Application Based Access Control on Cloud Networks for Data Security



Similar documents
EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Role Based Encryption with Efficient Access Control in Cloud Storage

Data management using Virtualization in Cloud Computing

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

IMPLEMENTATION OF NETWORK SECURITY MODEL IN CLOUD COMPUTING USING ENCRYPTION TECHNIQUE

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Data Security Using Reliable Re-Encryption in Unreliable Cloud

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud FTP: A Case Study of Migrating Traditional Applications to the Cloud

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Concrete Attribute-Based Encryption Scheme with Verifiable Outsourced Decryption

DESIGN AND IMPLEMENTATION OF A SECURE MULTI-CLOUD DATA STORAGE USING ENCRYPTION

Secure Data Sharing in Cloud Computing using Hybrid cloud

SECURING CLOUD DATA COMMUNICATION USING AUTHENTICATION TECHNIQUE

CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS

Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments

Keyword: Cloud computing, service model, deployment model, network layer security.

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

An Intelligent Approach for Data Fortification in Cloud Computing

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

NCTA Cloud Architecture

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

Dynamic Query Updation for User Authentication in cloud Environment

Identifying Data Integrity in the Cloud Storage

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud

Scientific Journal Impact Factor (SJIF): 1.711

Secure Multi Authority Cloud Storage Based on CP- ABE and Data Access Control

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

HYBRID ENCRYPTION FOR CLOUD DATABASE SECURITY

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Security Considerations for Public Mobile Cloud Computing

Implementing XML-based Role and Schema Migration Scheme for Clouds

Cryptographic Data Security over Cloud

MIGRATION FROM SINGLE TO MULTI-CLOUDS TO SHRIVEL SECURITY RISKS IN CLOUD COMPUTING. K.Sireesha 1 and S. Suresh 2

Cloud-Security: Show-Stopper or Enabling Technology?

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

CP-ABE Based Encryption for Secured Cloud Storage Access

Chapter 1: Introduction

Privacy Preservation and Secure Data Sharing in Cloud Storage

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

Chapter 23. Database Security. Security Issues. Database Security

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Security Testing & Load Testing for Online Document Management system

Cloud Computing. Cloud computing:

Analysis of Different Access Control Mechanism in Cloud

Secure cloud access system using JAR ABSTRACT:

Role of Cloud Computing in Education

Verifying Correctness of Trusted data in Clouds

A Model for Data Protection Based on the Concept of Secure Cloud Computing

Cloud Computing Services and its Application

A Survey on Cloud Security Issues and Techniques

Secure Way of Storing Data in Cloud Using Third Party Auditor

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

Improving data integrity on cloud storage services

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING

Enhance data security of private cloud using encryption scheme with RBAC

Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing

Near Sheltered and Loyal storage Space Navigating in Cloud

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

Providing Data Protection as a Service in Cloud Computing

CLOUD COMPUTING SECURITY CONCERNS

ADVANCE SECURITY TO CLOUD DATA STORAGE

Data Integrity by Aes Algorithm ISSN

Data Security in Cloud

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

A Proxy-Based Data Security Solution in Mobile Cloud

Enabling Public Auditability, Dynamic Storage Security and Integrity Verification in Cloud Storage

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

APPLICATION OF CLOUD COMPUTING IN ACADEMIC INSTITUTION

Transcription:

