CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

Similar documents
Data defense in unpredictable Cloud Using Access Control and Access Time

Data Security Using Reliable Re-Encryption in Unreliable Cloud

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

How To Protect Your Data In A Cloud Environment

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Privacy Preservation and Secure Data Sharing in Cloud Storage

IMPLEMENTATION OF NETWORK SECURITY MODEL IN CLOUD COMPUTING USING ENCRYPTION TECHNIQUE

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

CLOUD STORAGE SYSTEM MANAGING SECURE FILE EXCLUSION

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

Outstanding Cloud Security Service For Modify Data Distribute In Cloud Method

Data management using Virtualization in Cloud Computing

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds

PRIVACY PRESERVING OF HEALTH MONITORING SERVICES IN CLOUD

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Keywords-- Cloud computing, Encryption, Data integrity, Third Party Auditor (TPA), RC5 Algorithm, privacypreserving,

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

A SECURE CLOUD WITH ADDITIONAL LAYER OF PROTECTION AND USER AUTHENTICATION

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

FADE: Secure Overlay Cloud Storage with File Assured Deletion

Secure Multi Authority Cloud Storage Based on CP- ABE and Data Access Control

Secure Data Sharing in Cloud Computing using Hybrid cloud

Semi-Trusted Authentication for Health Data in Cloud

Decentralized Access Control Schemes for Data Storage on Cloud

International Journal of Research in Advent Technology Available Online at:

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

ISSN: ISO 9001:2008 Certified International Journal of Engineering Science and Innovative Technology (IJESIT) Volume 2, Issue 3, May 2013

Role Based Encryption with Efficient Access Control in Cloud Storage

Secure Way of Storing Data in Cloud Using Third Party Auditor

Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption

Attribute Based Encryption with Privacy Preserving In Clouds

Enable Public Audit ability for Secure Cloud Storage

Secure Cloud Storage with File Assured Deletion

Efficient Secured Two Party Computing with Encrypted Data for Public Cloud L.Kalaivani, Dr.R.Kalpana

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

International Journal of Computer Engineering and Technology (IJCET), ISSN (Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &

A study on keyword searchable frameworks for efficient data utilization in cloud storage

KEY-POLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

Performance Evaluation Panda for Data Storage and Sharing Services in Cloud Computing

CP-ABE Based Encryption for Secured Cloud Storage Access

Public Auditing for Shared Data in the Cloud by Using AES

A Secure Decentralized Access Control Scheme for Data stored in Clouds

Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

Secure Sharing of Health Records in Cloud Using ABE

Implementation of Data Sharing in Cloud Storage Using Data Deduplication

Survey on Securing Data using Homomorphic Encryption in Cloud Computing

SURVEY ON: CLOUD DATA RETRIEVAL FOR MULTIKEYWORD BASED ON DATA MINING TECHNOLOGY

PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE

Towards Temporal Access Control in Cloud Computing

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

Isolated Distribution of Health Records in Cloud Computing using Attribute-Based Encryption

IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT

AN APPROACH TOWARDS FUNCTIONING OF PUBLIC AUDITABILITY FOR CLOUD ENRICHMENT

Analysis of Cloud access security on file system using secure policies

DECENTRALIZED ACCESS CONTROL TO SECURE DATA STORAGE ON CLOUDS

SECURITY FOR ENCRYPTED CLOUD DATA BY USING TOP-KEY TREE TECHNOLOGIES

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

Keywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.

Secure & Encrypted Accessing and Sharing of Data in Distributed Virtual Cloud

Application Based Access Control on Cloud Networks for Data Security

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

An Efficient Data Correctness Approach over Cloud Architectures

How To Make A Secure Storage On A Mobile Device Secure

POLICY BASED FILE ASSURED DELETION WITH SECURE OVERLAY CLOUD STORAGE

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

Protected Patients Data Centre in Cloud Computing

A Comparative Study of Applying Real- Time Encryption in Cloud Computing Environments

Highly Secure Data Sharing in Cloud Storage using Key-Pair Cryptosystem

A Survey on Privacy-Preserving Techniques for Secure Cloud Storage

CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH TRAITOR DETECTION

A Hierarchical Distributed Authority based Model for Security and Integrity in Cloud Computing

Securing Personal Health Records in Cloud Utilizing Multi Authority Attribute Based Encryption

Privacy-Preserving Public Auditing for Secure Cloud Storage

Providing Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Hey! Cross Check on Computation in Cloud

SECURITY THREATS TO CLOUD COMPUTING

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Verifying Correctness of Trusted data in Clouds

Cloud Data Storage Services Considering Public Audit for Security

Transcription:

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION Chandrala DN 1, Kulkarni Varsha 2 1 Chandrala DN, M.tech IV sem,department of CS&E, SVCE, Bangalore 2 Kulkarni Varsha, Asst. Prof. Department of CS&E, SVCE, Bangalore ABSTRACT In this paper, we propose a time-based re-encryption scheme using attribute-based encryption (ABE). This scheme is best suited for efficient data retrieval from the cloud, which enables the cloud to automatically re-encrypt the data based on the internal clock. It prevents the revoked users from decrypting the data using their old decryption keys. The naive solution is built on Attribute Based Encryption, an efficient data retrieval scheme that allows fine-grain access control based on internal clock of the server. Keywords-Attribute-based encryption, cloud computing, proxy re-encryption 1. INTRODUCTION Cloud is a distributed system where there are many cloud servers. In cloud environment the data owner s data is stored on multiple cloud servers. The cloud computing usage is rapidly growing because of the cost savings from outsourcing data to cloud service provider (CSP). A technique to protect the data from untrusted CSP is, the data owner to encrypt the outsourced data [1][2]. A Flexible encryption scheme like attribute based encryption (ABE) [3][4] is used, that provides fine-grained access control. ABE is first introduced by Sahai and Waters, provides a mechanism that ensures even when the storage is compromised, the loss of information will be minimal. ABE binds the access control policy to the data and users instead of having a server mediating access to files. In ABE, it encrypts the data using an access structure with different attributes. The user issues their attribute keys instead of decryption keys for specific files. Attributes of the user should satisfy the access structure to decrypt a particular file. For example, a file is encrypted using access structure {(a b) c } it means that either a user with attributes a and b, or a user with attribute c, can decrypt the file.in a secure cloud computing, the data will be stored in the encrypted form and issue the decryption keys to the authorized user. The problem in cloud lies in revoking access rights from users, whose permission is taken back, will still retain the earlier keys and they can still decrypts data in the cloud. A solution to this is to let the data owner to re-encrypt the data immediately, so that the revoked users cannot decrypt the data by using their old decryption keys. While distributing new keys to the remaining authorized users, it may lead to performance bottleneck where there is frequent users revocation. An alternative solution is to apply the proxy re-encryption (PRE) technique. PRE takes the advantage of the abundant resources from cloud by delegating the cloud to re-encrypt data [8], this approach is also known as command-driven re-encryption scheme, where cloud servers perform re-encryption while receiving commands from the data owner. Fig.1: A Typical Cloud Environment In Fig. 1, which should be propagated to CS1, CS2, and CS3? Due to a network outage, CS2 did not receive the command, and did not re-encrypt the data. At this time, if revoked users query CS2, they can obtain the old cipher text, and can decrypt it using their old keys.

A better solution is to allow each cloud server to independently re-encrypt data without receiving any command from the data owner. In this paper, we propose a secure re-encryption scheme in untrusted cloud. It is a time based re-encryption scheme, it enables cloud server to automatically re-encrypt the data based on server internal clock. The secure re-encryption in untrusted cloud combines the data with an access control and an access time. Each user is issued with a key that are associated with an attribute and attribute effective time. The data can be decrypted by the users using the keys with attribute effective time. The data owner and the CSP share a secret key, in which each cloud server can re-encrypt data by updating the data access time according to the cloud environment. A cloud is a distributed system, where a data owner s data is replicated on multiple servers for fast availability. The cloud as a distributed system experiences failures commonly, such as server crashes and network outages. So the re-encryption commands sent by the data owner may not propagate to all the cloud servers in a timely fashion. The proposed scheme is reliable re-encryption in unreliable clouds (R3 scheme for short) it is a timebased re-encryption scheme that enables the cloud server to automatically re-encrypt the data based on its internal clock. In proposed scheme the data is associated with access structure and access time. The keys generated and issued to users are associated with attributes and attribute effective time. The data is decrypted by the users using the keys that are associated with attributes satisfying the access structure, and attrib ute effective time. The main contributions of this paper are as follows: We propose an automatic, time-based, proxy re-encryption scheme suitable for cloud environment with unpredictable server crash and network outages. We extend an ABE scheme by incorporating timestamps to perform proxy re-encryption. Our solution does not require perfect clock synchronization among all the cloud servers to maintain correctness. 2. RELATED WORK Many researchers have proposed storing encrypted data in the cloud to define against the CSP [1][2]. Under this approach, users are revoked by having a third party to re-encrypt data such that previous keys can no longer decrypt any data [8]. The solution by [8] for instance, lets the data owner issues a re-encryption key to an untrusted server to re-encrypt the data. Their solution utilizes PRE [8], which allows the server to re-encrypt the stored cipher text that can only be decrypted using a different key. During the process, the server does not learn the content of the cipher text or the decryption keys. A Hierarchical Attribute-Based Encryption (HABE) model is combining a HIBE system and a CP- ABE system, to provide fine-grained access control and full delegation. Our scheme relies on time to re-encrypt data. However, in a cloud, the internal clock of each cloud server may differ. There have been several solutions to this problem. For instance, proposed a probabilistic synchronization scheme, for reading remote clocks in networks subject to unbounded random message delays. The method can be used to improve the precision of both internal and external synchronization algorithms. Message delay used to synchronize the clocks of their host processors, time server processors communicate among themselves by sending messages via communication networks. 3. PRELIMINARY A) System model The system consists of following subsystems. Data owner: Data owner will upload the files to the cloud and can update the contents of the file. It uses ABE to generate the keys for encrypting the file and stores in the cloud. Data User: The Data user requests for the particular file from cloud, the ABE generates keys for decryption and the user downloads the file. Cloud Storage Server: The encrypted data and keys will be stored in the cloud server, based o n server time it re-encrypts the file and stores in cloud.

