Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage.

Transcription

1 ISSN Vol.04,Issue.15, June-2015, Pages: Secure Cloud Data Access from Decentralized Servers with Access Control using Anonymous Technique P. SIVSNARAYANA 1, V. SIVA PRASAD 2 1 PG Scholar, Dept of CSE, SSITS, JNTUA, Anantapuram, AP, India, naaradhap9@gmail.com. 2 Assistant Professor, Dept of CSE, SSITS, JNTUA, Anantapuram, AP, India, velurusiva.5817@gmail.com. Abstract: The proposed Architecture aims in providing a new technique for access of data from decentralized servers with anonymous authentication. The proposed system provides a cloud server with verifies and authenticity of series without knowing the identity of user before storing data. The proposed scheme also has the added new additional feature of data access control in which only valid cloud users are able to decrypt the stored information from decentralized servers. In the proposed architecture provides a new scheme technique with protecting attacks and supports creation, modification, and reading data stored in the cloud. We also address user revocation. Moreover, our authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralized approaches. Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage. I. INTRODUCTION In cloud computing is receiving a lot of attention from both academic and industrial worlds. In cloud computing, users can subcontract their computation and storage to servers using Internet. This frees users from the hassles of maintaining properties on-site. Clouds can provide several types of services like applications infrastructures, and platforms to help developers write applications. Much of the data stored in clouds is vastly complex, for Sample, medical records and social networks. Security and Privacy are, thus, very important issues in cloud computing. In one hand, the user should authenticate itself before initiating any transaction, and on the other hand, it must be confirmed that the cloud does not interfere with the data that is outsourced. User privacy is also required so that the cloud or other users do not know the identity of the user. The cloud can hold the user accountable for the data it outsources, and similarly, the cloud is itself accountable for the services it provides. The validity of the user who stores the data is also verified. Apart from the technical solutions to ensure security and privacy, there is also a need for law implementation. Recently, Wang et al. addressed secure and dependable cloud storage. Cloud servers disposed to Secretive failure, where a storage server can fail in uninformed ways. The cloud is also prone to data modification and server colluding attacks. In server colluding attack, the opposition can compromise storage servers, so that it can modify data files as long as they are internally consistent. To deliver secure data storage, the data needs to be encrypted. However, the data is frequently modified and this dynamic property needs to be taken into account while scheming efficient secure storage methods. Proficient search on encrypted data is also an important concern in clouds. The clouds should not know the query but should be intelligent to return the records that satisfy the query. This is achieved by means of searchable encryption. The keywords are sent to the cloud encrypted, and the cloud returns the result without knowing the real keyword for the search. The problem here is that the data records should have keywords linked with them tenable the search. The correct records are returned only when searched with the exact keywords. Safety and privacy safety in clouds are being explored by many scientists. Wang et al. Addressed storage security using Stem-Solomon erasure-correcting codes. Authentication of users using public key cryptographic methods has been studied in next sections. Various homomorphic encryption techniques have been suggested to ensure that the cloud is not able to read the data while performing computations on them. Using homomorphic encryption, the cloud receives cipher text of the data and performs computations on the cipher text and returns the encrypted value of the result. The user is able to decrypt the result, but the cloud does not know what data it hasoperated on. In such conditions, it must be possible forthe user to verify that the cloud returns correct results. Accountability of clouds is a very exciting task and involves technical issues and law enforcement. Neither clouds nor users should disagree any operations performed or wished. It is important to have log of the transactions performed, however, it is an important concern to decide how much information to keep in the log. Account ability has been addressed in Trust Cloud. Secure source as been studied in next. Considering the following situation: A law student, 2015 IJSETR. All rights reserved.

