Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption



Similar documents
A Secure Decentralized Access Control Scheme for Data stored in Clouds

DECENTRALIZED ACCESS CONTROL TO SECURE DATA STORAGE ON CLOUDS

Attribute Based Encryption with Privacy Preserving In Clouds

Data Storage Security Based on Decentralized Access Control without Knowing Client s Identity in Cloud

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Data management using Virtualization in Cloud Computing

Providing Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud

MULTI ATTRIBUTE BASED SECURITY AND KEY DISTRIBUTION FOR SECURE STORAGE IN CLOUDS

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

Privacy Preservation and Secure Data Sharing in Cloud Storage

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage.

A Novel Frame Work For Cloud Computing Security By Using Abe

KEY-POLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Secure Data Sharing in Cloud Computing using Hybrid cloud

A Comparative Study of Applying Real- Time Encryption in Cloud Computing Environments

Localized Approach Management with Unknown of Accumulation Stored In Cloud Repository

Keywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.

PRIVACY PRESERVING OF HEALTH MONITORING SERVICES IN CLOUD

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

ADVANCE SECURITY TO CLOUD DATA STORAGE

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

A Survey on Privacy-Preserving Techniques for Secure Cloud Storage

IMPLEMENTATION OF NETWORK SECURITY MODEL IN CLOUD COMPUTING USING ENCRYPTION TECHNIQUE

Performance Evaluation Panda for Data Storage and Sharing Services in Cloud Computing

Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

Data Security Using Reliable Re-Encryption in Unreliable Cloud

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage.

Key Distribution Centre with Privacy Preserving Authentication Data Storage in Clouds

PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE

Enable Public Audit ability for Secure Cloud Storage

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

Keywords-- Cloud computing, Encryption, Data integrity, Third Party Auditor (TPA), RC5 Algorithm, privacypreserving,

IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT

Role Based Encryption with Efficient Access Control in Cloud Storage

Ranked Keyword Search Using RSE over Outsourced Cloud Data

Enabling Public Auditability, Dynamic Storage Security and Integrity Verification in Cloud Storage

SURVEY ON: CLOUD DATA RETRIEVAL FOR MULTIKEYWORD BASED ON DATA MINING TECHNOLOGY

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Improving data integrity on cloud storage services

A SECURE CLOUD WITH ADDITIONAL LAYER OF PROTECTION AND USER AUTHENTICATION

Secure Alternate Viable Technique of Securely Sharing The Personal Health Records in Cloud

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

Secure Privacy Preserving Public Auditing for Cloud storage

Secure Multi Authority Cloud Storage Based on CP- ABE and Data Access Control

Near Sheltered and Loyal storage Space Navigating in Cloud

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Data Grid Privacy and Secure Storage Service in Cloud Computing

Swathi matha P.G,Student,Jyothi.S,Asst professor,neetha Natesh,Associate professor,dr.ait,bangalore. A) Examples Of model:

PRIVACY PRESERVING AND BATCH AUDITING IN SECURE CLOUD DATA STORAGE USING AES

Privacy-Preserving Public Auditing & Data Intrgrity for Secure Cloud Storage

AN EFFICIENT STRATEGY OF THE DATA INTEGRATION BASED CLOUD

A Hybrid Load Balancing Policy underlying Cloud Computing Environment

TITLE: Secure Auditing and Deduplicating Data in Cloud(Survey Paper)

CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS

A Road Map on Security Deliverables for Mobile Cloud Application

Transcription:

Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption 1 Thota Naresh Kumar, 2 K.SRINIVAS, 3 Y.Raju 2 Associate Professor, 3 Associate Professor 1,2,3 Department of Information Technology 1,2,3 Geethanjali College of Engineering & Technology. Abstract- Cloud computing multitenancy feature, which provides privacy, security and access control challenges, because of sharing of physical resources among untrusted tenants. In order to achieve safe storage, policy based file access control, policy based file assured deletion and policy based renewal of a file stored in a cloud environment, a suitable encryption technique with key management should be applied before outsourcing the data. In this paper we implemented secure cloud storage by providing access to the files with the policy based file access using Attribute Based Encryption (ABE) scheme with RSA key public-private key combination. Private Key is the combination of the user s credentials. So that high security will be achieved. Time based file Revocation scheme is used for file assured deletion. When the time limit of the file expired, the file will be automatically revoked and cannot be accessible to anyone in future. Manual Revocation also supported. Policy based file renewal is proposed. The Renewal can be done by providing the new key to the existing file, will remains the file until the new time limit reaches. Keywords: cloud storage, renewal policy, decentralized access, policy based access. I.Introduction The investigation in cloud computing has received a lot of interest from educational and business worlds. In cloud computing users can contract out their calculation and storage to clouds using Internet. This frees users from problem of maintaining resources on-site. The services like applications, infrastructure and platforms are provided by cloud and helps developers to write application. The data is encrypted for the sake of secure data storage. The data stored in cloud is frequently modified so this feature is to be considered while designing the proficient secure storage techniques. The important concern is that encrypted data is to be properly searched. The cloud researchers have made up security and privacy protection in cloud. In Online social networking access control is very important and only valid user must be allowed to access and store personal information, images and videos and all this data is stored in cloud. The goal is not just store the data securely in cloud it is also important to make secure that anonymity of user is ensured. The situation like user wants to comment on object but does not want to be known. But the user wants the other user to know that he is a valid user. In this paper two protocols Attribute Based Encryption(ABE) and Attribute Based Signature(ABS) are used. ABE and ABS are combined to offer legitimate access control without revealing the identity of the user. The important offerings of this paper are distributed access control that is only approved users with valid attributes can have entree to data in cloud. The users who stores and modify the data is verified. There are many KDCs for key management because of this the architecture is IJCSIET-ISSUE5-VOLUME2-SERIES1 Page 1

decentralized. No two users can join together and verify themselves to access data if they are not authenticated. There is no access of data for users who have been revoked. The process of invalidation or withdrawal of control by authority that is removal of license, name or position is revocation. The system is flexible to replay attacks. There is support for multiple read and write operations on data in cloud. The costs are analogous to centralized approaches and cloud performs the costly operations. II.Related Work Access control in clouds is gaining consideration on the grounds that it is imperative that just authorized clients have access to services. A colossal measure of data is constantly archived in the cloud, and much of this is sensitive data. Utilizing Attribute Based Encryption (ABE), the records are encrypted under a few access strategy furthermore saved in the cloud. Clients are given sets of traits and corresponding keys. Just when the clients have matching set of attributes, would they be able to decrypt the data saved in the cloud. [5][6] Studied the access control in health care. Access control is likewise gaining imperativeness in online social networking where users store their personal data, pictures, films and shares them with selected group of users they belong. Access control in online social networking has been studied in [7]. The work done by [8] gives privacy preserving authenticated access control in cloud. Nonetheless, the researchers take a centralized methodology where a single key distribution center(kdc) disperses secret keys and attributes to all clients. Unfortunately, a single KDC is not just a single point of failure however troublesome to uphold due to the vast number of clients that are upheld in a nature's domain. The scheme In [9] uses a symmetric key approach and does not support authentication. Multi-authority ABE principle was concentrated on in [10], which obliged no trusted power which requires each client to have characteristics from at all the KDCs. In spite of the fact that Yang et al. [11] proposed a decentralized approach, their strategy does not confirm clients, who need to remain anonymous while accessing the cloud. Ruj et al. [12] proposed a distributed access control module in clouds. On the other hand, the approach did not provide client verification. The other weakness was that a client can make and store an record and different clients can just read the record. write access was not allowed to clients other than the originator. Time-based file assured deletion, which is initially presented in [13], implies that records could be safely erased and remain forever difficult to reach after a predefined time. The primary thought is that a record is encrypted with an information key by the possessor of the record, and this information key is further encrypted with a control key by a separate key Manager. File Assured Deletion The policy of a file may be denied under the request by the customer, when terminating the time of the agreement or totally move the files starting with one cloud then onto the next cloud nature's domain. The point when any of the above criteria exists the policy will be repudiated and the key director will totally evacuates the public key of the associated file. So no one can recover the control key of a repudiated file in future. For this reason we can say the file is certainly erased. To recover the file, the user IJCSIET-ISSUE5-VOLUME2-SERIES1 Page 2

