Xin Sun,Yiyang Yao,Yingjie Xia,Xuejiao Liu,Jian Chen,Zhiqiang Wang

DOI: https://doi.org/10.3837/tiis.2016.04.024

2016-01-01

Abstract:Mobile social network is becoming more and more popular with respect to the development and popularity of mobile devices and interpersonal sociality. As the amount of social data increases in a great deal and cloud computing techniques become developed, the architecture of mobile social network is evolved into cloud-based that mobile clients send data to the cloud and make data accessible from clients. The data in the cloud should be stored in a secure fashion to protect user privacy and restrict data sharing defined by users. Ciphertext-policy attribute-based encryption (CP-ABE) is currently considered to be a promising security solution for cloud-based mobile social network to encrypt the sensitive data. However, its ciphertext size and decryption time grow linearly with the attribute numbers in the access structure. In order to reduce the computing overhead held by the mobile devices, in this paper we propose a new Outsourcing decryption and Match-then-decrypt CP-ABE algorithm (OM-CP-ABE) which firstly outsources the computation-intensive bilinear pairing operations to a proxy, and secondly performs the decryption test on the attributes set matching access policy in ciphertexts. The experimental performance assessments show the security strength and efficiency of the proposed solution in terms of computation, communication, and storage. Also, our construction is proven to be replayable choosen-ciphertext attacks (RCCA) secure based on the decisional bilinear Diffie-Hellman (DBDH) assumption in the standard model.

Arthur S. Voundi Koe,Qi Chen,Juan Tang,Shan Ai,Hongyang Yan,Shiwen Zhang,Duncan S. Wong

DOI: https://doi.org/10.1002/int.23009

IF: 8.993

2022-09-09

International Journal of Intelligent Systems

Abstract:With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud‐based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud‐based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext‐policy attribute‐based encryption (CP‐ABE) was provided as an innovative cloud‐based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross‐domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext‐policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie‐Hellman assumption.

computer science, artificial intelligence

Rui Luo,Yuanzhi Yao,Weihai Li,Nenghai Yu

DOI: https://doi.org/10.1007/978-3-031-06761-7_43

2022-01-01

Abstract:Cloud storage service has significant advantages on both cost reduction and convenient data sharing. It frees data owners from technical management. However, it poses new challenges on privacy and security protection. To protect data confidentiality and privacy of users against malicious entities in the cloud, fine-grained data access control in cloud storage has become a challenging issue and draws considerable investigation. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic technique to address the above issue. In many scenarios, access policies are associated with privacy and sensitive information of users which needs to be preserved from disclosure. However, existing schemes cannot simultaneously support time-sensitive data publishing and attribute information preservation. In this paper, we propose a privacy-preserving time and attribute factors combined cloud data access control with computation outsourcing scheme (named PTAC). To preserve attribute privacy, we design a dual access policy tree mechanism where one access policy tree is public and another is sensitive and hidden. Moreover, time-sensitive data publishing can be achieved by combining CP-ABE with timed-release encryption. By using edge computing and cloud computing, we also outsource partitive computational cost of encryption and decryption to third parties. Extensive security and performance analysis demonstrate the security and efficiency of our proposed scheme in cloud storage. As a result, valuable attribute information in the access policy can be preserved in case of disclosing to unauthorized recipients.

Zhongze Tang,Mengmei Ye,Yao Liu,Sheng Wei

2024-09-03

Abstract:Mobile cloud computing has been adopted in many multimedia applications, where the resource-constrained mobile device sends multimedia data (e.g., images) to remote cloud servers to request computation-intensive multimedia services (e.g., image recognition). While significantly improving the performance of the mobile applications, the cloud-based mechanism often causes privacy concerns as the multimedia data and services are offloaded from the trusted user device to untrusted cloud servers. Several recent studies have proposed perturbation-based privacy preserving mechanisms, which obfuscate the offloaded multimedia data to eliminate privacy exposures without affecting the functionality of the remote multimedia services. However, the existing privacy protection approaches require the deployment of computation-intensive perturbation generation on the resource-constrained mobile devices. Also, the obfuscated images are typically not compliant with the standard image compression algorithms and suffer from significant bandwidth consumption. In this paper, we develop a novel privacy-preserving multimedia mobile cloud computing framework, namely $PMC^2$, to address the resource and bandwidth challenges. $PMC^2$ employs secure confidential computing in the cloud to deploy the perturbation generator, which addresses the resource challenge while maintaining the privacy. Furthermore, we develop a neural compressor specifically trained to compress the perturbed images in order to address the bandwidth challenge. We implement $PMC^2$ in an end-to-end mobile cloud computing system, based on which our evaluations demonstrate superior latency, power efficiency, and bandwidth consumption achieved by $PMC^2$ while maintaining high accuracy in the target multimedia service.

