AN EFFICIENT AND SECURE DATA
SHARING FOR DYNAMIC GROUPS IN
PUBLIC CLOUD
Ms. V. LAKSHMIPRIYA
School of Computer Science and Technology Karunya University
Coimbatore-64114, India. [email protected]
Mr. E. BIJOLIN EDWIN
School of Computer Science and Technology Karunya University
Coimbatore-641114, India. [email protected] Abstract:
Cloud computing and storage solutions facilitate the users to store and process the data in third –party data centers. Group sharing in the cloud is the simpler method for the data owner to share their data with the authorized recipient’s when the data stored in the cloud. Cloud provider cannot be treated as a reliable third party because of its semi trust nature. So the privacy and security of group sharing data have become major issues. To improve the security and privacy of the group sharing data, this framework combines proxy encryption, one time password verification and regular elimination of unwanted files. By applying proxy re-encryption, most computationally rigorous operations can be delegated to cloud servers without revealing any private information.one time secret key is one of the simplest and prominent type compared to the text based passwords, it can be utilized for securing access to accounts. To maintain the cloud file security regular elimination of unwanted files is needed. It reduces the storage overhead also. The performance and results illustrates that our proposed scheme has the prospective to be successfully used for secure data sharing in the cloud.
Keywords: Group sharing, cloud computing, Re-encryption, One-time password.
1. Introduction
Cloud computing facilitates the users to store and operates the data in third-party data centers. The cloud also accents on manipulating the efficiency of shared resources. Cloud resources are regularly not only shared by many users but are also dynamically transferred per demand. Dropbox, OneDrive and Google Drive are three of the leading cloud storage services out there; each one offers a number of diverse benefits. Cloud service providers provide many services to the cloud users by pay as per use. Data leakage is main issue in cloud services because of cloud service provider’s semi-trust nature specifically when the more sensitive data stored in the cloud such as bank details, medical records and business plan. In Group sharing manner is a complicated task because anywhere group admin and all members can store and modify the data while protecting data privacy from semi-trusted cloud service provider. A basic idea provided by existing system to keep respective user’s data confidential against semi-trusted cloud server is encrypting the files, before uploading the data into the cloud server unfortunately a secure data sharing for dynamic groups in public cloud is not easy task because of some challenging issues. In this framework combines proxy re-encryption [6], one time password verification, regular elimination of unwanted files [16] and preventing unauthorized access. Re-encryption improves the security and privacy of the uploaded files and then the one time –passwords improve the security compared to the text-based password.
2. Objective of Proposed Work
To solve the identity and privacy issues, we propose a secure group data sharing over cloud, the main objective of this paper includes:
ii) To provide secure and privacy stabilizing access control to users, this promises any member in the group to secretly utilize the cloud resource, that is group member can access the cloud without revealing the real identity. iii) To reduce the storage overhead.
iv) To give one time passwords (OTP) for protected key distribution.
3. Literature Review
A literature survey has been conducted to study the different methods used for different Group sharing and key distribution in cloud computing. The reference paper is studied and compared with their advantages and disadvantages.
Wong et al. [4] proposed different hierarchical approaches to improve scalability instead of hierarchy of keys are employed. The Technique provides an extensive reduction in the typical server processing time of a join/leave user oriented and key-oriented protocols are used for rekeying.
Kim et al. [1] proposed particular group key contract technique which supports dynamic group membership and differences network failure. Such as group partitions and unites the communication complexity is mainly relevant in a peer group setting since group members can be extent throughout the large network.
Wei et al. [5] proposed a contributory group key agreement that succeeds the performance lower guaranteed by exploiting a novel logical key structure, called PFMH and the perception of phantom user position.
Adrian et al. [11] proposed a new family of protocols addressing combined group key agreement for secure group communication in independent groups and the well-ordered and scalable join and leave mechanism are implemented.
Zhigno et al. [7] extends the ASBE algorithm with a hierarchical structure to progress scalability and flexibility. While at the same time receives the feature of fine-grained access control of ASBE.
