178
Improved Secure Access Control in Cloud Using Sign
Based Ciphertext-Policy Attribute-Based Encryption
Ms.P.Vijaya
Mrs.P.MallikaME,
M.E., (CSE),
Associate Professor/CSE,
Jay Shriram Group of Institutions, Tirupur.
Jay Shriram Group of Institutions, Tirupur.
[email protected]
[email protected]
Abstract- A cloud administrator may not be trusted despite the presence of contractual security obligations, if data security is not
further enforced through technical. Cipher text policy attribute-based encryption (CP-ABE) is becoming a promising cryptographic solution for more security issues. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. Additional security is provided through a group keying mechanism; the data owner controls access based on the distribution of an additional secret key, beyond possession of the required attributes. The new method is Sign based Cipher text-Policy Attribute-based Encryption (S-CP-ABE), which verifies the receiver where the actual receiver is receiving the file among same attribute users. The public verifier act intermediate between information sharers (sender) and information receivers. The data which shared is send to the public verifier (automatic), the public verifier is not a manual user, it is automatic system, the public verifier gets the attribute inputs for that data and compares this with all user’s attributes. Then the retrieved user’s details is shown to the sender, the sender need to give confirmation for the user, then the data gets encrypted with the attributes and the user signature.
Index Terms—cloud administrator, CP-ABE, S-CP-ABE, public verifier
I.INTRODUCTION
Cloud computing, or something being in the cloud, is an expression used to describe a variety of different types of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. In science, cloud computing is a synonym for distributed computing over a network and means the ability to run a program on many connected computers at the same time. The phrase is also more commonly used to refer to network-based services which appear to be provided by real server hardware, which in fact are served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user—arguably, rather like a cloud. The popularity of the term can be attributed to its use in marketing to sell hosted services in the sense of application service provisioning that run client server software on a remote location.
This paper is to propose one method for secure file sharing using Attribute based File Sharing. Enterprises usually store data in internal storage and install firewalls to protect against intruders to access the data. They also standardize data access procedures to prevent insiders to disclose the information without permission. In company, the data will be stored in their server storage for sharing the secure files to their clients. The company administrator must have a viable way to protect their data, especially to prevent the data from disclosure by unauthorized insiders. Storing the data in encrypted form is a common method of information privacy protection. Also have to check the correct authorized client is receiving the data or other
hackers involving. For this checking, the attribute based file sharing method is proposed.
In this method it will check the attributes of the users whether the receiver have the same attributes as the sender mentioned. It will avoid the unauthorized users or hackers. The sender gives the attributes of the receiver while sending the file to the receiver; the file gets encrypted as per the given attributes. The receiver receives the encrypted file, and he has given the attributes, if it’s correct, the original file gets decrypted for the receiver. This allows them to access information without authorization and thus poses a risk to information privacy.
II.OBJECTIVE
To ensure the data security in the cloud, where data owners have more direct control on access policies. To propose a revocable multi-authority CP-ABE scheme, and apply it as the underlying techniques to design the data access control scheme. To achieve efficiently both forward security and backward security using Attribute Revocation Method.
III. EXISTING SYSTEM
179
Multi-authority CP-ABE is more appropriate for data access control of cloud storage systems, as users may hold attributes issued by multiple authorities and data owners may also share the data using access policy defined over attributes from different authorities. For example, in an E-healthsystem, dataowners may share the data using the access policy ‘‘Doctor AND Researcher’’, where the attribute ‘‘Doctor’’ isissued by a medical organization and the attribute ‘‘Researcher’’ is issued by the administrators of a clinical trial. However, it is difficult to directly apply these multi-authority CP-ABE schemes to multi-authority cloud storage systems because of the attribute revocation problem. In multi-authority cloud storage systems, users’ attributes can be changed dynamically. A user may be entitled some new attributes or revoked some current attributes.And his permissionof data access should be changed accordingly. However, existing attribute revocation methods either rely on a trusted server or lack of efficiency, they are not suitable for dealing with the attribute revocation problem in data access control in multi-authority cloud storage systems. The existing algorithm performs following steps
1.Secret Key Generation 2.Data Encryption 3. Data Decryption 4. Attribute Revocation Secret Key Generation
Each user uid is required to authenticate itself to the AAaid before it can be entitled some attributes from the AAaid. The user submits its certificate Certificate (uid) to the AAaid. The AAaid then authenticates the user by using the verification key issued by the CA. If it is a legal user, the AAaid entitles a set of attributes Suid,aid to the user uid according to its role or identity in its administration domain. Otherwise, it aborts. Then, the AAaid generates the user’s secret key SKuid;aid by running the secret key generation algorithm SKeyGen.