2 Siva, wants to send a chains of reports about some misuses by authorities of University Z to all the professors of University Z, research seats of universities in the country, and students belonging to Law department inall universities in the area. He wants to continue anonymous while publishing all evidence of misuse. He stores the information in the cloud. Access control is important in such case, so that only authorized users can access the data. It is also important to verify that the information derives from a consistent source. The problems of access control, authentication, and privacy protection should be solved concurrently. We address this problem in its entirety in this scheme. Access control in clouds is fast attention because it is important that only authorized users have access to valid facility. A vast amount of information is being stored in the cloud, and much of this is sensitive information. Maintenance should be taken to ensure access control of this sensitive information which can often be related to health, important documents (as in Google Docs or Drop box) or even personal information (as in social networking). There are generally three types of access control: user-based access control, role-based access control, and attribute-based access control. In User-based access control, the access control slope contains the list of users who are authorized to access data. This is not possible in clouds where there are many users. In Role-based access control, users are classified based on their different roles. Data can be accessed by users who have same roles. The roles are defined by the system. For example, only genius members and senior administrators might have access to data but not the junior administrators. Attribute-based access control is extra extended in possibility, in which users are given attributes, and the data has attached access policy. Only users with valid set of attributes, satisfying the access policy, can access the data. For example, in the above example certain records might be accessible by genius members with more than 10 years of research experience or by senior administrators with more than8 years experience. The authorities and scams of RBAC and ABA Care discussed in the above. There has been some work on ABAC in clouds. All these work use a cryptographic primitive known as attribute based encryption. The extensible access control markup language has been planned for ABAC in clouds. An area where access control is commonly being used is health care. Clouds are being used to store sensitive information about patients to enable access to medical specialists, hospital staff, researchers, and policy makers. It is important to control the access of data so that only authorized users can access the data. Using ABE, the records are encrypted under some access policy and stored in the cloud. Users are given groups of attributes and corresponding keys. Only when the users have corresponding set of attributes, can they decrypt the records stored in the cloud. Access control is also purchase importance in online social networking where users store their personal information, pictures, and videos and share them with particular groups of users or societies they belong to. Access control in online social networking has been studied in the following. Such data are being stored in clouds. It is very important that only the authorized users P. SIVSNARAYANA, V. SIVA PRASAD are given access to those information. A related situation arises when data is stored in clouds, for example, in Drop box, and shared with certain groups of people. It is just not sufficient to store the contents securely in the cloud but it might also be required to ensure privacy of the user. For example, a user would like to store some sensitive information but does not want to be acknowledged. The user might want to post a comment on an article, but does not want his/her identity to be released. However, the user should be able to verify to the other users that he/she is a valid user who stored the information without revealing the identity. There are cryptographic protocols like Signatures. The signatures are categorized into three types, they are: Ring signatures, Mesh signatures, Group signatures, which can be used in these conditions. Ring signature is not a reasonable option for clouds where there area large number of users. Group signatures assume the preexistence of a group which might not be likely in clouds. Mesh signatures do not guarantee if the message is from single user or many users colluding together. For these reasons, a new protocol known as attribute-based signature(abs) has been applied. ABS was proposed