Shucheng et al. [6] propose a secure and scalable fine-grained data access control scheme for cloud permitting the data owner to computing. Most of the computation task involved in fine-grained access control to untrusted cloud server without revealing the underlying data contents using combined techniques of ABE, lazy re-encryption, Proxy re-encryption.
Taeho et al. [8] proposed a public verifier is able to audit the integrity of shared data without recovering the entire data from the cloud and also deprived of learning private identity data of the group members.
Alan et al. [2] proposed a scheme provides whole forward and backward security. Newly acknowledged group members cannot read prior messages and dispossessed members cannot read forthcoming messages uniform with collusion by randomly many evicted members.
Yang et al. [9] proposed a DAC-MAC an efficient and secure data access control scheme with efficient decryption and cancellation which is provably secure in the arbitrary oracle model and better performance than existing scheme.
4. Proposed System
The evaluation of literature has exposed that efficient and defensive data sharing in cloud computing is still to be a challenging issue.
To resolve these issues, we recommend a new proposed framework for secure data sharing in cloud computing by combining proxy re-encryption, elimination of expired files, one time passwords and preventing the unauthorized methods. Evaluating to existing work our proposed system offers some special characteristics such as;
i) Provide tough security which is important to store and preserve private data. ii) Provide security against unauthorized access of the cloud data.
The System model includes four different modules: i) Group Admin
ii) Group Leader iii) Group Member iv) Cloud server
Group members are group of registered users who will store their data into the cloud server and share that data to others within the group. Both Group Admin and group member can login using their login details. After successful login, Group Admin make dynamic newly added members of the cloud by providing keys for each member using bilinear mapping they can also check the shared group data, and assign group signature. After successful login, Group Members signature will be verified. After successful authentication, the member can upload, download and they can change the files. Group member must be encrypt the data files before uploading that files into the cloud.
Figure 1: Architecture of Secure group sharing in cloud.
The Group Admin will be reported by the administrator of the company. For that reason we take for fixed that the Group Admin is entirely trusted by the other parties. Group Admin conveys the diverse functions such as system parameters generation, user registration, Group creation, assign group signature, generation of secret key using bilinear mapping.
Cloud is the large storage area of resources. Cloud is responsible for storing all users’ data and granting access to the file inside a group to other group members based on widely available revocation list which is maintaining by Group Admin. To be exact, the cloud server will not cruelly delete or alter user data, due to the protection of data examining schemes.
The user can login correctly only if user name and password are given correctly. The login will fails if the incorrect user name or incorrect password is given by the user. If someone try to access the member login with wrong password in consecutive 3 times, the alert message will be send to admin’s mobile number and that particular member login blocked by group admin. Then the group member will be instructed to change the password to access their login. This helps in stopping unauthorized access.
Secret key distribution Means of distributing secret keys by the Group Admin that is suitable only if the group members are not removed from the group. Key can be given in the form of OTP to the users.
File upload is the process of storing specific data files into the cloud for sharing in the group. An uploaded file exists in the cloud up to the time stated whereas uploading the file. Before uploading the file, file needs to be encrypted and compressed to safeguard the security and privacy of the files. Then it is summarizing with corresponding decryption key and expiration time value for the file and sends it to cloud.
To use the data that are stored in the cloud, group member need to give the group id, data id. Cloud server will check their signature, if the group member in the similar group then approves to the access file. Group member have privileges to access data, but not have rights to remove or alter the data that are stored in the cloud.
In assessment of the fact that the system itself by design remove the shared files if time stated throughout upload procedure will expire. Therefore proposed system does not need open deletion mechanisms.
5. Implementation Details
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the NSA. SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity. For example, computing the hash of a downloaded file and comparing the result to a previously published hash result can show whether the download has been modified or tampered with. A key aspect of cryptographic hash functions is their collision resistance , nobody should be able to find two different input values that result in the same hash output. SHA-256 is novel hash functions computed with 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds.
For example, Hash values of empty string. SHA256 ("")
0x c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a.
