• No results found

DATA IN PUBLIC CLOUD

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "DATA IN PUBLIC CLOUD "

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/813

TO DEVELOP AN EFFICIENT SOLUTION FOR THE PROBLEM OF SHARING CONFIDENTIAL

DATA IN PUBLIC CLOUD

P. Shanmuga Prabha1, N. Shivaanivarsha2

Department of Electronics and Communication Engineering, Sri Sairam Engineering College, Anna University, Chennai, India

1[email protected], 2[email protected]

Abstract— In early days, cryptography used to be performed by using manual techniques. More importantly, computers now perform these cryptographic algorithms thus making the process a lot faster and secure. The approach has three sections: data owner, cloud, and users. The data owner consists of confidential data to share with authorized users by saving it in the public cloud and requesting the cloud to partially decrypt the encoded data when users request the access to the data. The cloud consists of three major sections: encrypted data storage; a key generation center (KGC), which generates pair of public/private key for each user and a security mediation server (SEM), acts as a security mediator for each content request and partially decode the encrypted data for authorized users. The cloud is trusted to provide the security mediation service and key generation perfectly, but it is not trusted for the sensitive data and key guaranteeing. It allows one to have most of the key generation and Organization functionality deployed in the un-trusted cloud as mCL-PKE method does not have the problem of key guarantee and the KGC is unable to provide full private keys of users.

Keywords— SEM, KGC, m CL-PKE, Symmetric key cryptography.

I. INTRODUCTION

Cryptography is the skill and creativity of science by achieving confidentiality by encoding messages to make them un-readable. Cryptanalysis is the technique of decoding messages from a non readable format without knowing how they were initially converted from readable format to non- readable format. In other words, it is like a breaking a code. Cryptology is a connection of cryptography and cryptanalysis. Some cryptographic algorithm is very trivial to understand, replicate and therefore, crack. Some other cryptographic algorithm are highly complicated and therefore, difficult to crack.

Plain text shows a message that can be understood by the sender, receiver and also be anyone else who gets an access to that message or information passing. It encode using any schemes, the outcome word is known to be cipher text. The process of encoding plain text messages into cipher text

messages is called encryption. The reverse process of transforming cipher text messages back to plain text messages is called as decryption. Every encryption and decryption process has two aspects one is algorithm and the other one is key. The key used for encryption and decryption that makes the process of cryptographic secure. There are two cryptographic mechanisms, one is Symmetric Key Cryptography, and it means same key is used for encryption and decryption. Whereas another one is Asymmetric Key Cryptography means one key is used for encryption and different key is used for decryption.

II. ENCRYPTIONBASEDACCESSCONTROL A Fine Grained Encryption establishing a access control is to encrypt various sets on data elements to which the equivalent access control policy present with contrasting symmetric keys and give either the particular keys or the access to derive the keys. Symmetric key based system has the problem of huge cost for the key administration. In order to lower the overhead of key administration, an different approach is to use a public key cryptosystem (PKC) [4]. It desires a trusted Certificate Authority (CA) to concern digital certificate that connect user to their public keys.

The CA has to create its own signature on each user’s public key and maintain each user’s certificate; the overall certificate mechanism is very expensive and complex. Identity Based Public Key Cryptosystem (IBPKC) suffers from the key gurantee problem as the key generation server has the private key of all the users. Attribute Based Encryption (ABE) [2] performs one to encrypt each data item based upon the access control policy relevant to the data.

(2)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/814 III. METHODOLOGY

A. EXISTING SYSTEM

The preceding CL-PKE schemes could not complete the key repudiation problem. In public key cryptography, some private keys are adjusted.

If it is adjusted, then it is no longer confidential to use the particular public keys [1]. To solve the problem, mediated cryptography has to support immediate repudiation. The mediated cryptography is to use a security mediator (SEM) which can control safety measures for every transaction. Once the SEM is identified that a user’s public key should be repudiated, it can stop the user’s partnership in a transaction immediately. The scheme was found to be insecure counter to partial decryption attack, since their security system did not measures the conditions in requesting partial decryptions.

B. PROPOSED SYSTEM

In symmetric key systems, users are need to maintain a number of keys equivalent to at least the logarithm of more number of users, each user only required to manage its public/private key pair [6].

The repudiation of users in a symmetric key system desires updating the private keys given to all the users in the group, private keys of the users are not required to be modify. The mCL-PKE method, a new method to assure the security of data stored in public clouds to access the control requirements.

The SEM, KGC, and the storage access control are semi-trusted and placed in a public cloud. They are not trusted for the security of the data and the keys;

they are reliable for executing the protocols.

From the access control policy, the data owner encodes a symmetric data encryption key utilizing mCL-PKE method and encrypts the data items using symmetric encryption algorithm. Then, data owner upload encrypted data items and the encrypted data encryption key to the cloud. User’s complete private key consists of a hidden value select by the user and a partial private key created by the KGC.