must ask for the key supervisor to produce the public key. For that the user must be verified. The key policy attribute based encryption standard is utilized for file access which is verified by means of an attribute connected with the file. With file access control the file downloaded from the cloud will be in the arrangement of read just or write underpinned. Every client has connected with approaches for each one file. So the right client will access the right file. For making file access the key policy attribute based encryption. File Access Control Ability to limit and control the access to host systems and applications via communication links. To achieve, access must be identified or authenticated. After achieved the authentication process the users must associate with correct policies with the files. To recover the file, the client must request the key manager to generate the public key. For that the client must be authenticated. The attribute based encryption standard is used for file access which is authenticated via an attribute associated with the file. With file access control the file downloaded from the cloud will be in the format of read only or write supported. Each user has associated with policies for each file. So the right user will access the right file. For making file access the attribute based encryption scheme is utilized. SECURITY OF THE PROTOCOL In this section, we will prove the security of the protocol. We will show that our scheme authenticates a user who wants to write to the cloud. A user can only write provided the cloud is able to validate its access claim. An invalid user cannot receive attributes from a KDC, if it does not have the credentials from the trustee. If a user s credentials are revoked, then it cannot replace data with previous stale data, thus preventing replay attacks to the user. III. COMPUTATION COMPLEXITY In this section, we present the computation complexity of the privacy preserving access control protocol. We will calculate the computations required by users (creator, reader, writer) and that by the cloud. Table 2 [14] presents notations used for different operations. The creator needs to encrypt the message and sign it. Creator needs to calculate one pairing eðg; gþ. Encryption takes two exponentiations to calculate each of C1;x. So this requires 2mET time, where m is the number of attributes. User needs to calculate three exponentiation to calculate C2;x and C3;x. So time taken for encryption is ð3m þ 1ÞE0 þ 2mET þ P. To sign the message, Y ;W;S0i s and Pjs have to be calculated as well as H(c) So, time taken to sign is The cloud needs to verify the signature. IV. COMPARISON WITH OTHER ACCESS CONTROL SCHEMES IN CLOUD We compare our scheme with other access control schemes (in Table 3)[8][12][13][15] and show that our scheme supports many TABLE 3 Comparison of Our Scheme with Existing Access Control Schemes TABLE 4[8][12][13][15] Comparison of Computation and Size of Cipher text While Creating a File TABLE 5[8][12][13][15] Comparison of Computation during Read and Write by User and Cloud features that the other schemes did not support. 1-W-M-R means that only one user can write while many users can read. M-W-M-R IJCSIET-ISSUE5-VOLUME2-SERIES1 Page 3