Application Based Access Control on Cloud Networks for Data Security Ms. Smitha P M.Tech in DCN, Department of ECE GSSSIETW, Mysuru Karnataka, India Smitha.21sn @gmail.com Mrs. Manjula G Associate. Proffesor, Department of ECE GSSSIETW, Mysuru Karnatak, India manju22378@gmail.com ABSTRACT In the present world technologies the cloud based application has a flexible and on demand computing infrastructure. In cloud computing users keep their data in the cloud server which is deployed in virtual cloud and accesses it by Internet from anywhere. Here the security problem arises like file hacking, privacy, virus etc., so the users need security to their data which is stored at public cloud. Here by Attribute based access control can provide the security in the infrastructure network layer by generating key to the each file and giving one time valid security key to decrypt the encrypted data from cloud also providing an advanced search of data files by authors or document name which makes user to find the required file easily in the N number of files. Keywords - Access control, encryption, decryption, key generation. I. INTRODUCTION Internet has been a driving force in today s various technologies that have been developed. One of the most widely using technology is cloud computing. Cloud computing is an application or service that runs on a distributed network using resources which is virtualized and accessed over internet. Cloud services allow individuals to use software and hardware that are managed by third parties at remote locations. Cloud services include online data storage, social networking sites, webmail, and online business applications. Cloud computing can significantly reduce the cost and complexity of the networks and other benefits to users include scalability, reliability and efficiency [8]. There are four type of Cloud Computing. a. Private Cloud: A private cloud is used for particular organization that controls the virtualized resources within that organization. Example: SOX, SAS 70. [6] b. Public Cloud: Public clouds are used for public use by a particular organization or company. Example: Rackspace, Amazon Web Services (AWS), Microsoft Azure, Google App Engine [10]. c. Community Cloud: Shared through various organizations or company. Example, Google managed government cloud. d. Hybrid Cloud: Hybrid cloud means combination of two or more cloud to form a single cloud. Example: Amazon s3 [1]. There are three different cloud service models a. SaaS: Software as a Service, in this the service provider gives complete software and application to the rent. User must pay fixed amount monthly for it. Example: Gmail, Google Drive etc. b. PaaS: Platform as a Service, here service provider gives the plat form to run our application at cloud. Example: Google Gears, Microsoft Azure. c. IaaS: Infrastructure as a Service, it provides resources for rent such as network, storage, server in the method as pay per usage. Example: AWS, Google s Compute Engine. Virtual network is a link that does not consist of a physical connection between two computing systems and it is implemented using a method of network virtualization. Exploring privacy and effective advance search of encrypted file over this different kind of cloud services is Complex, this problem is particularly challenging as it is extremely difficult to meet the requirements of performance with security at the network layer. 1

II. RELATED WORK The main challenges in the present scenarios are security and privacy issues which occur due to the information or data or application transformation over the untrusted cloud by unsecure virtual networks. Generally there are two types of security threats such as internal and external. The external threats are attackers, hackers or virus. The internal security threat is posed by official members of cloud providers [1]. In this section, we review the different existing methodology using for access control which are proposed by others. Later in next section we explain our proposed technique for access control in cloud computing and how it is different and useful. Security Issues in Cloud Networks: There are many security issues present at cloud in each layer of data transmission, network, server, storage and application. The basic security issue is hacking. Where the attackers insert a malicious code or a script to the resource by this attackers gain unauthorized access to a database and become able to access sensitive information. SQL injection attacks, Cross Site Scripting (XSS) attacks, Man in the Middle attacks (MITM), Domain Name Service Attacks and Packet Attacks etc. To avoid this kind of hacking through virtual network many authors and scientists proposed many methods for data security. a. Mandatory Access Control (MAC): The users are given permissions to resources by an administrator. It is mostly used in military and government applications. MAC provides multilevel security it prevents from unauthorized users from making changes. The major drawback in MAC is that, only an administrator can grant permissions to access for resources and once the security level is identified to particular subject then it won t modify the security level [12]. b. Discretionary Access Control (DAC): The access to resources is based on user's identity. A user is granted permissions to a resource by an access control list (ACL) associated with resource. The disadvantage is it can be easily attacked by third parties. There is no consistency on information [2]. d. Role-Based Access Control (RBAC): In existing system a Cloud Computing PDPs (Policy Decision Point) are commonly implemented as logically centralized authorization servers, providing important benefits: consistent policy enforcement across multiple PDPs and reduced administration costs of authorization policies. Care should be taken to ensure that a user has the minimum required privileges to perform a task under a particular role, and that no role can be assigned to two or more tasks at the same time [6]. e. Temporal- RBAC (TRBAC): Then Bertino et al and Y.Zhu and team in [15] introduce a method for temporal- RBAC (TRBAC) in cloud computing. In [15] these schemes applicable when data owners and the service providers are within the same trusted domain. But it is very costly scheme and the task the user has to perform with the assigned role. f. Identification Based Access Control (IBAC): A. Sahai and B. Waters introduced An IBAC scheme allows for a private key for an identity x, to decrypt a encrypted data with an identity, x, if and only if the identities x and x are close to each other. IBAC was found to be weak to defend a large growth of advanced concepts in access control were introduced owner/ group/ consumer. IBAC proved to be problematic for distributed systems as well. Managing access to the system and resources became difficult [3]. III. PROPOSED METHEDOLOGY In the new proposed system we implement a method which overcomes the existing modules limitations. In this new access control module we can reduce the expensive of decryption and also one user can use key to decrypt data only at once. In this paper, we first modify the original model of ABE with outsourced decryption in existing system to allow for verifiability of the transformations. After describing the formal definition of verifiability, we propose a new ABE model and based on this new model construct a concrete ABE scheme with verifiable outsourced decryption. Our scheme does not rely on random oracles. 1

