• No results found

Improved Secure Access Control in Cloud Using Sign Based Ciphertext-Policy Attribute-Based Encryptio

N/A
N/A
Protected

Academic year: 2020

Share "Improved Secure Access Control in Cloud Using Sign Based Ciphertext-Policy Attribute-Based Encryptio"

Copied!
5
0
0

Loading.... (view fulltext now)

Full text

(1)

178

Improved Secure Access Control in Cloud Using Sign

Based Ciphertext-Policy Attribute-Based Encryption

Ms.P.Vijaya

Mrs.P.MallikaME,

M.E., (CSE),

Associate Professor/CSE,

Jay Shriram Group of Institutions, Tirupur.

Jay Shriram Group of Institutions, Tirupur.

[email protected]

[email protected]

Abstract- A cloud administrator may not be trusted despite the presence of contractual security obligations, if data security is not

further enforced through technical. Cipher text policy attribute-based encryption (CP-ABE) is becoming a promising cryptographic solution for more security issues. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. Additional security is provided through a group keying mechanism; the data owner controls access based on the distribution of an additional secret key, beyond possession of the required attributes. The new method is Sign based Cipher text-Policy Attribute-based Encryption (S-CP-ABE), which verifies the receiver where the actual receiver is receiving the file among same attribute users. The public verifier act intermediate between information sharers (sender) and information receivers. The data which shared is send to the public verifier (automatic), the public verifier is not a manual user, it is automatic system, the public verifier gets the attribute inputs for that data and compares this with all user’s attributes. Then the retrieved user’s details is shown to the sender, the sender need to give confirmation for the user, then the data gets encrypted with the attributes and the user signature.

Index Terms—cloud administrator, CP-ABE, S-CP-ABE, public verifier

I.INTRODUCTION

Cloud computing, or something being in the cloud, is an expression used to describe a variety of different types of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. In science, cloud computing is a synonym for distributed computing over a network and means the ability to run a program on many connected computers at the same time. The phrase is also more commonly used to refer to network-based services which appear to be provided by real server hardware, which in fact are served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user—arguably, rather like a cloud. The popularity of the term can be attributed to its use in marketing to sell hosted services in the sense of application service provisioning that run client server software on a remote location.

This paper is to propose one method for secure file sharing using Attribute based File Sharing. Enterprises usually store data in internal storage and install firewalls to protect against intruders to access the data. They also standardize data access procedures to prevent insiders to disclose the information without permission. In company, the data will be stored in their server storage for sharing the secure files to their clients. The company administrator must have a viable way to protect their data, especially to prevent the data from disclosure by unauthorized insiders. Storing the data in encrypted form is a common method of information privacy protection. Also have to check the correct authorized client is receiving the data or other

hackers involving. For this checking, the attribute based file sharing method is proposed.

In this method it will check the attributes of the users whether the receiver have the same attributes as the sender mentioned. It will avoid the unauthorized users or hackers. The sender gives the attributes of the receiver while sending the file to the receiver; the file gets encrypted as per the given attributes. The receiver receives the encrypted file, and he has given the attributes, if it’s correct, the original file gets decrypted for the receiver. This allows them to access information without authorization and thus poses a risk to information privacy.

II.OBJECTIVE

To ensure the data security in the cloud, where data owners have more direct control on access policies. To propose a revocable multi-authority CP-ABE scheme, and apply it as the underlying techniques to design the data access control scheme. To achieve efficiently both forward security and backward security using Attribute Revocation Method.

III. EXISTING SYSTEM

(2)

179

Multi-authority CP-ABE is more appropriate for data access control of cloud storage systems, as users may hold attributes issued by multiple authorities and data owners may also share the data using access policy defined over attributes from different authorities. For example, in an E-healthsystem, dataowners may share the data using the access policy ‘‘Doctor AND Researcher’’, where the attribute ‘‘Doctor’’ isissued by a medical organization and the attribute ‘‘Researcher’’ is issued by the administrators of a clinical trial. However, it is difficult to directly apply these multi-authority CP-ABE schemes to multi-authority cloud storage systems because of the attribute revocation problem. In multi-authority cloud storage systems, users’ attributes can be changed dynamically. A user may be entitled some new attributes or revoked some current attributes.And his permissionof data access should be changed accordingly. However, existing attribute revocation methods either rely on a trusted server or lack of efficiency, they are not suitable for dealing with the attribute revocation problem in data access control in multi-authority cloud storage systems. The existing algorithm performs following steps

1.Secret Key Generation 2.Data Encryption 3. Data Decryption 4. Attribute Revocation Secret Key Generation

Each user uid is required to authenticate itself to the AAaid before it can be entitled some attributes from the AAaid. The user submits its certificate Certificate (uid) to the AAaid. The AAaid then authenticates the user by using the verification key issued by the CA. If it is a legal user, the AAaid entitles a set of attributes Suid,aid to the user uid according to its role or identity in its administration domain. Otherwise, it aborts. Then, the AAaid generates the user’s secret key SKuid;aid by running the secret key generation algorithm SKeyGen.