by Maji et al. In ABS, users have a claim base associated with message. The claim base helps to identify the user as an authorized one, without opening its identity. Other users or the cloud can verify the user and the validity of the message stored. ABS can be pooled with ABE to succeed authenticated access control without disclosing the identity of the user to the cloud. Table1. Existing Techniques with work SNO Technique Existing Work 1 Approach Centralized 2 Key Encryption Use Attribute Based Encryption(ABE) for Secret Key 3 Authentication Does not Provide Authentication 4 Type of Key Symmetric Key Approach 5 Attack Model Resistant to Reply Attacks Existing work on access control in cloud are centralized in nature. Except this scheme and all other schemes use ABE. The scheme in uses asymmetric key approach and does not support authentication. The schemes do not support authentications well. Earlier work by Zhao et al. provides privacy preserving authenticated access control in cloud. However, the authors take a centralized approach where single key distribution center (KDC) distributes secret key sand attributes to all users. Unfortunately, a single KDC isnot only a single idea of failure but hard to maintain because of the large number of users that are supported in aloud environment. We, consequently, emphasize that clouds should take a decentralized approach while distributing secret keys and attributes to users. It is also quite natural for clouds to have many KDCs in different locations in the world. While Yang et al. proposed a decentralized approach, their method does not authenticate users, who want to remain anonymous

3 Secure Cloud Data Access from Decentralized Servers with Access Control using Anonymous Technique while accessing the cloud. In an previous work, Ruj et al. proposed a distributed access control scheme in clouds. However, the scheme did not provide user validation. The other drawback was that a user can create and store a file and other users can only read the file. Write access was not acceptable to users other than the creator. In the primary version of this scheme, we extend our previous work with added features that enables to authenticate the validity of the message without revealing the identity of the user who has Stored information in the cloud. In this description we also address user cancellation that was not addressed in Previous. We use ABS scheme to succeed authenticity and privacy. Unlike, our scheme is strong to replay attacks, in which a user can replace new data with old data from a previous write, even if it no longer has valid claim policy. This is an important property because a user, revoked of its attributes, might no longer be able to write to the cloud. We, therefore, add this extra feature in our scheme and modify properly. Our system also allows writing multiple times which was not permitted in our previous work. A. Our Contributions The main contributions of this Scheme are the following: 1. Distributed access control of data stored in cloud so that only authorized users with valid attributes can access them. 2. Validation of users who store and modify their data on the cloud. 3. The identity of the user is secure from the cloud during validation. 4. The architecture is decentralized, meaning that there can be several KDCs for key managing. 5. The access control and validation are bothcollusion strong, meaning that no two users cancollude and access data or validate themselves,if they are independently not authorized. 6. Cancelled users cannot access data after they have been revoked. 7. The proposed scheme is hardy to replay attacks. A writer whose attributes and keys have been revoked cannot write back stale information. 8. The protocol supports multiple read and writes on the data stored in the cloud. 9. The costs are comparable to the existing centralized approaches, and the expensive operations are mostly done by the cloud II. RELATED WORK In ABE, a user has a set of attributes in addition to its single ID. There are two classes of ABEs. In key-policy ABE or KP-ABE, the sender has an access policy to encrypt data. A writer whose attributes and keys have been revoked cannot write back old information. The receiver receives attributes and secret keys from the attribute expert and is able to decrypt information if it has same attributes. In Cipher textpolicy, CP-ABE, the receiver has the access policy in the method of a tree, with attributes as leaves and monotonic access structure with AND, OR and other threshold gates. All the approaches take a centralized approach and allow only one KDC, which is a single idea of failure. Chase proposed a multi authority ABE, in