Multimedia

Yingjie Xia,Wenzhi Chen,Xuejiao Liu,Luming Zhang,Xuelong Li,Yang Xiang

DOI: https://doi.org/10.1109/tits.2017.2653103

IF: 8.5

2017-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) have drawn much attention of researchers. The vehicles in VANETs frequently join and leave the networks, and therefore restructure the network dynamically and automatically. Forwarded messages in vehicular ad-hoc networks are primarily multimedia data, including structured data, plain text, sound, and video, which require access control with efficient privacy preservation. Ciphertext-policy attribute-based encryption (CP-ABE) is adopted to meet the requirements. However, solutions based on traditional CP-ABE suffer from challenges of the limited computational resources on-board units equipped in the vehicles, especially for the complex policies of encryption and decryption. In this paper, we propose a CP-ABE delegation scheme, which allows road side units (RSUs) to perform most of the computation, for the purpose of improving the decryption efficiency of the vehicles. By using decision tree to jointly optimize multiple factors, such as the distance from RSU, the communication and computational cost, the CP-ABE delegation scheme is adaptively activated based on the estimation of various vehicles decryption overhead. Experimental results thoroughly demonstrate that our scheme is effective and efficient for multimedia data forwarding in vehicular ad-hoc networks with privacy preservation.

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Haoyang Wang,Kai Fan,Kuan Zhang,Zilong Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2021.3081456

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Research on mobile cyber–physical systems (MCPSs) that have the superiorities of cyber–physical systems (CPSs) and expand their application range has become a trend in recent years. The applications of MCPS in fields, such as intelligent transportation systems, smart home appliances, and mobile education, have also become increasingly mature. However, MCPS also has some shortcomings that need to be solved urgently. Sensors carried on mobile devices collect data and upload huge amounts of data to the cloud for statistics and analysis. Mobile devices need to directly interact with the cloud, causing both parties to bear huge computing and communication costs. Since the interaction process includes data sharing and storage, it is particularly important to protect the data itself and the security of sharing. Searchable encryption ensures the safety of communication among the MPEs and the cloud, while protecting the privacy of data on the cloud. However, the existing searchable encryption technology cannot provide efficient and reliable data storage and sharing services for MPEs in MCPS under the premise of ensuring security. In this article, we present a secure and efficient data sharing and privacy protection scheme in MCPS on the basis of the edge computing model (NESPS). Meanwhile, the introduction of edge computing (EC) significantly reduces the communication consumption between the device and the cloud. Furthermore, attribute-based encryption (ABE) enables the NESPS to achieve fine-grained management of device authorities. Moreover, we have carried out security analysis and simulation on the NESPS, the results demonstrate that the NESPS meets the proposed requirements.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hao Wang,Zhihua Zheng,Yilei Wang

DOI: https://doi.org/10.1504/ijguc.2017.10008770

2017-01-01

International Journal of Grid and Utility Computing

Abstract:Attribute-Based Encryption (ABE) is a useful encryption method that allows users to encrypt messages based on their attributes. However, the computational cost of ABE system is very high, because it often scales with the number of attributes. This makes ABE difficult to apply in practice. In this paper, we use the cloud computing technology as well as pre-computing technology to solve this problem, and introduce the cloud-aided online/offline ciphertext-policy ABE system. In this system, Private Key Generator (PKG) could per-compute intermediate keys offline before online key generation phase, encryptor could pre-compute intermediate ciphertexts offline before online encryption phase, and decryptor could call their cloud computing servers to transform the ciphertexts to the partially decrypted ciphertexts before decryption phase. This greatly reduces the local computational cost of these three phases. It is significant for mobile devices to use ABE. Then, we propose a specific scheme, and prove its adaptive security in the standard model. Finally, we introduce how to deploy our new scheme in the mobile cloud computing environment.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