Data Encryption

Before hosting data m to cloud servers, the owner processes the data as follows. It divides the data into several data components according to the logic granularities. For example, the personal data may be divided into {name, address, security number, employer, salary}. It encrypts data components with different content keys by using symmetric encryption methods. It then defines an access structure Mi for each content key and encrypts it by running the encryption algorithm Encrypt. The encryption algorithm Encrypt takes as inputs the global public parameters GPP, a set of public keys for all the AAs in the encryptionset IA, the content key and an access structure over all the involved attributes. Let M be a n matrix, where denotes the total number of all the attributes. The function maps each row of M to an attribute. In this construction, we remove the limitation that should be an injective function (i.e., an attribute can associate with more than one rows of M).

Data Decryption

All the legal users in the system can freely query any interested encrypted data. Upon receiving the data from the server, the user runs the decryption algorithm Decrypt to decrypt the ciphertext by using its secret keys from different AAs. Only the attributes the user possesses satisfy the access structure defined in the ciphertext CT, the user can get the content key.

Attribute Revocation

As we described before, there are two requirements of the attribute revocation: 1) The revoked user (whose attribute is revoked) cannot decrypt new ciphertexts encrypted with new public attribute keys (Backward Security); 2) the newly joined user who has sufficient attributes should also be able to decrypt the previously published ciphertexts, which are encrypted with previous public attribute keys (Forward Security). For example, in a university, some archive documents are encrypted under the policy ‘‘CS Dept. AND (Professor OR PhD Student)’’, which means that only the professors or PhD students in CS department are able to decrypt these documents. When a new professor/PhD student joins the CS department of the university, he/she should also be able to decrypt these documents. Our attribute revocation methods can achieve both forward security and backward security.

. The disadvantages of existing system are

The malfunctioning of user takes place with the known attributes of the actual user, the data gets leakaged.

Another one limitation is that it is proved secure under the generic group heuristic.

Same users have a same attributes, unauthorized receiver gets the data, hacking of data takes place. IV.PROPOSED SYSTEM

The proposed method is Sign based Ciphertext Policy Attribute based Encryption scheme. Additional security is provided through a group keying mechanism; the data owner controls access based on the distribution of an additional secret key, beyond possession of the required attributes. The proposed method is the extended CP-ABE, which takes receiver attributes and receiver private key for the encryption and decryption process. The Data owner shares their data to the user by giving the input file and user’s attributes, this request send to the key generator with the data owner public key, the key generator checks the data owner and release the private key of the data owner. After that, the file, attributes, private key are send for encryption process. The corresponding receiver gets the encrypted data, and request forwards to key generator with receiver public key, authenticate and release the receiver private key. After that, the encrypted file, attributes, private key are send for decryption process.

(3)

180

The proposed scheme S-CP-ABE solves the duplicate attribute problem, where given attributes matching two users.

The signature and the attribute combination give high security compared to other existing methods.

. There is no separate data owners and public verifier for providing keys and verification process, this will reduce the communication cost and computation cost.

A.Dataflow diagram

Fig 1. Dataflow diagram of S-CP-ABE

B.System Architecture

Fig 2. System Architecture of S-CP-ABE

V. MODULE DESCRIPTION

A.User Interface Design

The main idea of this module is to design the user interface for users in the project. The login page is to design for data owner and data user. After the data owner logins into the system, the page displayed which allows the data owner to achieve the encrypted file upload to the system. When the user logins to the system, the system allows the

user to input the decryption key and attributes for retrieval of specified file. Before accessing the file from system, the user must register into the system

.

VI.SCREENSHOTS

A.Attribute based file sharing

Fig.3.Attribute based file sharing B.Registration

User

Registration

& Login

Registration

Give rights

to access

Group

Manager

Provide

Key

(4)

181

Fig.4.Registration

C.User Registration

Fig.5.User Registration D.Filesharing

Fig.6.File sharing E. Uploaded File

Fig.7.Uploaded File

VII.CONCLUSION AND FUTURE WORK In the work, collusion resistance is insured by using a secret-sharing scheme and embedding independently chosen secret shares into each private key. Because of the independence of the randomness used in each invocation of the secret sharing scheme, collusion-resistance follows. In our scenario, users’ private keys are associated with sets of attributes instead of access structures over them, and so secret sharing schemes do not apply. Instead, we devise a novel private key randomization technique that uses a new two-level random masking methodology. This methodology makes use of groups with efficiently computable bilinear maps, and it is the key to our security proof, which we give in the generic bilinear group model. Finally, we provide an implementation of our system to show that our system performs well in practice. We provide a description of both our API and the structure of our implementation. In addition, we provide several techniques for optimizing decryption performance and measure our performance features experimentally

.

