Abstract:
Research project involving the integration of Key Policy Attribute Based Encryption into the existing INAETICS modular service architecture. This Proof of Concept uses the Amdatu Remote services project to simulate the core principles of INAETICS.
cnf- BndTools repositorykpabe- Modified version of kpabe. Fixed various bugs.org.amdatu.remote- Root project for Amdatu remoteservicesorg.amdatu.remote.demo- Demo project for Amdatu remoteservicesorg.amdatu.remote.itest- Tests
- Check in this workspace (import as Bnd-tools projects, use the provided Eclipse IDE from Amdatu).
- Setup ETCD. This is the discovery mechanism we use for this demo.
- Start up one ETCD cluster on localhost with the default settings.
- Run the
inaeticsdemo.resolver.bndrunwith theBnd OSGi Run Launcher. - Run the
inaeticsdemo.module1.bndrunwith theBnd OSGi Run Launcher. - Run the
inaeticsdemo.module2.bndrunwith theBnd OSGi Run Launcher. - Inspect the keys in ETCD, you will only see ciphertext and no plaintext endpoints.
By default the ABE encryption is enabled. If you want to debug/view the setup without encryption you can execute the following steps:
- Open
org.amdatu.remote.discovery.etcd.Activatorand change theextends AbstractAttributeBasedEncryptionActivatortoextends AbstractNoEncryptionActivator. This disables the encryption of the discovery information stored in ETCD. - Open
org.amdatu.remote.discovery.AbstractHttpEndpointDiscoveryand changeprivate volatile SecureHttpEndpointDiscoveryServlet<T> m_servlet;toprivate volatile HttpEndpointDiscoveryServlet m_servlet;. In the same class findm_servlet = new SecureHttpEndpointDiscoveryServlet<T>(this, m_configuration);and change it tom_servlet = new HttpEndpointDiscoveryServlet(this);. This disables the encryption of the endpoint descriptors (XML). - Rebuild project and run the same demo again. This time you can see in ETCD that all the information is in plaintext.
This is an Experimental project. Do not use this in production.