Key Distribution Centre with Privacy Preserving Authentication Data Storage in Clouds



Similar documents
A Secure Decentralized Access Control Scheme for Data stored in Clouds

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Attribute Based Encryption with Privacy Preserving In Clouds

Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption

Data Storage Security Based on Decentralized Access Control without Knowing Client s Identity in Cloud

DECENTRALIZED ACCESS CONTROL TO SECURE DATA STORAGE ON CLOUDS

MULTI ATTRIBUTE BASED SECURITY AND KEY DISTRIBUTION FOR SECURE STORAGE IN CLOUDS

Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage.

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage.

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Localized Approach Management with Unknown of Accumulation Stored In Cloud Repository

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

KEY-POLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Data management using Virtualization in Cloud Computing

Providing Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

PRIVACY PRESERVING OF HEALTH MONITORING SERVICES IN CLOUD

Privacy Preservation and Secure Data Sharing in Cloud Storage

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Secure Multi Authority Cloud Storage Based on CP- ABE and Data Access Control

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

Secure Data Sharing in Cloud Computing using Hybrid cloud

Role Based Encryption with Efficient Access Control in Cloud Storage

Multi-Owner Data Sharing in Cloud Storage Using Policy Based Encryption

IMPLEMENTATION OF NETWORK SECURITY MODEL IN CLOUD COMPUTING USING ENCRYPTION TECHNIQUE

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Decentralized Firewall for Attribute-Based Encryption with Verifiable and Revocable Cloud Access Control

Data Grid Privacy and Secure Storage Service in Cloud Computing

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Keywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Performance Evaluation Panda for Data Storage and Sharing Services in Cloud Computing

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

A Novel Framework for Cloud Environment Using CPDP for Data Integrity and Security

International Journal of Advance Research in Computer Science and Management Studies

Improving data integrity on cloud storage services

SURVEY ON: CLOUD DATA RETRIEVAL FOR MULTIKEYWORD BASED ON DATA MINING TECHNOLOGY

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

How To Ensure Data Integrity In Cloud Computing

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Enabling Public Auditing for Secured Data Storage in Cloud Computing

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Data Security Using Reliable Re-Encryption in Unreliable Cloud

Ranked Search over Encrypted Cloud Data using Multiple Keywords

DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems

Secure Cloud Transactions by Performance, Accuracy, and Precision

Secured Image Sharing and Deletion in the Cloud Storage Using Access Policies

COMPUSOFT, An international journal of advanced computer technology, 4 (4), April-2015 (Volume-IV, Issue-IV)

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

ADVANCE SECURITY TO CLOUD DATA STORAGE

Ranked Keyword Search Using RSE over Outsourced Cloud Data

CP-ABE Based Encryption for Secured Cloud Storage Access

Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing

ISSN Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

A Survey on Privacy-Preserving Techniques for Secure Cloud Storage

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

Transcription:

Key Distribution Centre with Privacy Preserving Authentication Data Storage in Clouds A.Madhu Kiran 1,G. Prashanthi 2, M. Rudra Kumar 3 1 M.Tech (CSE), Dept of CSE, Annamacharya Institute of Technology and Sciences, Rajampet,Kadapa. 2 M.Tech (CSE), Dept of CSE, Annamacharya Institute of Technology and Sciences, Rajampet, Kadapa. 3 Associate Professor, Dept of CSE, Annamacharya Institute of Technology and Sciences, Rajampet, Kadapa. ABSTRACT: We propose a new decentralized access control scheme for secure data storage in clouds that supports anonymousauthentication. In the proposed scheme, the cloud verifies the authenticity of the series withoutknowing the user s identity before storingdata. Our scheme also has the added feature of access control in which only valid users are able to decrypt the stored information. Thescheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. We also address userrevocation. Moreover, our authentication and access control scheme is decentralized and robust, unlike other access control schemesdesigned for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralizedapproaches. Index Terms Access control, authentication, attribute-based signatures, attribute-based encryption, cloud storage I.INTRODUCTION Research in cloud computing is receiving a lot ofattention from both academic and industrial worlds.in cloud computing, users can outsource their computationand storage to servers (also called clouds) using Internet.This frees users from the hassles of maintaining resourceson-site. Clouds can provide several types of services likeapplications (e.g., Google Apps, Microsoft online), infrastructures (e.g., Amazon s EC2, Eucalyptus, Nimbus), andplatforms to help developers write applications (e.g.,amazon s S3, Windows Azure).Much of the data stored in clouds is highly sensitive, forexample, medical records and social networks. Security and privacy are, thus, very important issues in cloud computing.in one hand, the user should authenticate itself beforeinitiating any transaction, and on the other hand, it must beensured that the cloud does not tamper with the data that isoutsourced. User privacy is also required so that the cloudor other users do not know the identity of the user. Thecloud can hold the user accountable for the data itoutsources, and likewise, the cloud is itself accountablefor the services it provides. The validity of the user whostores the data is also verified. Apart from the technicalsolutions to ensure security and privacy, there is also a needfor law enforcement. Security and privacy protection in clouds are beingexplored by many researchers. Wang et al. [2] addressedstorage security using Reed-Solomon