Kaiping Xue,Weikeng Chen,Wei Li,Jianan Hong,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2018.2809679

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:People endorse the great power of cloud computing, but cannot fully trust the cloud providers to host privacy-sensitive data, due to the absence of user-to-cloud controllability. To ensure confidentiality, data owners outsource encrypted data instead of plaintexts. To share the encrypted files with other users, ciphertext-policy attribute-based encryption (CP-ABE) can be utilized to conduct fine-grained and owner-centric access control. But this does not sufficiently become secure against other attacks. Many previous schemes did not grant the cloud provider the capability to verify whether a downloader can decrypt. Therefore, these files should be available to everyone accessible to the cloud storage. A malicious attacker can download thousands of files to launch economic denial of sustainability (EDoS) attacks, which will largely consume the cloud resource. The payer of the cloud service bears the expense. Besides, the cloud provider serves both as the accountant and the payee of resource consumption fee, lacking the transparency to data owners. These concerns should be resolved in real-world public cloud storage. In this paper, we propose a solution to secure encrypted cloud storages from EDoS attacks and provide resource consumption accountability. It uses CP-ABE schemes in a black-box manner and complies with arbitrary access policy of the CP-ABE. We present two protocols for different settings, followed by performance and security analysis.

Meng Xian Yong,Chen Zhong,Meng Xiang Yu

DOI: https://doi.org/10.4028/www.scientific.net/amm.475-476.1144

2013-01-01

Applied Mechanics and Materials

Abstract:In this paper, a novel decentralized key-policy attribute-based signcryption (ABS) scheme is proposed, where each authority can generate secret-public key pair for the user independently without any cooperation and a centralized authority. In the proposed scheme, each authority can join or leave the system randomly without reinitializing the system, and issue secret-public keys to user respectively. Therefore, it is clear that the multi-authority attribute-based access control scheme can reduce the communication cost and the collaborative computing cost. Additionally, the attribute-based signcryption scheme is efficient in terms of both the identification authentication and the confidential communication, and can realize security secret sharing in cloud computing environments.

Yuejian Fang,Zilong Wen,Qingni Shen,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_36

2015-01-01

Abstract:Attribute-based encryption (ABE) allows user to encrypt and decrypt data based on user attributes, and can be applied in some promising area such as mobile cloud storage. Since these are massive users in these applications, secure online transmission of decryption key is necessary. In this paper, a ciphertext-policy attribute-based encryption (CP-ABE) method with secure decryption key generation and outsourcing decryption of ABE ciphertexts is proposed. In the method, a user’s public key information is embedded into his decryption key in the key generation algorithm. Both the user’s decryption key and private key are needed to decrypt a ciphertext. With only the decryption key, a ciphertext cannot be decrypted, so the decryption key is secure and can be directly transmitted online. This saves some costs comparing to other transmission approaches, such as Secure Sockets Layer (SSL). Furthermore, the method supports outsourcing the decryption of ABE ciphertexts. Our analysis and experiment results prove that our method is more efficient than the existing outsourcing methods which generally use key transformation technique.

Ningyu Chen,Jiguo Li,Yichen Zhang,Yuyan Guo

DOI: https://doi.org/10.1109/tc.2020.3043950

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Attribute-based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this article. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.

engineering, electrical & electronic,computer science, hardware & architecture

Shanshan Tu,Yongfeng Huang,Chathura M. Sarathchandra Magurawalage,Lin Peng,Zhili Zhou

DOI: https://doi.org/10.6138/jit.2016.17.7.20151027a

2016-01-01

Abstract:Be different from traditional Attribute-Based Encryption (ABE) access control systems for cloud computing, this paper first proposes a new access architecture on mobile cloud, which introduces a middle layer sitting between mobile devices and their cloud infrastructure. This middle layer is composed of cloudlets which are deployed next to wireless network access points (APs) and serve as a localized service point at a mobile devices close proximity to improve the performance of mobile cloud services. Based on this new architecture, an ABE access control scheme is proposed to offload the main amount of computations to the cloudlet as the function of cloud, in which the access control decision making takes into consideration energy consumption of access task execution and network status while satisfying certain response time constraints. Then the analysis results have shown the effectiveness and efficiency of the proposed system architecture in terms of security and energy consumption.