B) Design model The main design goal is to protect the data in the cloud and providing security to data. The security requirements of R3 scheme are: 1. Access control correctness: A data user with valid keys can only decrypt the file. 2. Data consistency: The data user requests for a particular file F, should get the same contents in same time slice. 3. Data confidentiality: The contents of the file should be known only to the user with valid keys. 4. Efficiency: The cloud server should not re-encrypt the file without any data user request. C) Adversary model There are two types of adversaries in this system: CSP and malicious user. The CSP adversary is honest but it is curious, it executes the protocol correctly but it tries to get additional information about the stored data. It tries to learn the contents of the file that he is unauthorized to access. The adversary possesses invalid keys with incorrect attributes or time slice. The CSP and malicious adversaries may exist together. 3.1 Basic R3 Scheme In basic R3 scheme, the ideal condition is considered when the data owner and all the cloud servers share a synchronized clock and there should not be any transmission and queuing delays while executing read and write commands. A. Intuition At first, the data owner generates a shared secret key to the CSP, the data owner encrypts file with appropriate attribute structure and time slice and the data owner will uploads the file to t he cloud. The CSP will send copy of the file to many cloud servers which stores an encrypted file F with A and TSi. When a user queries the cloud server, the cloud server first uses its own clock to determine the current time slice and Assumes that the current slices is TSi+K, then the cloud server will automatically re-encrypted F with TSi+K without receiving any command from the data owner. During the process, the cloud server cannot learn or gain the contents of the cipertext and the decryption keys. Only users with keys satisfying A and TSi+K can decrypt the file F. B. Protocol Description The proposed R3 scheme relies on the following functions. 1)Setup ->(Public Key, Master Key, s) : At TS0, the data owner publishes the system public key and the system master key remains as secret. And send the shared secret keys to the cloud. 2)KeyGerenate(Public Key, Master key, s,public key of user, Attribute, Time) -> (Secrete Key of user, {Secrete Key period of user, Attribute}): If data owner wants to grant data user attributes with valid time period, the data owner generates Public key of user and {Secrete Key period of user, Attribute} using the system public key, the system master key, the shared secret key, user s public key, user s attributes and eligible time. 3)Encryption(public key, AccessStructure, s, TSt, File)-> (cipher text) :At time slice Tst, the data owner encrypts file with access structure, and produces cipher text using the system public key, time slice, and plain text file. 4)Decryption(Public Key, Cipher text, Secret key of user {secret key time of user, aij} 1<=j<=n ) -> File : At particular time slice TSt and the user U, who possesses version t attribute secret keys on all attributes in CCi, recovers the file by using the system public key, the user identity secret key, and the user attribute secret keys. 5)Re-Encryption(cipher text, s, TSt+k)-> Ct+k A : When the cloud server wants to return a data user with the file at TSt+k, it updates the ciphertext from CtA to Ct+KA using the shared secret key. The basic R3 description is divided into three stages: data owner initialization, data user read data and the data owner write data. 1) Data owner initialization: The data owner is an interface for the file uploaders. First it runs the Setup function to initiate the system. If the data owner wants to upload a file F to the cloud means, at first it defines an access