which there are several KDC authorities which distribute attributes and secret keys to users. Multi authority ABE protocol was studied in above and, which essential no reliable authority which requires every user to have attributes from at all the KDCs. Newly, Lewko and Waters proposed a completely decentralized ABE where users could have zero or more attributes from each specialist and did not require a trusted server. In all these cases, decryption at user s end is calculation intensive. So, this method might be inefficient when users access using their mobile devices. To get over this problem, Green et al. proposed to outsource the decryption task to a proxy server, so that the user can calculate with minimum assets. However, the existence of one proxy and one KDC makes it less strong than decentralized approaches. Both these approaches had no way to authenticate users, anonymously. Yang et al. presented a modification of, authenticate users, who want to continue anonymous while accessing the cloud. To certify anonymous user authentication ABSs were introduced by Maji et al. This was also a centralized approach. A recent scheme by Maji et al. takes a decentralized approach and offers authentication without revealing the identity of the users. However, as stated earlier in the earlier section it is disposed to replay attack. III. BACKGROUND In this section, present our cloud storage model, challenger model and the expectations we have made in the scheme. Table1 presents the notations used throughout the scheme. We also define mathematical background usedin our proposed answer. A. Expectations 1. We make the following expectations in our work: The cloud is honest-but-curious, which means that the cloud managers can be interested in viewing user s content, but cannot modify it. This is a valid assumption that has been made.honest-but-curious model of challengers do not tamper with data so that they can keep the system functioning normally and remain unnoticed. 2. Users can have either read or write or both accesses to a file stored in the cloud. 3. All communications between users/clouds are protected by secure shell protocol, SSH. B. Strategies of Access Policies Access rules can be in any of the following formats: 1. Boolean functions of attributes 2. Linear secret sharing scheme (LSSS) matrix 3. Monotone span programs. Any access structure can be transformed into a Boolean function. C. Mathematical Background We will use bi-linear combinations on elliptic curves. Let G be acyclic group of prime order q generated by g. Let GT be a group of order q. We can define the map e: G *G G T.The map satisfies the following properties:

4 1. e(ap,bq)=e(p,q) ab for all P;Q G and a; ZZq= {0,1, 2,..., q 1}. 2. No degenerate: e(g, g) 1. P. SIVSNARAYANA, V. SIVA PRASAD Where αi, yi SK[j]. Note that all keys are delivered to theuser securely using the user s public key, such that only thatuser can decrypt it using its secret key. TABLE1. Notations Bilinear combination on elliptic curves groups is used. We donot discuss the pairing functions which mainly use Weil andtate combinations and calculated using Miller s algorithm. The optimal of curve is an important respect because itdetermines the complexity of pairing operations. D. Attribute-Based Encryption ABE with multiple specialists as proposed by Lewko and Waters continues as follows: 1. System Initialization Select a prime q, generator g of G0, groups G0 and GT oforder q, a map e: G 0 G 0 G T. and a hash function H: {0,1} / G 0. That maps the identities of users to G0. The Hash function used here is SHA-1. Each KDC Aj A has a Set of characteristics Lj. The characteristics disjoint (Li Lj =ᶲ fori j). Each KDC also chooses two random exponents α i, y i i Zq. The secret key of KDC Aj is SK[j] = {α i,y i,i L j }, (1) The public key of KDC Aj is printed PK[j] = {e (g, g) α i, g th, i L j }, (2) 2. Key Generation and Distribution by KDCs User Uu receives a set of characteristics I[j,u]from KDC Aj, and matching secret key ski;u for each I I[j,u] SK i,u = g α i H(u) y i, (3) 3. Encryption by Sender The encryption function is ABE, Encrypt (MSG; X). Sender chooses about the access tree Y. LSSS matrix R can be derived as described in Section 3.2. Sender encrypts message MSG as follows: 1. Choose a random seed S Zq and a random vector v Z h q, with s as its first entry; h is the number of leaves in the access tree. 2. Calculate λx=rx. v, where Rx is a row of R. 3. Choose a random vector w Z h q with 0 as the first entry. 