Tu Shanshan,Huang Yongfeng

DOI: https://doi.org/10.1109/cc.2015.7385527

2015-01-01

China Communications

Abstract:This paper proposes a new access architecture onmobile cloud, which introduces a middle layer sitting between mobile devices and their cloud infrastructure. This middle layer is composed of cloudlets which are deployed by cloud services providers, such as wireless network access points (APs), to improve the performance of mobile cloud servicesand be different from traditional mobile operator mode. Then based on this new architecture,we improve our previous (Attribute-basedencryption) ABE access control scheme on cloud for mobile cloud, which is proposed to offload the main amount of computations to the cloudlet as the function of cloud. Simulationresults demonstratethe new access control scheme takes into consideration response time constraints and network statusof access task execution, while satisfying certain network security for mobile cloud.

Pengshou xie,Haoxuan Yang,Tao Feng,Yan Yan

DOI: https://doi.org/10.1016/j.comnet.2022.109363

IF: 5.493

2022-09-19

Computer Networks

Abstract:CP-ABE is a flexible cryptographic algorithm that enables efficient implementation of access control techniques in cloud architectures. However, when CP-ABE is applied to the IoV environment, the weak performance of IoV individuals will inevitably reduce the efficiency of the overall cryptosystem. In addition, various contingencies in IoV require CP-ABE to be able to dynamically respond to various access requests, and generating only a single ciphertext cannot satisfy various additional access requests. In this paper, we propose an encryption algorithm VM-CP-ABE for IoV in cloud environment, which has the features of offline encryption and outsourced decryption. The offline encryption process utilizes the large amount of offline time of individuals in the vehicular network to generate the initial ciphertext segments, while executing its secret sharing process for each offline phase of the ciphertext segments, thus completing the initial combination of ciphertext parameters. The outsourced decryption can generate transformation keys, thus stripping the most complex pairing operations in the decryption process from the weak performing IoV individuals and transferring this part of operations to the more powerful outsourced individuals. In addition, VM-CP-ABE can generate special hierarchical ciphers that can be decrypted with no additional access control policies. This avoids the problem of space efficiency degradation because of large access control policy transfers. We show the static security of all mechanisms of VM-CP-ABE and conclude with a detailed efficiency analysis. VM-CP-ABE is more time- and space-efficient than traditional attribute encryption for extensive sets of IoV attributes in cloud environments.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jiaoli Shi,Chao Hu,Shimao Yao,Zhuolin Mei,Bin Wu,Hui Li

DOI: https://doi.org/10.1109/icpads60453.2023.00413

2023-01-01

Abstract:Efficiency, security, and flexibility are difficult to balance in a full policy hiding CP-ABE scheme. This paper creatively converts the privacy matching problem of access policy and a user’s private key to the privacy three-party set computation problem. Then the new privacy set computation problem is resolved by a message driven key generation method. Additionally, the ROBDD (Reduced Ordered Binary Decision Diagrams) is utilized to rich access structure expression and convert access policies into feasible path sets. Each feasible path is composed of attributes and these attributes are bound to the ciphertext using CP-ABE. Based on the innovative ideas mentioned above, we present a Lighten Fine-grained Access Control scheme supporting Full Policy Hidden (LFAC-FPH) that integrates data confidentiality protection, access policy rich expression but complete hiding, fine-grained access control, and lightweight terminal computing. Our scheme has three advantages: 1) High Efficiency. The proposed scheme can achieve fast privacy matching of access policies during user decryption. 2) Full Policy Hiding. The access policy bound by an owner on the ciphertext does not leak any information. Moreover, a user cannot know attributes they do not own. 3) High Flexibility. The decryption process does not require online from owners or KGC, and system attributes can be added at any time.