erasure-correctingcodes. Authentication of users using public key cryptographictechniques has been studied in [5]. Many homomorphicencryption techniques have been suggested [6], [7]to ensure that the cloud is not able to read the data whileperforming computations on them. Using homomorphicencryption, the cloud receives ciphertext of the data andperforms computations on the ciphertext and returns theencoded value of the result. The user is able to decode theresult, but the cloud does not know what data it hasoperated on. In such circumstances, it must be possible forthe user to verify that the cloud returns correct results. Accountability of clouds is a very challenging task andinvolves technical issues and law enforcement. Neitherclouds nor users should deny any operations performed orrequested. It is important to have log of the transactionsperformed; however, it is an important concern to decide how much information to keep in the log. II.RELATED WORK ABE was proposed by Sahai and Waters [26]. In ABE, a userhas a set of attributes in addition to its unique ID. There aretwo classes of ABEs. In key-policy ABE or KP-ABE (Goyalet al. [27]), the sender has an access policy to encrypt data. Awriter whose attributes and keys have been revoked cannot write back stale information. The receiver receives attributesand secret keys from the attribute authority and is able todecrypt information if it has matching attributes. InCiphertext-policy, CP-ABE ([28], [29]), the receiver has theaccess policy in the form of a tree, with attributes as leavesand monotonic access structure with AND, OR and otherthreshold gates. All the approaches take a centralized approach and allow only one KDC, which is a single point of failure.chase [30] proposed a multiauthority ABE, in which thereare several KDC authorities (coordinated by a trustedauthority) which distribute attributes and secret keys tousers. Multiauthority ABE protocol was studied in [31] and[32], which required no trusted authority which requiresevery user to have attributes from at all the KDCs. Recently,Lewko and Waters [35] proposed a fully decentralized ABEwhere users could have zero or more attributes from eachauthority and did not require a trusted server. In all thesecases, decryption at user s end is computation intensive. So,this technique might be inefficient when users access usingtheir mobile devices. To get over this problem, Green et al.[33] proposed to outsource the decryption task to a proxy server, so that the user can compute with minimum resources (for example, hand held devices). However, thepresence of one proxy and one KDC makes it less robustthan decentralized approaches. Both these approaches hadno way to authenticate users, anonymously. Yang et al. [34]presented a modification of [33], authenticate users, whowant to remain anonymous while accessing the cloud.to ensure anonymous user authentication ABSs wereintroduced by Maji et al. [23]. This was also a centralizedapproach. A recent scheme by Maji et al. [24] takes adecentralized approach and provides authentication withoutdisclosing the identity of the users. However, as mentionedearlier in the previous section it is prone to replay attack. III.PROPOSED PRIVACY RESERVING In this section, we propose our privacy preservingauthenticated access control scheme. According to ourscheme a user can create a file and

store it securely in thecloud. This scheme consists of use of the two protocols ABEand ABS, as discussed in Sections 3.4 and 3.5, respectively.we will first discuss our scheme in details and then providea concrete example to demonstrate how it works. We referto the. Creator Alice receives a token _ from the trustee,who is assumed to be honest. A trustee can be someone likethe federal government who manages social insurancenumbers etc. On presenting her id (like health/socialinsurance number), the trustee gives her a token _. Thereare multiple KDCs (here 2), which can be scattered. Forexample, these can be servers in different parts of the world.a creator on presenting the token to one or more KDCs receives keys for encryption/decryption and signing. In the, SKs are secret keys given for decryption, Kx are keysfor signing. The message MSG is encrypted under theaccess policy X. The access policy decides who can accessthe data stored in the cloud. The creator decides on a claimpolicy Y, to prove her authenticity and signs the messageunder this claim. A.Reading from the Cloud When a user requests data from the cloud, the cloud sendsthe ciphertext C using SSH protocol. Decryption proceedsusing algorithm ABE:DecryptðC; fski;ugþ and the messagemsg is calculated as given in Section 3.4.4. B.Writing to the Cloud To write to an already existing file, the user must send itsmessage with the claim policy as done during file creation.the cloud verifies the claim policy, and only if the user isauthentic, is allowed to write on the file. C.User Revocation We have just discussed how to prevent replay attacks. Wewill now discuss how to handle user revocation. It shouldbe ensured that users must not have the ability to accessdata, even if they possess matching set of attributes. For thisreason, the owners should change the stored data and sendupdated information to other users. D.Data Storage in Clouds A user Uu first registers itself with one or more trustees. Forsimplicity we assume there is one trustee. The trustee givesit a token _ ¼ ðu;kbase;k0; _Þ, where _ is the signature onukkbase signed with the trustees private key TSig (by (6)).The KDCs are given keys PK½i_; SK½i_ for encryption/decryption and ASK½i_;APK½i_ for signing/verifying. Theuser on presenting this token obtains attributes and secret keys from one or more KDCs. A key for an attribute xbelonging to KDC Ai is calculated as Kx ¼ K1=ðaþbxÞbase, whereða; bþ 2 ASK½i_. The user also receives secret keys skx;u forencrypting messages. The user then creates an access policyx which is a monotone Boolean function. The message isthen encrypted under the access policy asc ¼ ABE:EncryptðMSG; XÞ: ð12þthe user also