control A for file F, and determines the current time slice TSi. At last it runs the Encryption function with A and TSi to output the ciphertext. When the data owner wants to grant a set of attributes in a period of time to data user, it runs the KeyGenerate function with attributes and effective time to generate keys to the user. 2) Data user read data: Data user is an interface for the file downloader, If the data user wants to access file F at time period of TSi, then the user sends a read command R(F) to the cloud server. After receiving the read command R(F),the cloud server runs the Re-Encryption function to re-encrypt the file with time period TSi. On receiving ciphertext, the user runs the Decryption function using keys that satisfy A and TSi to recover F. 3) Data owner write data: When the data owner wants to write file F at TSi, then it will send a write command to the cloud server as W(F, seqnum), where seqnum is the order of the write command, it is necessary for ordering when data owner issues multiple write commands that has to take place in one time slice. After receiving the write command, the cloud server will commit it at the end of time period TSi. 4.SECURITY ANALYSIS The Encrypt algorithm in the Time scheme is the same as the Encryption algorithm in HABE that has been proven to be semantically secure. Therefore, we consider that the time scheme is secure if the following propositions hold: Proposition1. The keys produced by the KeyGenerate algorithm are secure. Proposition2. The cipher text produced by the Re-Encrypt algorithm is semantically secure. Proposition3. Given the root secret key and the original cipher text, the CSP can know neither the underlying data, while executing re-encryption. Algorithm: Extended R3 (Asynchronized clock with delays) While Receive write commands W (F, ti+1, seqnum) do If Current time is earlier than ti+1 + α then Build Window i for file F Commit write command in Window i at ti+1 + α Else Reject the write command Inform the data owner to send write command earlier While Receive a read request R (F, T Si) do If Current time is later than ti+1 + α then Re-encrypt the file in Window i with T Si Else Hold on the read command until ti+1 + α Access control correctness: It is clear that the correctness of access control is most vulnerable when a TS changes. Let us take an example of the case where Alice has keys with effective time up to TSi, and Bob has keys with effective time starting from TSi+1.Where assuming that the data owner updates file F to F such that a user querying the file at TSi should obtain F, and a user querying the file at TSi+1 should obtain F. The property of access control correctness fails if Alice is able to read F, or if Bob is able to read F. Data consistency: This property requires users that query within the same TS must receive the same data. Let us assume that both Alice and Bob have valid keys for the appropriate time slices, and we now want to show that so long as both Alice and Bob query within the same time slice, they must obtain the same data. Data confidentiality: In R3 scheme, we only store encrypted data in the cloud. Since this scheme preserves the data confidentiality operations from HABE scheme, and retain the same confidentiality properties, the cloud without knowledge of keys cannot learn any useful information about the stored data. Data efficiency: The cloud server does not re-encrypt a file until a data user requests that file. In the function Re-Encrypt, when k>1, the cloud server can combine the re-encrypt operations until receiving a file access request.

5.EXPERIMENTAL RESULT This section provides brief description about the implementation of proposed system and result. Implementation of proposed system is carried out using Java. Snapshot 1 explains, the key generation for the file which is uploaded into the cloud. It shows the random keys generated for encryption in data owner module.snapshot 2 shows the list of files that are uploaded to the cloud by the Data owner, user can select the particular file and he can download the file. Snapshot 3 shows the decryption of the file at the user end and the snapshot 4 shows the list of the files that are stored in the cloud, which is Amazon S3 cloud. Snapshot 1: Keys generation for Cloud cloud Snapshot 2: List of files in Snapshot 3: Decryption of file Snapshot 4: Files stored in Amazon S3 cloud 6. FUTURE ENHANCEMENT In future, the data owner can issue a valid user a special seed value, where the user can generate keys on his own. The challenge is to prevent the users from generating additional keys beyond their authorization. 7. CONCLUSION In this paper, we proposed the time based scheme to achieve fine grained access control based on the server s internal clock. Our scheme does not rely on the cloud to reliably propagate re-encryption commands to all servers to ensure access control correctness and our solution remains secure without perfect clock synchronization as long as we bound the time difference between the server and the data owner.

REFERENCES [1] S. Kamara and K. Lauter, Cryptographic cloud storage, Financial Cryptography and Data Security, 2010. [2] M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica, A view of cloud computing, Communications of the ACM, 2010. [3] A. Sahai and B. Waters, Fuzzy identity-based encryption, Advances incryptology EUROCRYPT, 2005. [4] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proc. Of ACM,2006. [5] Qin Liu, Chiu C. Tan, Jie Wu, and Guojun Wang Reliable Re-encryption in Unr Unreliable Clouds in IEEE Globecom 2011 proceedings. [6] N. Antonopoulos and L. Gillam, Cloud Computing: Principles, Systems and Applications, Springer Publishing Company, 2010. [7] A. Boldyreva, V. Goyal, and V. Kumar, Identity-based encryption with efficient revocation, in Proc. of ACM CCS, 2008. [8] G. Wang, Q. Liu, and J. Wu, Hierarchical attribute-based encryption for fine-grained access control in cloud storage services, in Proc. Of ACM CCS (Poster), 2010. [9] S. Yu, C. Wang, K. Ren, and W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in Proc. of IEEE INFOCOM, 2010. [10] F. Cristian, Probabilistic clock synchronization, Distributed Computing, 1989.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information