Let T is the main set described below:
T={SS,A1,M1,L1,F1,SK1,EX1,RL1,DEF,DREF,SD,FS}
SS= Start state.
A1= Group admin who is responsible for creating groups and adding members in the group. M1= Registered Group member.
L1= Group leader who is accepted by the group admin. F1= File that user need to upload in the cloud storage space. SK1= Secret key for each group members and leaders. EX1= Expiration date of the uploaded files.
RL1= Revocation list which includes member id and data id. DEF= Encrypted data file.
DREF = Re-encrypted data file. SD = Stored data in the database. ES= End state.
Functionality
A1= Create (GS, EX1) M1= Register (Uid, Pwd) L1= Accept (M1)
DEF= EK (F1)
DREF= EK (DEF (F1))
SD= Store data (DEF, DREF, RL1, EX1)
Table 1: Algorithm for Integrity Checking
Upload (FID, DEF (file)) If (FID_status==public) Send_SK M1
M1 send back the SK A1 If(SK==Original)
Upload successfully Else
If (SK≠Original)
Access Denied (or) Blocked endif
6. Methodology
6.1 Re-encryption
The dynamic Broadcast encryption [6] techniques enabling the group leader to dynamically re-encrypt the files, which is already re-encrypted by the group members, when they are uploading files in the cloud. It improves the security and privacy of the uploaded files. In this re-encryption phase group leader will act as proxy. Original group member have the secret key for uploading and downloading files. So that there is no need to update user decryption keys.
6.2 One-Time Passwords (OTP)
One-Time Secret key [8] is one of the easiest and most prominent types of authorization that can be utilized for safeguarding access to accounts. One-Time Passwords are regularly suggested to as secure and more stranded types of confirmation in multi-owner way. Wide-range of security and performance inspection proves that our proposed plan is extremely dynamic and achieves the security basics for open cloud based secure group sharing.
6.3 Removing Unwanted Files
Group data sharing and storing in a dynamic environment dumps enormous quantity of data files in the cloud, which remains in cloud for unlimited period of time. The sensitive data stored may misused by service providers. To preserve cloud file’s security and privacy regular removal of unwanted files is needed. Removal of unwanted files routinely when the predefined time period for sharing stated by data owner has been expired which progress performance of the system in terms of security and efficiency. Also this mechanism reduces the storage overhead during upload and download file in the cloud.
6.4 Preventing the Unauthorized Access
7. Results and Discussion
7.1 Security Analysis
Table 2: Security performance Comparison
As compared with existing systems, our proposed scheme can achieve secure key distribution, reducing storage overhead and preventing unauthorized access.
7.2 Performance Analysis
We evaluated the proposed scheme foundation of the total time stimulated to upload and download a file to/from the cloud. The complete time is collected time from the time of proposal of request to the cloud server to the point of time at which the file uploaded/downloaded to/from the cloud.
Table 3: Comparison of turnaround time
Figure 2: Performance of file upload
Figure 2 demonstrates values of upload time. X axis signifies the file size and Y axis signifies the time. In existing system MODOC 1.85mb was uploaded in 90.2s, where as in proposed system takes 83.6s to upload a 1.85mb file. This graph clearly displays that as evaluate to the existing system the performance of proposed system is higher.
Figure 3: Performance of file download
Figure 3 demonstrates the result for download time. X axis symbolizes the file size Y axis symbolizes the time. In existing system MODOC 1.85mb was downloaded in 59.4s, where as in proposed system takes 52.1s to download a 1.85mb file. The graph clearly explains that as compare to the existing system the presentation of proposed system is higher.
8. Conclusion
This paper gives a note that a cloud information Sharing plan promising security for consistent alteration of enrollment which contains of a mix of assembling signature and element telecast re-encryption systems. Proposed framework supports different clients for sharing basic data over the individuals and every part which comprises the information elements. Proposed work of this paper is able to provide highlights like security and protection valid access control, triviality and traceability. This framework gives high security and ability. As a result intended framework sustains required output, security and adaptability.