constructs a claim policy Y to enable the cloudto authenticate the user. The creator does not send the message MSG as is, but uses the time stamp and createshðcþk. This is done to prevent replay attacks. If the timestamp is not sent, then the user can write previous stalemessage back to the cloud with a valid signature, evenwhen its claim policy and attributes have been revoked. Theoriginal work by Maji et al. [24] suffers from replay attacks.in their scheme, a writer can send its message and correctsignature even when it no longer has access rights. In ourscheme a writer whose rights have been revoked cannotcreate a new signature with new time stamp and, thus,cannot write back stale information. IV.COMPARISON WITH OTHER ACCESS CONTROLSCHEMES IN CLOUD We compare our scheme with other access control schemes(in Table 3) and show that our scheme supports manycomparison of Our Scheme with Existing Access Control SchemesComparison of Computation and Size of Ciphertext While Creating a FileComparison of Computation during Read and Write by User and Cloudfeatures that the other schemes did not support. 1-W-M-Rmeans that only one user can write while many users canread. M-W- M-R means that many users can write and read. We see that most schemes do not support many writeswhich is supported by our scheme. Our scheme is robustand decentralized, most of the others are centralized. Ourscheme also supports privacy preserving authentication,which is not supported by others. Most of the schemes donot support user revocation, which our scheme does. In Tables 4 and 5, we compare the computation and communicationcosts incurred by the users and clouds and showthat our distributed approach has comparable costs tocentralized approaches. The most expensive operationsinvolving pairings and is done by the cloud. If we comparethe computation load of user during read we see that ourscheme has comparable costs. Our scheme also compareswell with the other authenticated scheme of [15]. V.CONCLUSION We have presented a decentralized access control techniquewith anonymous authentication, which provides userrevocation and prevents replay attacks. The cloud doesnot know the identity of the user who stores information,but only verifies the user s credentials. Key distribution isdone in a decentralized way. One limitation is that thecloud knows the access policy for each record stored in the cloud. In future, we would like to hide the attributes andaccess policy of a user. VI.REFERENCES [1] S. Ruj, M. Stojmenovic, and A. Nayak, Privacy Preserving AccessControl with Authentication for Securing Data in Clouds, Proc.IEEE/ACM Int l Symp. Cluster, Cloud and Grid Computing, pp. 556-563, 2012. [2] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, TowardSecure and Dependable Storage Services in Cloud Computing, IEEE Trans. Services Computing, vol. 5, no. 2, pp. 220-232, Apr.-June 2012.

[3] J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, FuzzyKeyword Search Over Encrypted Data in Cloud Computing, Proc. IEEE INFOCOM, pp. 441-445, 2010. [4] S. Kamara and K. Lauter, Cryptographic Cloud Storage, Proc.14th Int l Conf. Financial Cryptography and Data Security, pp. 136-149, 2010. [5] H. Li, Y. Dai, L. Tian, and H. Yang, Identity- Based Authenticationfor Cloud Computing, Proc. First Int l Conf. Cloud Computing(CloudCom), pp. 157-166, 2009. [6] C. Gentry, A Fully Homomorphic Encryption Scheme, PhDdissertation, Stanford Univ., http://www.crypto.stanford.edu/craig, 2009. [7] A.-R. Sadeghi, T. Schneider, and M. Winandy, Token-BasedCloud Computing, Proc. Third Int l Conf. Trust and TrustworthyComputing (TRUST), pp. 417-429, 2010. [8] R.K.L. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M.Kirchberg, Q. Liang, and B.S. Lee, Trustcloud: A Frameworkfor Accountability and Trust in Cloud Computing, HP TechnicalReport HPL-2011-38, http://www.hpl.hp.com/techreports/ 2011/HPL-2011-38.html, 2013. [9] R. Lu, X. Lin, X. Liang, and X. Shen, Secure Provenance: TheEssential of Bread and Butter of Data Forensics in CloudComputing, Proc. Fifth ACM Symp. Information, Computer andcomm. Security (ASIACCS), pp. 282-292, 2010.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information