Palomar and A. Ribagorda, "Certificate-based Access Control in Pure P2P Networks," 2006 6th IEEE International Conference on Peer-to-Peer Computing(P2P), Cambridge, 2006, pp. 177-184.