Efficient Secured Two Party Computing with Encrypted Data for Public Cloud L.Kalaivani, Dr.R.Kalpana



Similar documents
IMPLEMENTATION OF NETWORK SECURITY MODEL IN CLOUD COMPUTING USING ENCRYPTION TECHNIQUE

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

Role Based Encryption with Efficient Access Control in Cloud Storage

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Towards Temporal Access Control in Cloud Computing

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Highly Secure Data Sharing in Cloud Storage using Key-Pair Cryptosystem

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Secure Data Sharing in Cloud Computing using Hybrid cloud

KEY-POLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD

Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud

Application Based Access Control on Cloud Networks for Data Security

An Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment Based on RSA Signature Assumption

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Data management using Virtualization in Cloud Computing

A SECURE FRAMEWORK WITH KEY- AGGREGATION FOR DATA SHARING IN CLOUD

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

Secure Multi Authority Cloud Storage Based on CP- ABE and Data Access Control

Privacy Preservation and Secure Data Sharing in Cloud Storage

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

DECENTRALIZED ACCESS CONTROL TO SECURE DATA STORAGE ON CLOUDS

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

Secure Cloud Storage using Multi Attribute Authority with Multi Central Authority

Data Security Using Reliable Re-Encryption in Unreliable Cloud

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

A Secure Decentralized Access Control Scheme for Data stored in Clouds

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

A SECURE CLOUD WITH ADDITIONAL LAYER OF PROTECTION AND USER AUTHENTICATION

Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

CP-ABE Based Encryption for Secured Cloud Storage Access

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

Security System in Cloud Computing for Medical Data Usage

Implementation of Data Sharing in Cloud Storage Using Data Deduplication

AN EFFICIENT AUDIT SERVICE OUTSOURCING FOR DATA IN TEGRITY IN CLOUDS

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

Hybrid Cryptographic Framework for Multimedia Data Storage over Cloud

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Attribute Based Encryption with Privacy Preserving In Clouds

Performance Evaluation Panda for Data Storage and Sharing Services in Cloud Computing

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing

A REVIEW ON ENHANCING DATA SECURITY IN CLOUD COMPUTING USING RSA AND AES ALGORITHMS

A SELF-DESTRUCTION SYSTEM FOR DYNAMIC GROUP DATA SHARING IN CLOUD

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

How To Protect Your Data In A Cloud Environment

Analysis of Different Access Control Mechanism in Cloud

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method

Attributed-based Access Control for Multi-Authority Systems in Cloud Storage

Guntur (Dt.) Andhra Pradesh, India

SECURITY STORAGE MODEL OF DATA IN CLOUD Sonia Arora 1 Pawan Luthra 2 1,2 Department of Computer Science & Engineering, SBSSTC

A Survey of Various Data Sharing with Secure Data in Cloud

A Novel Framework for Cloud Environment Using CPDP for Data Integrity and Security

How To Ensure Data Integrity In Cloud Computing

Security over Cloud Data through Encryption Standards

COMPUSOFT, An international journal of advanced computer technology, 4 (4), April-2015 (Volume-IV, Issue-IV)

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Enabling Public Auditability, Dynamic Storage Security and Integrity Verification in Cloud Storage

Secure Sharing of Health Records in Cloud Using ABE

A Road Map on Security Deliverables for Mobile Cloud Application

HYBRID ENCRYPTION FOR CLOUD DATABASE SECURITY

Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Transcription:

Efficient Secured Two Party Computing with Encrypted Data for Public Cloud L.Kalaivani, Dr.R.Kalpana Abstract In this project we intervened certificateless encryption plan without matching operations for safely imparting public cloud. Intervened certificateless open key encryption (mcl-pke Mediated certificateless public key encryption) takes care of the key escrow issue in identity based encryption and testament repudiation issue in public cloud key cryptography. In existing mcl-pke plans are wasteful in utilization of costly blending operations or helpless against incomplete unscrambling assaults. With a specific end goal to address the execution and security issues, in this project, we first propose a mcl-pke plan without utilizing matching operations. We apply our mcl-pke plan to develop a down to earth answer for the issue of offering touchy data out in the open mists. The cloud is utilized as a protected stockpiling and a key era focus. In our framework, the information manager scrambles the delicate information utilizing the cloud produced clients' open keys focused around its get to control arrangements and transfers the scrambled information to the cloud. Upon effective approval, the cloud incompletely unscrambles the encoded information for the clients. The clients in this manner completely unscramble the halfway decoded information utilizing their private keys. The secrecy of the substance and the keys is safeguarded as for the cloud, in light of the fact that the cloud can't completely unscramble the data. We additionally propose an augmentation to the above methodology to enhance the effectiveness of encryption at the information manager. Finally we execute our mcl-pke plan and the general cloud based framework with the help of proxy, in order to access data if users lost their certificate or key. Index Terms Cloud Computing, Proxy Re- encryption, Attribute based Encryption,Cloud Security I. INTRODUCTION Cloud computing is a term for any thing that involves delivering services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a- Service(IaaS), Platform-as-a-Service (PaaS) and Software-as- a-service(saas).the name cloud computing was stimulated by the cloud symbol that's used to represent the Internet in network diagrams.cloud as awhole is not a new technology Manuscript received March 19, 2015 L.Kalaivani, Department of Computer Science & Engineering, IFET College of Engineering. Dr.R.Kalpana, Professor, Department of Computer Science & Engineering, IFET College of Engineering. that has emerged,but it has used all other boomed technologies in recent years to provide the best of all services. Cloud came into reality using a method called Virtualization.Virtualization is nothing but an abstract of the resources that are available. The Infrastructure-as-a- Service(IaaS) provider likeamazon Web Services provides virtual server instances with unique IPaddresses and provides blocks of storage on demand. Customer susethe provider's Application Program Interface(API) to start,stop,access and configure their virtual servers and storage. Currently the secured data storage mechanism in cloudisstill in surfacing stage and it is not very popular across organization and individual users. Primary reasons of low usage are data security and Internet availability. The computational cost for pairing is high compared to other standard operations. Mediated certificate less pulic key encryption (mcl-pke) scheme avoids the pairing operations. The certificate management is very expensive and complex. It reduces the certificate management complexity. It is secured against partial decryption attacks. The data canbe encrypted once for several users and avoids the overhead of the data owner. It guarantees the validity of user s public key without the certificate. The sharing of secure data is achieved by this scheme. II.RELATEDWORKS Attribute Based Encryption (ABE) RSA algorithm [1]in this access control system, each cipher text is lrsaled by encryptor with a set of descriptive attributes. Each private key is associated with an access structure that specifies which type of cipher texts the key can decrypt. It only permits an authority to issue private keys that express threshold access policies, in which a certain number of specified attributes need to be present in the cipher text in order for a user to decrypt. Access tree structure is used to construct the key. In the tree construction, each non leaf node represents a threshold gate and leaf node of the tree is described by an attribute and threshold valueas1.the cipher texts are provided with a set of descriptive attributes. Private keys re identified by a tree- access structure in which each interior node of the tree is a threshold gate and the leaves are associated with attributes. A user will be able to decrypta ciphertext with a given key if and only if there is an assignment of attributes from the cipher texts to nodes of the tree such that the tree is satisfied. Once the key is obtained, re-randomization is applies over the key using random polynomial. 31