4. Calculate wx ¼ Rx, w. 5. For each row Rx of R, choose a random px Zq. 6. The following limitations are calculated: C 0 = MSGe(g, g) s C 1,x = e(g, g) x e(g, g) απ(x)px, vx, (4) C 2,x = g px vx, C 3,x = g yπ(x)px g wx vx, Where π(x) is mapping from Rx to the attribute i that is placed at the corresponding leaf of the access tree. 7. The cipher text C is sent by the sender C = [R,π,C 0, {C 1,x, C 2,x, C 3,x,V x }] (5) 4. Decryption by Receiver The decryption function is ABE. Decrypt(C, {sk i,u }), where C is given by (5). Receiver Uu takes as input cipher text C, secret keys {sk i,u }, group G0, and outputs message msg. It finds the access matrix R and planning π from C. It then finishes the following steps: 1. Uu calculates the set of attributes {π(x): x X} I u that are common to itself and the access matrix. X is the set of rows of R. 2. For each of these attributes, it checks if there is asubset Y of rows of R, such that the vector (0, 1, 2 0)their linear arrangement. If not, Decryption is difficult. If yes, it computes constants Cx Zq, such that x X, C x, R x = (0,1,.,0). 3. Decryption proceeds as follows: a. For each x X,dec(x) =C 1,x e(h(u),c 3,x )/e(sk π(x),u,c 2,x ) b. Uu computes MSG = C0/π x X dec(x). E. Attribute-Based Signature Scheme ABS scheme has the following steps. 1. System Initialization Select a prime q, and groups G1 and G2, which are of order q. We define the planning G1 G1 G2. Let g1; g2 becreators of G1 and hj be creators of G2, for j [t max ],for random tmax. Let H be a hash function. Let A0 = h 0 a0,where a0 Zq is chosen at random. (TSig,TV er) mean TSig is the private key with which a message is signed andtv er is the public key used for confirmation. The secret key for the trustee is TSK = (a 0,TSig) and public key istpk =(G1,G2,H,g1,A0, h0, h1,...,h tmax, g2, TV er). 2. User Registration For a user with identity Uu the KDC draws at random K base G. Let K 0 = K 1/a0 base. The following token ᴦ is output

5 Secure Cloud Data Access from Decentralized Servers with Access Control using Anonymous Technique ᴦ = (u,kbase,k0,p) (6) Where p is signature on u//kbase using the signing key TSig. 3. KDC Setup Choose a; b Zq casually and calculate: Aij h a j,bij h b j, for Ai AA, j [tmax]. The private key of ith KDC is ASK[i]=(a; b) and public key APK[i]=(Aij;Bijjj [tmax]). 4. Attribute Generation The token verification algorithm verifies the signature checked in ᴦ using the signature verification key TV er in TPK. This algorithm extracts Kbase from ᴦ using (a,b) from ASK [i] and computes Kx =K 1/(a+b ) base, x J[I, u]. Thekey Kx can be checked for reliability using algorithm ABS. KeyCheck(TPK,APK[i],ᴦ,Kx), which checks E (K x,a ij B ij) = e (K base,h j ) receives a token from the trustee, who is assumed to be truthful. A trustee can be someone like the central government who manages social protection numbers etc. On donating her id, details, the trustee gives her a token γ. There are multiple KDCs, which can be spread. For example, these can be servers in different parts of the world. A creator on offering the token to one or more KDCs receives keys for encryption/decryption and signing. In the The message MSG is encrypted under the access policy Y. The access policy decides who can access the data stored in the cloud. 5. Sign The algorithm ABS.Sign(TPK,{APK[i]: I AT[u]},ᴦ, {K x J u }, MSG,y), has input the public key of the trustee, the secret key of thesigner, the message to be signed and the policy statementy. The policystatement is first converted into the span programm ZZ l t q, with rows categorized with attributes. Mx meansrow x of M. Let π represent the mapping from rows to theattributes. So, π (x) is the mapping from Mx to attribute x. Avector v is calculated that satisfies the assignment {x : x J[I, u]}. Compute µ=h(msg//y). Select r0 ZZqand ri ZZq; i Ju, and calculate: Y = K r0 base,s i = (K vi i) r0.(g 2 g 1 µ ) ri (vi J u ), (7) W=K 0 r0,p j =π i AT(u) (A ij Bij π (i) ) Mijri (v j [t]). (8) The signature is considered as Σ=(Y,W,S 1, S 2, S i,p 1,P 2,...,P i ) (9) 6. Verify Algorithm ABS.Verify(TPK,σ=(Y,W,S 1,S 2, S i,p 1,P 2,..,P i ), MSG,Y), changes Y to the corresponding monotone programm ZZl_tq, with rows labeled with attributes. Compute µ =H(MSG//y), ABS.Verify = 0 meaning false. Otherwise, the following constraints are checked E (W,A 0 ) =?e (Y,h 0 ) (10) Π i l e (S i,a i,j B ij π (I ) ) Mij ) =? {e (Y,h 1 )e (g2g1 µ,p1), J=1 {e (g2g1 µ,p j ),J>1 (11) Where i =At[i]. IV. PROPOSED PRIVACY PRESERVING VALID ACCESS CONTROL SCHEME In this division, we propose our privacy preserving authenticated access control scheme. According to our scheme a user can create a file and store it strongly in the cloud. This scheme consists of use of the two protocols ABE and ABS, as discussed in above, correspondingly. I will first discuss our scheme in details and then provide real example