Unlike the CLPKE approach [3], the partial private key is more confidentially given to the SEM, and the user keeps only the hidden key as its own

private key in the mCL-PKE method. So, each user’s access request move to the SEM which checks whether the user is repudiated before it partially decode the encrypted data using the partial private key.

C. ADVANTAGES AND DISADVANTAGES 1) Advantages: It does not suffer from the key gurantee problem. It simplifies a task of key administration for company.

2) Disadvantages: The system is insecure counter to a partial decryption attack. System could not complete the key repudiation problem.

IV REQUIREMENT SPECIFICATION The requirements specification is a technical condition requirement for the software products. In requirements analysis process it lists the requirements of a specific software system including functional, performance and security requirements. The requirements also give usage scenarios from a user, an operational and an organization perspective. The main use of software requirements specification is to give a detailed structure of the software, its parameters and goals.

It describes the target audience or clients and its user interface, hardware and software specifications.

It shows the client, team and audience utilize the project and its functionality.

V SAFETY REQUIREMENT

The software may be secure or critical. If there are problems associated with its integrity section.

The software may not be secure-critical may it forms part of a secure-critical system. For example, software may be log transactions. If a system of maximum integrity section and if the software is of that integrity level, then the hardware must be at least of the equal integrity section.

VI SECURITY REQUIREMENTS

Do not block the some available ports through the windows firewall. Two machines should be

connected with LAN setting.

(3)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/815 A. HARDWARE REQUIREMENTS

1) RAM 512MB and above

2) Processor Pentium IV and above 3) Hard Disk 80 GB and above B. SOFTWARE REQUIREMENTS

1) Operating System Windows 7 2) Web Technologies Asp.NET

3) LanguageC#.NET

4) Server IIS 5.1

5) Dot net Framework V3.5

6) Database MS SQL SERVER (SQL 2008) C. TECHNOLOGIES USED

1) Visual Studio

V SYSTEM DESIGN A. DATA OWNER

From the access control policy, the data owner encodes a symmetric data encryption key using mCL-PKE scheme and encode the data items using symmetric encryption algorithm. Then, data owner uploads encoded data items and the encrypted data encryption key to the cloud.

The advantage of approach matched to conventional methods is that the KGC, which is the entity in charge of creating and generating the keys, placed in a public cloud; it simplifies a task of key administrations for organizations. Figure 1-17 shows the screenshots for the system design modules.

B. IDENTITY TOKEN REGISTRATION

Users register their token to obtain hidden messages in order to later decode the data they are able to access. Users register their tokens relation to the attribute conditions present in ACC with the Owner, and the remaining of the identity tokens [5]

are sub related to the attribute conditions in ACB/ACC with the Cloud.

When Users register with the Owner, the Owner gives them two set of hidden key for the attribute case in ACC that are also available in the sub part of ACPs in ACPB Cloud. The Owner keeps one set of key and gives the other set of key to the Cloud.

Two different sets of keys are used in order to

protect the Cloud from decoding the Owner encrypted data.

C. SECURITY MEDIATOR (SEM)

The attacker has an identity ID and a cipher text CID. In turn the challenger responds with the partial decryption CID under the SEM-key d0 that is assisted with the identity ID. When a user needs to read the data, it posts a request to the SEM to obtain the partially decrypted data item.

The SEM first identifies whether the user is in the access control list and if the user’s KGC-key encoded content is present in the cloud storage devices. If the checking is successful, the SEM gets back the encrypted content from the cloud and partially decoded the content by the SEM-key for the user. The partial decryption at the SEM minimizes the load and overhead on users.

D. KEY GENERATION CENTER (KGC)

The data owner contains the KGC-keys of users from the KGC in the cloud unit. The data owner then symmetrically encodes each data item for the same access control policy using a random session key K and then the data owner encoded the key K by the KGC-keys of users. The encrypted data with the access control list is uploaded and updated in to the cloud. The encrypted data is securely stored in the storage service in the cloud and the access control list, signed by the data owner, is protected in the SEM present in the cloud.

E. DATA ENCRYPTION AND UPLOADING The Owner first encode the data depends upon the Owner’s sub part of ACPs in order to secret the content from the Cloud and then uploads them with the public data created by the AB-GKM Key Gen algorithm and the further sub ACPs to the Cloud are present.

The Cloud in turn encode the data depends upon the keys generated its own AB-GKM Key Gen algorithm. The AB-GKM Key Gen at the Cloud takes the hidden data given to Users and the sub part of the ACPs given by the Owner to generate keys.

(4)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/816

F. DATA VIEW DOWNLOADING AND

DECRYPTION

Users download encoded data from the Cloud and decode twice to access the data. First, the Cloud created public information key is used to derive the OLE key and then the Owner generated public information key is used to derive the ILE key using the AB-GKM Key algorithm.