Data Encryption
Before hosting data m to cloud servers, the owner processes the data as follows. It divides the data into several data components according to the logic granularities. For example, the personal data may be divided into {name, address, security number, employer, salary}. It encrypts data components with different content keys by using symmetric encryption methods. It then defines an access structure Mi for each content key and encrypts it by running the encryption algorithm Encrypt. The encryption algorithm Encrypt takes as inputs the global public parameters GPP, a set of public keys for all the AAs in the encryptionset IA, the content key and an access structure over all the involved attributes. Let M be a n matrix, where denotes the total number of all the attributes. The function maps each row of M to an attribute. In this construction, we remove the limitation that should be an injective function (i.e., an attribute can associate with more than one rows of M).
Data Decryption
All the legal users in the system can freely query any interested encrypted data. Upon receiving the data from the server, the user runs the decryption algorithm Decrypt to decrypt the ciphertext by using its secret keys from different AAs. Only the attributes the user possesses satisfy the access structure defined in the ciphertext CT, the user can get the content key.
Attribute Revocation
As we described before, there are two requirements of the attribute revocation: 1) The revoked user (whose attribute is revoked) cannot decrypt new ciphertexts encrypted with new public attribute keys (Backward Security); 2) the newly joined user who has sufficient attributes should also be able to decrypt the previously published ciphertexts, which are encrypted with previous public attribute keys (Forward Security). For example, in a university, some archive documents are encrypted under the policy ‘‘CS Dept. AND (Professor OR PhD Student)’’, which means that only the professors or PhD students in CS department are able to decrypt these documents. When a new professor/PhD student joins the CS department of the university, he/she should also be able to decrypt these documents. Our attribute revocation methods can achieve both forward security and backward security.
. The disadvantages of existing system are
The malfunctioning of user takes place with the known attributes of the actual user, the data gets leakaged.
Another one limitation is that it is proved secure under the generic group heuristic.
Same users have a same attributes, unauthorized receiver gets the data, hacking of data takes place. IV.PROPOSED SYSTEM
The proposed method is Sign based Ciphertext Policy Attribute based Encryption scheme. Additional security is provided through a group keying mechanism; the data owner controls access based on the distribution of an additional secret key, beyond possession of the required attributes. The proposed method is the extended CP-ABE, which takes receiver attributes and receiver private key for the encryption and decryption process. The Data owner shares their data to the user by giving the input file and user’s attributes, this request send to the key generator with the data owner public key, the key generator checks the data owner and release the private key of the data owner. After that, the file, attributes, private key are send for encryption process. The corresponding receiver gets the encrypted data, and request forwards to key generator with receiver public key, authenticate and release the receiver private key. After that, the encrypted file, attributes, private key are send for decryption process.
180
The proposed scheme S-CP-ABE solves the duplicate attribute problem, where given attributes matching two users.
The signature and the attribute combination give high security compared to other existing methods.
. There is no separate data owners and public verifier for providing keys and verification process, this will reduce the communication cost and computation cost.
A.Dataflow diagram
Fig 1. Dataflow diagram of S-CP-ABE
B.System Architecture
Fig 2. System Architecture of S-CP-ABE
V. MODULE DESCRIPTION
A.User Interface Design
The main idea of this module is to design the user interface for users in the project. The login page is to design for data owner and data user. After the data owner logins into the system, the page displayed which allows the data owner to achieve the encrypted file upload to the system. When the user logins to the system, the system allows the
user to input the decryption key and attributes for retrieval of specified file. Before accessing the file from system, the user must register into the system
.
VI.SCREENSHOTS
A.Attribute based file sharing
Fig.3.Attribute based file sharing B.Registration
User
Registration
& Login
Registration
Give rights
to access
Group
Manager
Provide
Key
181
Fig.4.Registration
C.User Registration
Fig.5.User Registration D.Filesharing
Fig.6.File sharing E. Uploaded File
Fig.7.Uploaded File
VII.CONCLUSION AND FUTURE WORK In the work, collusion resistance is insured by using a secret-sharing scheme and embedding independently chosen secret shares into each private key. Because of the independence of the randomness used in each invocation of the secret sharing scheme, collusion-resistance follows. In our scenario, users’ private keys are associated with sets of attributes instead of access structures over them, and so secret sharing schemes do not apply. Instead, we devise a novel private key randomization technique that uses a new two-level random masking methodology. This methodology makes use of groups with efficiently computable bilinear maps, and it is the key to our security proof, which we give in the generic bilinear group model. Finally, we provide an implementation of our system to show that our system performs well in practice. We provide a description of both our API and the structure of our implementation. In addition, we provide several techniques for optimizing decryption performance and measure our performance features experimentally
.
In future, additional complication is that our multi authority scheme required that each authority’s attribute set be disjoint. Thus, the set of attributes allowed in each clause must be disjoint. An att ribute based e ncr yp tio n sche me capable of ha nd ling multiple authorities was recently proposed by Chase. The scheme is built upon a single-authority attribute based encryption scheme. a multi-authority attribute based e n c r y p t i o n s c h e m e i n w h i c h o n l y t h e s e t o f r e c i p i e n t s d e fi n e d b y t h e encr ypt ing part y ca n decr ypt a correspondi ng cipher text. T he centr al aut horit y i s vie wed a s “hone st -b ut -curio us”: on the one ha nd it hone stl y follo ws t he protocol, and on the other ha nd it i s curious to decr ypt arbi -trar y cip her te xt s thus violat ing t he i nte nt o f t he encr ypt ing part y.