to validate how it works. We mention to the Fig. 1. There are three users, a creator, a reader, and writer. Creator Siva Fig.1. Our secure cloud storage model. The cipher text C with signature is c, and is sent to the cloud. The cloud verifies the signature and stores the cipher text C. When a reader wants to read, the clouds ends C. If the user has attributes same with access policy, it can decrypt and get back original message. Write proceeds in the similar way as file creation. By defining the verification process to the cloud, it releases the individual users from time reducing verifications. When a reader wants to read some data stored in the cloud, it tries to decrypt it using the secret keys it receives from the KDCs. If it has sufficient attributes matching with the access policy, then it decrypts the information stored in the cloud. A. Data Storage in Clouds A user Uu first registers itself with one or more trustees. For simplicity we adopt there is one trustee. The trustee gives it a token γ = (u,k base,k 0,p),where p is the signature on u//k base signed with the trustees private key TSig (by (6)). The KDCs are given keys PK[i], SK[i] for encryption/ decryption and ASK[i],APK[i] for signing/verifying. The user on offering this token takes attributes and secret keys from one or more KDCs. A key for an attribute x going to KDC Ai is calculated as Kx =K base (1/a+bx), where (a; b) ASK[i]. The user also receives secret keys SKx,u forencrypting messages. The user then creates an access policyx which is a monotone Boolean function. The message isthen encrypted under the access policy as C = ABE.Encrypt(MSG,x). (12) The user also constructs a right policy Y to enable the cloud to authenticate the user. The creator does not send the message MSG as is, but uses the time stamp and creates H(C)//T. This is done to check replay attacks. If the time stamp is not sent, then the user can write previous old message back to the cloud with a valid signature, even when

6 its right policy and attributes have been canceled. The original work by Maji et al. suffers from replay attacks. In their scheme, a writer can send its message and correct signature even when it no longer has access rights. In our scheme a writer whose rights have been canceled cannot create a new signature with new time stamp and, thus, cannot write back stale information. It then signs the message and computes the message signature as σ = ABS.Sign (Public key of trustee, Public key of KDCs,token, signing key, message, access claim): The following facts is then sent in the cloud C=(C,T,σ,Y) (13) The cloud on receiving the information verifies the access right using the algorithm ABS: verify. The creator checks the value of V = ABS.Verify (TPK;σ,c,Y) If V = 0,then verification has failed and the message is rejected. Else, the message (C,T) is stored in the cloud. B. Reading from the Cloud When a user needs data from the cloud, the cloud sends the cipher text C using SSH protocol. Decryption proceeds using algorithm ABE: Decrypt(C,{SK i,u }) and the message MSG is calculated as given in Section above. C. Writing to the Cloud To write to an previously existing file, the user must send its message with the right policy as done during file creation. The cloud verifies the right policy, and only if the user is reliable, is allowed to write on the file. D. User Revocation We have just argued how to check replay attacks. We will now discuss how to handle user revocation. It should be confirmed that users must not have the facility to access data, even if they have same set of attributes. For this reason, the owners should modification the stored data and send updated information to other users. The set of attributes Iu overcome by the canceled user Uu is noted and all users change their stored data that have attributes i Iu. In [13], cancelation involved changing the public and secret keys of the least set of attributes which are required to decrypt the data. We do not consider this method because here different data are encrypted by the same set of attributes, so such a least set of attributes is different for different users. Consequently, this does not apply to our model. Once the attributes Iu are recognized, all data that have the attributes are collected. For each such data record, the following steps are then carried out: 1. A new value of S, Snew ZZq is selected. 2. The first entry of vector Vnew is changed to new Snew. 3. C 1,x is recalculated for x. 4. New value of C1,x is securely transferred to the cloud. 