References
[1] Yongdae kim, Adrian perrig and Gene tsudik “Group key agreement efficient in communication.” in IEEE Trans. Computers., 2004.
[2] A. T. Sherman, and D. A. McGrew, “Key establishment in large dynamic groups using one-way function trees,” IEEE Trans. Softw.Eng., vol. 29, no. 5, pp. 444–458, May 2003.
[3] M. Steiner, G. Tsudik, and M. Waidner, “Key agreement in dynamic peer groups,” IEEE Trans. Parallel Distrib. Syst., vol. 11, no. 8, pp. 769–780, Aug. 2000.
[4] C. K. Wong, M. Gouda, and S. S. Lam, “Secure group communications using key graphs,” IEEE-ACM Trans. Netw., vol. 8, no. 1, pp. 16–30, Feb. 2000.
[5] W. Yu, Y. Sun, and K. R. Liu, “Optimizing the rekeying cost for contributory group key agreement schemes,” IEEE Trans. Dependable Secure Comput., vol. 4, no. 3, pp. 228–242, Jul.–Sep. 2007.
0 20 40 60 80 100 120
148 520 876 1050 1516 1850
UPLOAD(time)
MODOC
Proposed scheme
0 20 40 60 80 100 120
148 520 876 1050 1516 1850
DOWNLOAD(time)
MODOC
[6] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in Proc. IEEE 29th Conf. Comput. Commun., 2010, pp. 534–542.
[7] Z. Wan, J. Liu, and R. Deng, “HASBE: A hierarchical attribute based solution for flexible and scalable access control in cloud computing,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 2,pp. 743–754, Apr. 2012.
[8] T. Jung, X. Li, Z. Wan, and M. Wan, “Privacy preserving cloud data access with multi-authorities,” in Proc. IEEE Conf. Comput.Commun., 2013, pp. 2625–2633.
[9] K. Yang, X. Jira, K. Ren, and B. Zhang, “DAC-MACS: Effective data access control for multi-authority cloud storage systems,” in Proc. IEEE Conf. Comput. Commun., 2013, pp. 2895–2903.
[10] S. Seo, K. Choi, J. Hwang, and S. Kim, “Efficient certificate less proxy signature scheme with provable security, ”info. Sci., vol. 188, pp. 322–337, 2012.
[11] A. Perring, “Efficient collaborative key management protocols for secure autonomous group communication,” in Proc. Int. Workshop Cryptographic Techno. E-Commerce, 1999, pp. 192–202.
[12] D. Boneh, “The decision Diffie Hellman problem,” in Proc. 3rd Algorithmic Number Theory Symp., 1998, pp. 48–63.].
[13] T. Malkin, S. Oban, Satoshi, and M. Yung, “The hierarchy of key evolving signatures and a characterization of proxy signatures,” in Proc. Int. Conf. Adv. Cryptal., 2004, pp. 306–322.
[14] I. Lam, S. Szebeni, and L. Buttyan, “Tresorium: Cryptographic file system for dynamic groups over untrusted cloud storage,” in Proc. 41st Int.Conf. Parallel Process. Workshops, 2012, pp. 296–303.
[15] Y. Kim, A. Perring, and G. Tsudik, “Simple and fault-tolerant key agreement for dynamic collaborative groups,” in Proc. 7th ACM Conf. Comput. Commun. Security, 2000, pp. 235–244.
[16] Xuefeng Liu, Yuqing Zhang, Bo yang Wang, andJingbo Yan, “Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud”, IEEE Transactions on Parallel and Distributed Systems, Vol.24, No. 6, June 2014
Author Profile
Lakshmipriya.V completed her B.Tech in Information Technology from Sree Sowdambika College of
Engineering, Tamilnadu, India in 2014. At present, she is doing her final year M.Tech in Information Technology in Karunya University, Coimbatore, India. Her area of interests lies in cloud computing and Network security.
Bijolin Edwin.E. Working as an Assistant Professor in Department Of Information Technology, Karunya