means that many user can read.we see that most schemes do not support many writes which is supported by our scheme. Our scheme is robust and decentralized; most of the others are centralized. Our scheme also supports privacy preserving authentication, which is not supported by others. Most of the schemes do not support user revocation, which our scheme does. In Tables 4 and 5, we compare the computation and communication costs incurred by the users and clouds and show that our distributed approach has comparable costs to centralized approaches. Cloud computing is a promising computing model which currently has drawn far reaching consideration from both the educational community and industry. By joining a set of existing and new procedures from research areas, for example, Service-Oriented Architectures (SOA) and virtualization, cloud computing is viewed all things considered a computing model in which assets in the computing infrastructure are given as services over the Internet. It is a new business solution for remote reinforcement outsourcing, as it offers a reflection of interminable storage space for customers to have data reinforcements in a pay-as-you- go way [1]. It helps associations and government offices fundamentally decrease their financial overhead of data administration, since they can now store their data reinforcements remotely to third-party cloud storage suppliers as opposed to keep up data centres on their own. Numerous services like email, Net banking and so forth are given on the Internet such that customers can utilize them from anyplace at any time. Indeed cloud storage is more adaptable, how the security and protection are accessible for the outsourced data turns into a genuine concern. The three points of this issue are availability, confidentiality and integrity. To accomplish secure data transaction in cloud, suitable cryptography method is utilized. The data possessor must encrypt the record and then store the record to the cloud. Assuming that a third person downloads the record, they may see the record if they had the key which is utilized to decrypt the encrypted record. Once in a while this may be failure because of the technology improvement and the programmers. To overcome the issue there is lot of procedures and techniques to make secure transaction and storage. V. CONCLUSION We have introduced a decentralized access control system with anonymous authentication, which gives client renouncement also prevents replay attacks. The cloud does not know the identity of the client who saves data, however just checks the client's certifications. Key dissemination is carried out in a decentralized manner. One limit is that the cloud knows the access strategy for each one record saved in the cloud. REFERENCES 1. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. A View of Cloud Computing. Comm. of the ACM, 53(4):50 58, Apr 2010. 2. Sushmita Ruj, Milos Stojmenovic and Amiya Nayak, Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS. 3. Wang, Q.Wang, K.Ren, N.Cao and W.Lou, Toward Secure and IJCSIET-ISSUE5-VOLUME2-SERIES1 Page 4

Dependable Storage Services in Cloud Computing, IEEE T.Services Computing, Vol. 5, no.2, pp. 220-232, 2012. 4. C.Gentry, A fully homomorphic encryption scheme, Ph.D. dissertation, Stanford University, 2009, http://www.crypto.stanford.edu/craig. 5. personal M. Li, S. Yu, K. Ren, and W. Lou, Securing health records in cloud computing: Patient-centric and fine-grained data access control in multi owner settings, in SecureComm, pp. 89 106, 2010. 6. S. Yu, C. Wang, K. Ren, and W. Lou, Attribute based data sharing with attribute revocation, in ACM ASIACCS, pp. 261 270, 2010. 7. S. Jahid, P. Mittal, and N. Borisov, EASIER: Encryption-based access control in social networks with efficient revocation, in ACM ASIACCS, 2011. 8. F. Zhao, T. Nishide, and K. Sakurai, Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems, in ISPEC, ser. Lecture Notes in Computer Science, vol. 6672. Springer, pp. 83 9 9. R. Lu, X. Lin, X. Liang, and X. Shen, Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing, Proc. Fifth ACM Symp. Information, Computer and Comm. Security (ASIACCS), pp. 282-292, 2010. 10. D.F. Ferraiolo and D.R. Kuhn, Role-Based Access Controls, Proc. 15th Nat l Computer Security Conf., 1992. 11. D.R. Kuhn, E.J. Coyne, and T.R. Weil, Adding Attributes to Role-Based Access Control, IEEE Computer, vol. 43, no. 6, pp. 79-81, June 2010. 12. M. Li, S. Yu, K. Ren, and W. Lou, Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-Owner Settings, Proc. Sixth Int l ICST Conf. Security and Privacy in Comm. Networks (SecureComm), pp. 89-106, 2010. 13. S. Yu, C. Wang, K. Ren, and W. Lou, Attribute Based Data Sharing with Attribute Revocation, Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS), pp. 261-270, 2010. 14. H.K. Maji, M. Prabhakaran, and M. Rosulek, Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance, IACR Cryptology eprint Archive, 2008. 15. J. Hur and D. Kun Noh, Attribute- Based Access Control with Efficient Revocation in Data Outsourcing Systems, IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 7, pp. 1214-1221, July 2011. IJCSIET-ISSUE5-VOLUME2-SERIES1 Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information