Large systems are always decomposed into sub-systems that provide some related set of services. The initial design process of identifying these sub-systems and establishing a framework for sub-system control and communication is called Architecture design and the output of this design process is a description of the software architecture. New proposed model has a hierarchical structure as shown in the figure 1. In this system architecture the manager acts a main role. Initially the cloud service provider (CSP) or admin assign one manager or domain authority who will register both the data owner and data consumer. Data owner encrypt his data and save that on cloud. The manager shares the public key with the user only if they registered. If the same user use the same key to access the data again it is not possible. We consider both the owners and the users as cloud user. For each cloud users, our system keeps an attribute set which contains a set of attributes corresponding to each user. Basic operation of proposed modules Figure 1: System Architecture a. System Setup Module: In this module, first cloud service provider creates a trusted domain authority or says manager. Then manager will register the Data Owner and data consumer. Where manager give unique ID and password to each by which they can access to cloud data. b. File Upload Module: In this module, develop the file upload module process, when a data owner wants to outsource and share a file with some users, he/she encrypts the file to be uploaded under a specified attribute set (resp. access policy). c. File Access Module: In this module, create the file access module, When a user wants to access an outsourced file, he/she downloads ciphertext from cloud and decrypts it with the help of key by getting it from manager and that key will be valid only at once to access the data. d. User Deletion Module: By any malicious activity found by cloud service provider by any user, then CSP can revoke or delete that user registration. A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that shows how processes operate with one another and in what order. It is a construct of a Message Sequence Chart. Sequence diagrams are sometimes called event diagrams, event scenarios, and timing diagrams. In figure 2 can clearly shows as how the work done in this methodology and its flow. In this figure 2 has shown how the modules takes place in the flow. It is shown in pictorial representation. The key is generated using attribute based encryption algorithm. Where the file name and file size are considered as an attributes and does the AND and OR operation to get secrete key and master key. 2

DATABASE Data Consumer Data Owner Domain Authority Crate Account Crate Account Create Account Upload files Key Generation Request for files Key Keys Key Read access policy Figure 2: Sequence Diagram IV. RESULTS In the final developed these modules using a web technology JAVA J2EE and wrote the code in java server programming and successfully login by admin and registered the domain authority. Then domain authority person successfully registered data owner and data consumer and also can delete any of the cloud service user. Data owner logged in and uploaded data and generated key successfully. At last data consumer download data by accessing cloud using a key. The key will be provided by the domain authority. Also tested if the same user tries to access data again using same key he is unable to access it. Figure 3: Registration Process Figure 3 shows the registration process of the user where the domain authority person does it. 3