5. Fresh value of C1,x is not stored with the data, but is transferred to users, who wish to decrypt the data. We note here that the fresh value of C1,x is not stored in the cloud but transferred to the non revoked users who have attribute equivalent to x. This checks a revoked user to decrypt the new value of C0 and get back the message. P. SIVSNARAYANA, V. SIVA PRASAD Table1. Proposed Techniques with Advantages S.NO Technique Proposed 1 Approach Decentralized 2 Key Encryption Use Key Distribution Center(KDC) for Key Encryption 3 Authentication Authenticate the validity of the message without revealing the identity of the user who has stored information in the Cloud. 4 Type of Key Public Key Approach 5 Attack Model Resistant to collusion attacks. V. SECURITY OF THE PROTOCOL In this Scheme, we will prove the safety of the protocol. We will show that our system verifies a user who wants to write to the cloud. A user can only write providing the cloud is able to authenticate its access right. An invalid user cannot receive attributes from a KDC, if it does not have the authorizations from the trustee. If a user s authorizations are canceled, then it cannot replace data with earlier old data, thus checking replay attacks. Theorem 1: Our access control scheme is safe, collusion strong and allows access only to authorized users. Proof: We first show that no illegal user can access data from the cloud. We will first verify the validity of our system. A user can decrypt data if and only if it has same set of attributes. This follows from the fact that access structure S is created if and only if there occurs a set of rows X0 in R, and direct constants Cx ZZq, such that x X,C x,r x = (1,0,,0). A resistant of this appear in. We note that Dec(x)= =e(g, g) λx e(h(u),g) wx, (14) Thus π x X dec(x) =π x X (e(g,g) λx e(h(u),g) cx (15) = e(g,g) s. Equation (15) above holds because λ x =Rx. v and wx = Rx. w, where v.(1, 0,..., 0)= r and w.(1, 0,... 0)= 0. C0/πx X dec(x) = C0/e(g, g) s = M. For an illegal user, there does not occurs attributes corresponding to rows x, such that x X,C x,r x =(1,0,,0). Thus, e(g, g) s cannot be calculated. We next show that two or more users cannot collude and gain access to data that they are not independently supposed to access. Suppose that there exist attributes Π(x) from the colluders, such that x X,C x,r x =(1,0,,0). However, e(h(u),g) wx needs to be calculated permitting to (15). Since different users have different values of e(h(u),g), even if they trust their attributes, they cannot decrypt the message. We next detect that the cloud cannot decode stored data. This is because it does not have the secret keys SK i,u. Even if it colludes with further users, itcannot decrypt data which the users cannot themselves decrypt, because of the above reason. The KDCs are placed in different servers and are not owned by the cloud. For this reason, even if some KDCs are cooperated, the cloud can note code data.

7 Secure Cloud Data Access from Decentralized Servers with Access Control using Anonymous Technique Theorem2: Our validation scheme is correct, collusion secure, strong to replay attacks, and keeps privacy of the user. Proof: We first note that only legal users registered with the trustee(s) receive attributes and keys from the KDCs. A user s token is γ=(u,kbase,k0,p), where p is signature on U//K base with TSig going to the trustee. An illegal user with a changed user-id cannot create the same signature because it does not know TSig. Our system is strong to replay attacks. If a writer s access rights are canceled, it cannot exchange a data with old data from earlier writes. This is because it has to attach a fresh time stamp and sign the message H(C)k again. Since it does not have attributes, it cannot have a legal signature. Table2. Notations IV. CALCULATION COMPLEXITY In this calculation complexity, we present the calculation difficulty of the privacy preserving access control protocol. We will compute the calculations essential by users (creator, reader, and writer) and that by the cloud. Table 2 presents notations used for different operations. The creator needs to encrypt the message and sign it. Creator needs to compute one pairing e (g, g). Encryption takes two exponentiations to calculate each of C1,x. So this needs 2mET time, where m is the sum of attributes. User needs to compute three exponentiation to calculate C2,x and C3,x. So time taken for encryption is (3m + 1) E0+2mET + TP. To sign the message, Y,W,S i. s and Pjs have to be calculated as well as H (C). So, time taken to sign is(2l + 2) E1 + 2tE2 + H. The cloud wants to validate the signature. This needs checking for (11). Time taken to authenticate is (l + 2t)Tp +l(e1 + E2)+TH. To read, a user wants only to decrypt the cipher text. This needs 2m combinations to compute e(h(u),c3,x) and e(sk