The overall flow diagram of the design is represented in the figure 1. The two keys are allowed a User to decode a data item only if the User assures the original ACP applied to the data item.

Fig.1. The Overall Flow diagram of the Design

(5)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/817 IV SCREENSHOTS OF THE SYSTEM DESIGN

MODULES

Fig.1. Home

Fig. 2. Contact us

Fig. 3. Login

Fig. 4. Data Owner Register

Fig. 5. Cloud User

Fig. 6. View Request

(6)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/818

Fig. 7. User Details

Fig. 8. Owner Details

Fig. 9. KGC

Fig. 10. SEM

Fig. 11. View Contacts

Fig. 12. Owner Profile

(7)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/819

Fig. 13. Upload Data

Fig. 14. Access Control

Fig. 15. User Profile

Fig. 16. View Data

Fig.17. Decrypt Data

CONCLUSIONS

mCL-PKE method without pairing operations provided its confidentiality. It solves the key gurantee problem and repudiation problems. It is the key building block with an advanced method to secure sharing sensitive data in public clouds. The supports immediate repudiation and trusted the security of the data protected in an un-trusted public cloud while managing the access control policies of the data owner. An efficient approach of mCL-PKE method with advanced method used in the public cloud. For multiple users obtaining the equivalent access control policies, improved approach performs only single encoded information of each data item and minimizes the overall overhead at the data owner.

(8)

P. Shanmuga Prabha and N. Shivaanivarsha ijesird, Vol. III, Issue XII, June 2017/820 REFERENCES

[1] M. Nabeel, N. Shang, and E. Bertino, “Privacy preserving policy based content sharing in public clouds,” IEEE Trans. Knowl. Data Eng., vol. 25, no. 11, pp. 2602–2614, Sept. 2012.

[2] S. Yu, C. Wang, K. Ren, and W. Lou,“Attribute based data sharing with attribute revocation,” in Proc. 5th ASIACCS, New York, NY, USA, 2010, pp. 261–270.

[3] X. W. Lei Xu and X. Zhang, “CL-PKE: A certificateless proxy reencryption scheme for secure data sharing with public cloud,” in ACM Symp. Inform. Comput. Commun. Security, 2012.

[4] S. Al-Riyami and K. Paterson, “Certificateless public key cryptography,” in Proc. ASIACRYPT 2003, C.-S. Laih, Ed. Berlin, Germany: Springer, LNCS 2894, pp. 452–473.

[5] Matthew Green and Susan Hohenberger. Blind identity-based encryption and simulatable oblivious transfer. In ASIACRYPT, volume 4833, pages 265{282, 2007.

[6] S. Halevi. A sufficient condition for key-privacy. Cryptology ePrint Archive, Report 2005/005, 2005.

References

Download now ( PDF - 8 Page - 1.15 MB )

Related documents

Department of Dermatology, University of Würzburg, D Würzburg, Germany

Plaque psoriasis is the most frequent type, also in children, but lesions are often smaller, thinner, and less scaly than in adults.. Treatment can be a challenge because

THE SMALL-FOR-DATE INFANT. II. NEUROLOGICAL AND INTELLECTUAL SEQUELAE

Major neurological defects were un- common with an incidence of 1% for cerebral palsy and 6% for convulsions.. Minimal cerebral dysfunction characterized by hyperactivity, a

Synthesis and Structural Characterization of Polypyrrole/Metal Oxide Composite by NMR Spectroscopy

its good environmental stability, facile synthesis, and higher conductivity and promising commercial applications than many other conducting polymers. But,

Effect of carotenoid volatiles on oviposition and feeding choice of T.ni and T.vaporariorum

choice between different plant genotypes, an oviposition preference towards the transgenic plants. was observed in most cases except for the LeCCD1-2 tomato-cabbage looper

Tailoring the surface chemistry and hydrophobicity of graphene nanopores

( d ) Scatter diagram of the amplitude of the conductance blockade versus translocation time for DNA translocation through a 10-nm diameter nanopore in a graphene monolayer.

Challenges in paper-based fluorogenic optical sensing with smartphones

[87] demonstrated the use of time-resolved fluorescence measurements to study the enhanced FRET efficiency and increased fluorescent lifetime of immobi- lized quantum dots on a

NEUROPROTECTIVE EFFECT OF RESVERATROL ON VALPROIC ACID INDUCED OXIDATIVE STRESS AUTISM IN SWISS ALBINO MICE

Administration of Valproic acid in negative control group significantly (P<0.001) decreased the superoxide dismutase activity when compared with the control

The Probability and Chromosomal Extent of trans-specific Polymorphism

The length of the trans -specific we assume that lineages belonging to different allelic segment surrounding a balanced polymorphism should classes at speciation will almost