VIII.REFERENCES [1] P. Mell and T. Grance, ‘‘The NIST Definition of Cloud Computing,’’ National Institute of Standards and
Technology,Gaithersburg, MD, USA, Tech. Rep., 2009.
[2]J.Bethencourt,A.Sahai,andB.Waters,‘‘Ciphertext-PolicyAttribute-Based Encryption,’’ inProc. IEEE Symp.
Security andprivacy (S&P’07), 2007, pp. 321-334. [3] B. Waters, ‘‘Ciphertext-Policy Attribute-Based
Encryption: AnExpressive, Efficient, and Provably Secure Realization,’’ inProc. 4th Int’l Conf. Practice and Theory in Public Key
Cryptography(PKC’11), 2011, pp. 53-70. [4].V.Goyal,A.Jain,O.Pandey,andA.Sahai,‘‘BoundedCiphe
rtextPolicy Attribute Based Encryption,’’ inProc. 35th Int’l Colloquiumon Automata, Languages, and Programming (ICALP’08), 2008,pp. 579-591. [5]A.B.Lewko,T.Okamoto,A.Sahai,K.Takashima,andB.Wa ters,‘‘Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption,’’ in Proc.Advances in Cryptology-EUROCRYPT’10, 2010,
182
[6] M. Chase, ‘‘Multi-Authority Attribute Based Encryption,’’ inProc. 4th Theory of Cryptography Conf.
Theory of Cryptography(TCC’07), 2007, pp. 515-534. [7] M. Chase and S.S.M. Chow, ‘‘Improving Privacy and
Securityin Multi-Authority Attribute-Based Encryption,’’ in Proc. 16thACM Conf. Computer and Comm. Security (CCS’09), 2009,pp. 121-130. [8] A.B. Lewko and B. Waters, ‘‘Decentralizing Attribute-BasedEncryption,’’ inProc. Advances in
Cryptology-EUROCRYPT’11,2011, pp. 568-588. [9]S.Yu,C.Wang,K.Ren,andW.Lou,‘‘AttributeBasedDataS
haring with Attribute Revocation,’’ inProc. 5th ACM Symp.Information, Computer and Comm. Security
(ASIACCS’10), 2010,pp. 261-270. [10]M.Li,S.Yu,Y.Zheng,K.Ren,andW.Lou,‘‘ScalableandS
ecureSharing of Personal Health Records in Cloud Computing UsingAttribute-Based Encryption,’’IEEE Trans. Parallel DistributedSystems, vol. 24, no. 1, pp. 131-143, Jan. 2013.[11] J. Hur and D.K. Noh, ‘‘Attribute-Based Access Control withEfficient Revocation in Data Outsourcing Systems,’’ IEEETrans. Parallel Distributed
Systems, vol. 22, no. 7, pp. 1214-1221,July2011. [12] S. Jahid, P. Mittal, and N. Borisov, ‘‘Easier:
Encryption-BasedAccess Control in Social Networks with Efficient Revocation,’’ inProc. 6th ACM Symp. Information, Computer and Comm.
Security(ASIACCS’11), 2011, pp. 411-415. [13] S. Ruj, A. Nayak, and I. Stojmenovic, ‘‘DACC:
Distributed AccessControl in Clouds,’’ inProc. 10th IEEE
Int’l Conf. TrustCom, 2011,pp. 91-98. [14] K. Yang and X. Jia, ‘‘Attribute-Based Access Control
forMulti-Authority Systems in Cloud Storage,’’ inProc. 32th IEEEInt’l Conf. Distributed Computing Systems (ICDCS’12), 2012,pp. 1-10. [15] D. Boneh and M.K. Franklin, ‘‘Identity-Based Encryption fromthe Weil Pairing,’’ in Proc. 21st Ann. Int’l Cryptology Conf.:Advances in Cryptology - CRYPTO’01, 2001, pp. 213-229. [16] A.B. Lewko and B. Waters, ‘‘New Proof Methods for AttributeBased Encryption: Achieving Full Security through SelectiveTechniques,’’ inProc. 32st Ann. Int’l Cryptology Conf.: Advances inCryptology - CRYPTO’12, 2012, pp. 180-198.
AUTHORS BIOGRAPHY
P.Vijaya received her B.E degree in Dhanalaskhmi Srinivasan Engineering College Perambalur ,India and currently pursuing M.E degree in Jay Shriram Group of Institutions, Tiruppur, India. Her research interests include Cloud Computing,Networks and Operating System..System