π(x),u,c2,x) and O(mh) to find the vector c.decryption takes 2mTP +TH +O(mh). Writing is related tocreating a record. The size of cipher text with signature is2m/g0/+m/g T /+m 2 +/MSG/+(l + t + 2)/G1/. Table3. Comparison of Our Scheme with Existing Access Control Schemes PBC library is a C library which is constructed above GNU GMP library and holds functions to implement elliptic curves and combination operations. Each element of G wants 512 bits at an 80-bitsafety level and 1,536 bits when 128-bit of safety are chosen. Each cryptographic procedure was realized using the PBC library ver on a 3.0-GHZprocessor PC. The public key limits were selected to provide 80-bit safety level. According to, implementation uses 160-bit elliptic curve group on the super singular curve y2 =x3+x x over a 512-bit limited field. The computational cost for a combination operation is 2.9ms and that of exponentiation on G (and G0) and GT (and G2)are 1 and 0.2 ms, respectively. VII. CONTRAST WITH OTHER ACCESS CONTROL SYSTEMS IN CLOUD We compare our system with other access control systems (in Table3) and show that our scheme supports many Contrast of Our Scheme with Existing Access Control Systems Contrast of Calculation and Size of Cipher text Although Creating a File Contrast of Calculation throughout Read and Write by User and Cloud structures that the other structures did not support. 1-W-M-Rmeans that only one user can write while many users can read. M-W-M-R means that many users can write and read. We see that most structures do not support many writes which is supported by our system. Our structure is strong and decentralized, most of the others are centralized. Our system also supports privacy preserving authentication, which is not supported by others. Most of the structures donot support user cancelation, which our scheme does. We associate the calculation and communication costs experienced by the users and clouds and display that our distributed method has similar costs to centralized approaches. The most luxurious operations including combinations and is done by the cloud. If we associate the calculation load of user during read we see that our system has comparable costs. Our system also compares well with the other authenticated system of above. VIII. CONCLUSION We have presented a Secure Cloud Data Access from Decentralized Servers with Access Control Using Anonymous Technique, which provides user cancelation and checks replay attacks. The cloud does not know the identity of the user who stores information, but only confirms the user s identifications. Key distribution is done in a decentralized way. One drawback is that the cloud knows the access policy for each record stored in the cloud. In upcoming, we would like to hide the attributes and access rule of a user. IX. REFERENCES [1] S. Ruj, M. Stojmenovic, and A. Nayak, Privacy Preserving Access Control with Authentication for Securing Data in Clouds, Proc.IEEE/ACM Int l Symp. Cluster, Cloud and Grid Computing, pp , [2] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, Toward Secure and Dependable Storage Services in Cloud Computing, IEEE Trans. Services Computing, vol. 5, no. 2, pp , Apr.-June [3] Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, Fuzzy Keyword Search Over Encrypted Data in Cloud Computing, Proc. IEEE INFOCOM, pp , 2010.

8 P. SIVSNARAYANA, V. SIVA PRASAD [4] H. Li, Y. Dai, L. Tian, and H. Yang, Identity-Based Authentication for Cloud Computing, Proc. First Int l Conf. Cloud Computing (CloudCom), pp , [5] H.K. Maji, M. Prabhakaran, and M. Rosulek, Attribute- Based Signatures, Topics in Cryptology - CT-RSA, vol. 6558, pp , [6] A. Sahai and B. Waters, Fuzzy Identity-Based Encryption, Proc.Ann. Int l Conf. Advances in Cryptology (EUROCRYPT), pp ,2005. [7] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, Proc. ACM Conf. Computer and Comm. Security, pp , [8] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext- Policy Attribute-Based Encryption, Proc. IEEE Symp. Security and Privacy, pp , [9] M. Chase, Multi-Authority Attribute Based Encryption, Proc. Fourth Conf. Theory of Cryptography (TCC), pp , [10] M. Chase and S.S.M. Chow, Improving Privacy and Security in Multi-Authority Attribute-Based Encryption, Proc. ACM Conf. Computer and Comm. Security, pp , [11] A.B. Lewko and B. Waters, Decentralizing Attribute- Based Encryption, Proc. Ann. Int l Conf. Advances in Cryptology (EUROCRYPT), pp , [12] J. Hur and D. Kun Noh, Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems, IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 7, pp , July [13]For more information on this or any other computing topic, please visit our Digital Library at publications/dlib.