Efficient Secured Two Party Computing with Encrypted Data for Public Cloud KeyPolicy-Attribute based encryption (KP-RSA) [3].This technique was introduced bygoyalet.al.to provide access control in the cloud environment.for the purpose of helping the data owner to enjoy fine-grained access control of data stored on untrusted cloud servers, a feasible solution is provided by encrypting data through certain cryptographic primitives, and is closing decryption keys only to authorized users. Unauthorized users, including cloud servers, are not able to decrypts ince they do not have the data decryption keys. It uses Decision albi linear Diffie-Hellman assumption long with the linear secret sharing scheme. It considers the nonmonotone attributes forassigningpolicies.onecriticalissueinthis approachishowtoachievethedesiredsecurity goalswithout introducingahighcomplexity onkeymanagementanddata encryption. Toresolvethisissue,perfileAccessControlList (ACL)forfine-grainedaccesscontrolisintroduced.Several filegroupsforefficiency.asthesystemscales,however, the complexityoftheacl-basedscheme would beproportionalto the number of users in the system. The file group-based scheme,onthe otherhand,is just able to providecoarsegraineddataaccesscontrol.itactuallystillremainsopen tosimultaneously achievethegoalsoffine-grainedness, scalability,anddataconfidentiality fordataaccesscontrolin cloudcomputing. CiphertextPolicy-Attributebased encryption (CP- RSA) [4].Thistechniqueisproposed by JohnBethencourt et.al.inthiseachuserisassociated withasetofattributes. Usersecretkeyisassociated withanaccessstructure. Dataare encryptedoverasetofattributes.decryption ofdatarequires thedataattributestosatisfytheuseraccess structure.to detect illegal user, their identities IDs should be included in the privatekeyofattributelistl.thereisnouseridinformation intheciphertext.thisschememakesuseofbilinear map assumptionswheretheattributeisattachedtotheprivatekeyof thedifferentusers.ittakestheadvantage ofownerhavingthe controlofdistribution ofdata.itisresistanttomultiple collusionattack. Hierarchical AttributeSetBasedEncryption [10] ThisRSAisproposedbyZhiguoWanet.al forprovidingaccesscontrol. TheRSAmodelconsistsofa rootmaster(rm)thatcorresponds tothethirdtrustedparty (TTP),multipledomainmasters(DMs)inwhomthetop-level DMs correspond to multiple enterprise users, and numerous users that correspond to all personnel in an enterprise. The RM, whose role closely follows the root Private key Generator (PKG) RSA system is responsible for the generation and distribution of system parameters and domain keys. The DM, whose role integrates both the properties of the domain PKG in a HIBE system and in a CP-RSA system, is responsible for delegating keys to DMs at the next level and distributing keys to users. The leftmost DM enable the second level to administer all the users in a domain, just as the personnel office administers all personnel in an enterprise, and not to administer any attribute. The other DMs administer an arbitrary number of disjoint attributes, and have full control over the structure and semantics of their attributes. In the RSA model, each DM and attribute is assigned a unique identifier (ID), but marks each user with both an ID and a set of descriptive attributes. Then an entity s secret key is extracted from the DM administering itself, and an entity s public key, which denotes its position in the RSA model, to be an ID tuple consisting of the public key of the DM administering itself and its ID, e.g., the public key of DMi with IDiis in the form of (PKi 1; IDi), the public key of user U with IDu is in the form of (PKu-1; IDu), where PKi 1, PKu-1are assumed to be the public keys of the DMs that administer DMi, U respectively.this scheme uses ciphertext policy based encryption along with the hierarchical identity based encryption. It provides unique identifier to each user along with their descriptive attribute structure. III. SYSTEM STRUCTURE A system structure of privacy preserving cloud storage using mcl-pke scheme is 3. Encrypt & upload & decrypt Owner 5. Download to Re-encrypt 2. Keys 1. Register User 4. Download Fig1:SystemArchitecture As shown in figure 1 the scheme consists of three major entities: owner, cloud, user. Data owner will receive the registration request from the user. Then the request is forwarded to the cloud. After registration key is generated and stored in public cloud. Data owner can encrypt the data and stores the encrypted data. In our scheme RSA algorithm is used for encryption. User can login into the account and runs the algorithm using his private key. Then the user can decrypt the data. Proxy is supported in order to access data if user lost his key or certificate. The login details can be regenerated through the proxy. In dynamic scenario users may join or leave and group structure will be changing often. The key that has todevised for specific user should have validity only till the member remains in the group,otherwise key should get expired. Moreover attributes cannot be defined unique for each user and one-to-one mapping between user and attributes cannot be done. IV.SECURITYOUTLINE Cloud In this proposed system, it allows any user to have their data secured through encryption amongs teach data is shared between different sharers according to the control what they have on data.it uses proxyre-encryption scheme that emphasis security to be given by cloud leveraging the work done by the user.to achieve this,hierarchical identity role based proxyre- 32