Figure 4: Access Process Figure 4 shows how the user accessing to the data which he/she need getting key from the domain authority. Figure 5 shows the finally accessing to the particular data by the user. Figure 5: Access File With Key V. CONCLUSION Access control decisions are very important for any shared system. In this paper the proposed module is highly efficient model. It is providing key based security for decryption of data. The key is valid just one time for same user. This model ensure both security and access control in cloud computing. The main operations in this work are System setup, file upload, and file access and user deletion. This model reduces the work of data owner and decryption also not expensive. Future Enhancement In present work had developed the manager work manually. Can do his process automatically by setting up own server at any cloud service provider. Example at Amazon Web Services (AWS) or Microsoft Google etc., can place virtual instance by pay per use method and can deploy this application for any organization or for company to provide security by using this access control application. 4

REFERENCES [1]. International Journal of Advanced Research in Computer Science and Software Engineering, Volume 4, Issue 10, October 2014, ISSN: 2277 128X [2]. Singh et al., International Journal of Advanced Research in Computer Science and Software Engineering 3(6), June - 2013, pp. 1136-1142 [3]. Asian research publication network Journals of Engineering and Applied Sciences. vol. 7, no. 5 May 2012 ISSN 1819-6608. [4]. International Journal of Scientific and Research Publications, Volume 3, Issue 9, September 2013 2 ISSN 2250-3153 [5]. Review of Access Control Models for Cloud Computing Jackson State University, 1400 Lynch St, Jackson, MS, USA [6]. IJARCET Volume 1, Issue 8, October 2012. A Survey on Access Control of Cloud Data. ISSN: 2278 1323 [7]. A Survey on Security Issues in Cloud Computing, Rohit Bhadauria, School of Electronics and Communications Engineering, Vellore Institute of Technology, Vellore, India. [8]. Secure Networking for Virtual Machines in the Cloud, Miika Komu, Mohit Sethi, Ramasivakarthik Mallavarapu, Heikki Oirola and Rasib Khan, firstname.lastname@aalto.fi. [9]. Network Security for Virtual Machine in Cloud Computing, Yi Ding Department of Electrical and Computer Engineering Purdue University Calumet Hammond, IN, USA, dingy@calumet.purdue.edu [10]. Secure Networking for Virtual Machines in the Cloud, Sasu Tarkoma University of Helsinki, sasu.tarkoma@helsinki.fi [11]. International Journal of Computing & Business Research ISSN (Online): 2229-6166, Security Issues and their Solution in Cloud Computing, Prince Jain Malwa Polytechnic College Faridkot, Punjab-151203, India prince12.jain@gmail.com [12]. International Journal of Intelligent Computing in Science & Technology (ISSN 2348-8204), Vol.3 No.1, June 2014, Implementation of Virtual Overlay Frame-works Using Cloud-based Security. [13]. Attribute-based encryption for fine-grained access control of encrypted data. V.Goyal, O. Pandey,A. Sahai, and B.Waters [14]. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. B. Waters. [15]. Y.Zhu, Hu, D.Huang, S.Wang, Towards Temporal Access Control in Cloud Computing, Arizona State University, U.S.A. [16]. N. Attrapadung, J. Herranz, F. Laguillaumie, B. Libert, E. de Panafieu, and C. Ràfols, Attribute-based encryption schemes with constantsize ciphertexts, Theor. Comput. Sci., vol. 422, pp. 15 38, 2012. [17]. S. Hohenberger and B. Waters, Attribute-based encryption with fast decryption, in Proc. Public Key Cryptography, 2013, pp. 162 179. [18]. M. Green, S. Hohenberger, and B.Waters, Outsourcing the decryption of ABE ciphertexts, in Proc. USENIX Security Symp., San Francisco, CA, USA, 2011. [19]. R. Ostrovsky, A. Sahai, and B. Waters, Attribute-based encryption with non-monotonic access structures, in Proc. ACM Conf. Computer and Communications Security, 2007, pp. 195 203. [20]. B. Waters, Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization, in Proc. Public Key Cryptography, 2011, pp. 53 70. [21]. A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters, Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption, in Proc. EUROCRYPT, 2010, pp. 62 91. [22]. T. Okamoto and K. Takashima, Fully secure functional encryption with general relations from the decisional linear assumption, in Proc. CRYPTO, 2010, pp. 191 208. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information