Skip to content

Latest commit

 

History

History
36 lines (24 loc) · 2.48 KB

README.md

File metadata and controls

36 lines (24 loc) · 2.48 KB

securing modular services with KP-ABE

Abstract:

Research project involving the integration of Key Policy Attribute Based Encryption into the existing INAETICS modular service architecture. This Proof of Concept uses the Amdatu Remote services project to simulate the core principles of INAETICS.

Project setup

  • cnf - BndTools repository
  • kpabe - Modified version of kpabe. Fixed various bugs.
  • org.amdatu.remote - Root project for Amdatu remoteservices
  • org.amdatu.remote.demo - Demo project for Amdatu remoteservices
  • org.amdatu.remote.itest - Tests

How to setup

  1. Check in this workspace (import as Bnd-tools projects, use the provided Eclipse IDE from Amdatu).
  2. Setup ETCD. This is the discovery mechanism we use for this demo.
  3. Start up one ETCD cluster on localhost with the default settings.
  4. Run the inaeticsdemo.resolver.bndrun with the Bnd OSGi Run Launcher.
  5. Run the inaeticsdemo.module1.bndrun with the Bnd OSGi Run Launcher.
  6. Run the inaeticsdemo.module2.bndrun with the Bnd OSGi Run Launcher.
  7. Inspect the keys in ETCD, you will only see ciphertext and no plaintext endpoints.

Disable/Enable encryption

By default the ABE encryption is enabled. If you want to debug/view the setup without encryption you can execute the following steps:

  • Open org.amdatu.remote.discovery.etcd.Activator and change the extends AbstractAttributeBasedEncryptionActivator to extends AbstractNoEncryptionActivator. This disables the encryption of the discovery information stored in ETCD.
  • Open org.amdatu.remote.discovery.AbstractHttpEndpointDiscovery and change private volatile SecureHttpEndpointDiscoveryServlet<T> m_servlet; to private volatile HttpEndpointDiscoveryServlet m_servlet;. In the same class find m_servlet = new SecureHttpEndpointDiscoveryServlet<T>(this, m_configuration); and change it to m_servlet = new HttpEndpointDiscoveryServlet(this);. This disables the encryption of the endpoint descriptors (XML).
  • Rebuild project and run the same demo again. This time you can see in ETCD that all the information is in plaintext.

Important notes

This is an Experimental project. Do not use this in production.