encryptionschemeisproposed.itallowsausertoencrypt his dataunderhisidentity toprotecthisdatafromleakingand,at thesametime,todelegatehisdatamanagementcapabilityto thecloud.furthermore theusercoulddelegate hisaccess controlcapabilitytothecloud,whichcouldgranttheaccess of anauthorizeduserundertheroleheplays,consideringhis placeinhishierarchy,andbytransforming theciphertext encryptedwiththedataowner sidentity totheonewiththe sharer sidentity. Thedatasharer,whohadalready registeredwithdata owner,isprovidedwiththesecretkey.thatsecretkey isused for proxy re-encryption scheme by the cloud. So that the sharers inthefutureusingtheirsecretkey generated could decryptdatabasedon their identity.the differentsharer s identitycorresponding todifferentproxyre-encryptionkeyis generatedatthetimeoftheirregistration.whenthe dataowner providestheproxyre-encryptionkeytothecloud,thecloud canconverttheciphertext outsourced bythedataownertothe ciphertextthatcanbedecryptedbythe sharers. Theillustration isgiven intable1.inthisthedata owner uploads the encrypted file to the cloud. Then the cloud performstheproxy-re-encryption usingthesharer sidentity andstoresitinthedatabase.whenevertheuserwantstoaccess thefileheretrievesitbydecrypting thefileusinghissecret identity. Table1:TaskSchedule DataOwner Cloud DataSharer Encryptsdata Stores Data Registers givenbydata itself for owner Authorization with Data Owner Authorizes datasharer Applies Proxy Re- Requestsdata fromcloud encryption Provides secretkey Sendsdatato thesharer Decrypts the datausingits secretkey A.SystemSetu p: Inthisphase,importanttasksaredone.Initially security parameter istakenasinput.ithelpstodesigntheaccesstree under which the message is encrypted. It outputs the parameterspublicandprivatekey(pua,pra).each userinthe system isassociatedwithaccessstructurewhichspecifiesthe attributesassociatedwiththeusersdecryptionkey. B.KeyGeneration. Therandomalgorithmwhichtakesthesetofattributes Attiand PrivateKey PRaasinput andoutputs thekey DKbfor decryptionbasedon setofattributesinthelist. C.DataEncrypti on: TherandomalgorithmwhichtakesPublickey,Messa gem andaccesstreeasinputoverthesetofattributes. The CiphertextCiisproduced. Theciphertextindeedwillcontain theaccessstructurewithinitfor decryption. Fig2:FileStructure Ci=(PUa;E(PRa,M))(1) Ci=(PUa,AS:(ID,R,H)) (2) Thekeysforencryptionaregeneratedwheneverthedat aowner choosesafileforuploading.thedataownerencryptsthedatabas edonpublickeyparameters andaccessstructureisdefined overtheciphertext usingtheciphertext header.afterthedata beingplacedinthecloud,thecloudservice providerwill performtheproxyre-encryptionovertheencrypteddata. D.Datashar ing: Inthisphasetheproxyre-encryption schemeallowsthegiven proxyre-encryption keytotranslatetheciphertextwhichis encryptedunderpuaintociphertextofthedatasharerunder thetheir publickey.eachsharerhasto registerwiththesystem andobtaina secretkeycorrespondingto hisidentityandrolein the hierarchy, sk=hash(id+role)=hirbe(idru) (3) The secretkeyisgeneratedasthehash functionofthesharer s identity.there-encryptionkeyskwillbeusedbythecloudto transform theciphertextcitotheciphertextundersharer s secretkey. Thedataownerneednotbeonline alwayssothedataowner forwards sktothecloudwhichmeansthatthecloudis delegatedto managethedataonbehalfoftheowner.thecloud candeploy there-encryptkeysktopermittheauthorizeduser togettheciphertextdecryptedwithhisownsecretkey. E.Dataacc ess: Thedatasharerinitially generatesthedatafilerequesttothe cloudserver.thecloudserverwhichmaintains thesecretkey on behalf of the data owner will sendtherequested datatothe 33

Efficient Secured Two Party Computing with Encrypted Data for Public Cloud data sharer. The data sharer will decrypt the file using the secre tkey. Ci=(E(IRBE(IDs),(c(f))))=(E(sk,(F.e(PRa))))(4) Then the sharer fetches there-encrypted data from the cloud servers, and runs the Decrypt algorithm on Mi with his secret key to obtain the D(F)=C(F)=Dec(sk,C) (5) Then for obtaining the original file uploaded by the owner, the user have to perform another decryption using the owner s publickey(pua). The original file is generate das F=Dec(PUa,D(F)) (6) Any sharer can obtain the required file with the permission of the data owner. V.RESULTANALYSIS The implementation uses the cprsa toolkit that use spairing Based Cryptography library.the data owner encrypts a file to create a new encrypted file. The time required for the operation depends on the access tree and key structure. The number of attributes is assumed to be 30 and the relation between number of attributes and key generation time is compared. Also number of attributes and the decryptiontime is compared. Table 2 : No. of Grant Number of Attributes Key Generation Time (s) Authority Grant 10 0.2 2 20 0.4 5 30 0.6 6 40 0.8 9 50 1.0 11 The table2 shows the number of authorization grant given by the higher authority considering different number of attributes for various key generation time. Figure 3 shows the encrypted file storage in the cloud. Fig3: OUTPUT SCREEN VI.CONCLUSION&FUTURE SCOPE In this paper, Hierarchical, identity and role attribute based encryption scheme is explored. It offers fine-grained access control of data and also guarantees the data privacy in the cloud. The communication and computation cost of the user is highly reduced since the proxy encryption and secret key allocation is pushed to cloud service provider side. The scheme also lets the data owner not to be online always. At the same time, the cost of updating of access policy and communication is also reduced in this mechanism. Each user has an identical key based on their identity there will be no duplicates. Each user is registered with the administrator and the user only knows the secret key and owner there will be no unauthorized access. As the data is forwarded to the cloud in encrypted format, it does not have any knowledge about the data. Though the intruders get the data from the cloud they cannot decrypt the data. As the encrypted data as the double wrapping is done over the data and keys are only transferred once that lets the computation cost to be comparatively low. There is no limitation imposed on the number of the data sharer. VII. REFERNCES [1] V.Goyal,O. Pandey,A.Sahai,andB. Waters, Attribute- based encryptionforfine-grainedaccesscontrol of encrypted data, in CCS,ACM, 2006,pp.89 98. [2] S.Yu, C. Wang, K. Ren, and W. Lou, Achieving secure, scalable,andfine-graineddata access controlincloud computing, ininfocom, 2010,pp.534 5. [3]R. Ostrovsky,A. Sahai, and B. Waters, Attribute-based encryptionwithnon-monotonic accessstructures, inacm Conference oncomputer andcommunications Security, 2007, pp.195 203. [4] BethencourtJ, SahaiA,WatersB. Ciphertext-policyattribute basedencryption.in:proceedings ofissp;2007,pp. 321-34. [5] BonehD,FranklinM., Identity-basedencryptionfrom theweil pairing. In: Proceedings of CRYPTO. LNCS, vol. 2139; 2001,pp.213-29. 34

[6]Y.Zhu, H.Hu, G.-J.Ahn, D.Huang, and S.Wang, Towards Temporal Access control inclouds, in Proc.IEEE INFOCOM, 2012,pp.2576-2580. [7] Yu, C. Wang, K. Ren, and W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in INFOCOM,IEEE, 2010, pp. 534 542. [8] Y. Zhu, H. Hu, G.-J. Ahn, M. Yu, and H. Zhao, Comparisonbased encryption for fine-grained access control in clouds, in CODASPY, ACM, 2012, pp. 23-55. [9] A.Sahai and B. Waters, Fuzzy identity-based encryption, in EUROCRYPT, Springer, 2005, pp. 457 473. [10] Zhiguo Wan, Jun e Liu, Robert H. Deng, HASBE: A Hierarchical Attribute - Based Solution for Flexible and Scalable Access Control in Cloud Computing, IEEE Transactions on Information Forensincs and Security, Vol. 7, NO. 2, April 2012, pp. 67-90. [11] Tim Mather, Subra Kumaraswamy, shahed Latif, Cloud Security and privacy: An Enterprise respective of risk and compliance Theory in practice, 2012, pp. 98-105. 35

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information