In future, additional complication is that our multi authority scheme required that each authority’s attribute set be disjoint. Thus, the set of attributes allowed in each clause must be disjoint. An att ribute based e ncr yp tio n sche me capable of ha nd ling multiple authorities was recently proposed by Chase. The scheme is built upon a single-authority attribute based encryption scheme. a multi-authority attribute based e n c r y p t i o n s c h e m e i n w h i c h o n l y t h e s e t o f r e c i p i e n t s d e fi n e d b y t h e encr ypt ing part y ca n decr ypt a correspondi ng cipher text. T he centr al aut horit y i s vie wed a s “hone st -b ut -curio us”: on the one ha nd it hone stl y follo ws t he protocol, and on the other ha nd it i s curious to decr ypt arbi -trar y cip her te xt s thus violat ing t he i nte nt o f t he encr ypt ing part y.

VIII.REFERENCES [1] P. Mell and T. Grance, ‘‘The NIST Definition of Cloud Computing,’’ National Institute of Standards and

Technology,Gaithersburg, MD, USA, Tech. Rep., 2009.

[2]J.Bethencourt,A.Sahai,andB.Waters,‘‘Ciphertext-PolicyAttribute-Based Encryption,’’ inProc. IEEE Symp.

Security andprivacy (S&P’07), 2007, pp. 321-334. [3] B. Waters, ‘‘Ciphertext-Policy Attribute-Based

Encryption: AnExpressive, Efficient, and Provably Secure Realization,’’ inProc. 4th Int’l Conf. Practice and Theory in Public Key

Cryptography(PKC’11), 2011, pp. 53-70. [4].V.Goyal,A.Jain,O.Pandey,andA.Sahai,‘‘BoundedCiphe

rtextPolicy Attribute Based Encryption,’’ inProc. 35th Int’l Colloquiumon Automata, Languages, and Programming (ICALP’08), 2008,pp. 579-591. [5]A.B.Lewko,T.Okamoto,A.Sahai,K.Takashima,andB.Wa ters,‘‘Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption,’’ in Proc.Advances in Cryptology-EUROCRYPT’10, 2010,

(5)

182

[6] M. Chase, ‘‘Multi-Authority Attribute Based Encryption,’’ inProc. 4th Theory of Cryptography Conf.

Theory of Cryptography(TCC’07), 2007, pp. 515-534. [7] M. Chase and S.S.M. Chow, ‘‘Improving Privacy and

Securityin Multi-Authority Attribute-Based Encryption,’’ in Proc. 16thACM Conf. Computer and Comm. Security (CCS’09), 2009,pp. 121-130. [8] A.B. Lewko and B. Waters, ‘‘Decentralizing Attribute-BasedEncryption,’’ inProc. Advances in

Cryptology-EUROCRYPT’11,2011, pp. 568-588. [9]S.Yu,C.Wang,K.Ren,andW.Lou,‘‘AttributeBasedDataS

haring with Attribute Revocation,’’ inProc. 5th ACM Symp.Information, Computer and Comm. Security

(ASIACCS’10), 2010,pp. 261-270. [10]M.Li,S.Yu,Y.Zheng,K.Ren,andW.Lou,‘‘ScalableandS

ecureSharing of Personal Health Records in Cloud Computing UsingAttribute-Based Encryption,’’IEEE Trans. Parallel DistributedSystems, vol. 24, no. 1, pp. 131-143, Jan. 2013.[11] J. Hur and D.K. Noh, ‘‘Attribute-Based Access Control withEfficient Revocation in Data Outsourcing Systems,’’ IEEETrans. Parallel Distributed

Systems, vol. 22, no. 7, pp. 1214-1221,July2011. [12] S. Jahid, P. Mittal, and N. Borisov, ‘‘Easier:

Encryption-BasedAccess Control in Social Networks with Efficient Revocation,’’ inProc. 6th ACM Symp. Information, Computer and Comm.

Security(ASIACCS’11), 2011, pp. 411-415. [13] S. Ruj, A. Nayak, and I. Stojmenovic, ‘‘DACC:

Distributed AccessControl in Clouds,’’ inProc. 10th IEEE

Int’l Conf. TrustCom, 2011,pp. 91-98. [14] K. Yang and X. Jia, ‘‘Attribute-Based Access Control

forMulti-Authority Systems in Cloud Storage,’’ inProc. 32th IEEEInt’l Conf. Distributed Computing Systems (ICDCS’12), 2012,pp. 1-10. [15] D. Boneh and M.K. Franklin, ‘‘Identity-Based Encryption fromthe Weil Pairing,’’ in Proc. 21st Ann. Int’l Cryptology Conf.:Advances in Cryptology - CRYPTO’01, 2001, pp. 213-229. [16] A.B. Lewko and B. Waters, ‘‘New Proof Methods for AttributeBased Encryption: Achieving Full Security through SelectiveTechniques,’’ inProc. 32st Ann. Int’l Cryptology Conf.: Advances inCryptology - CRYPTO’12, 2012, pp. 180-198.

AUTHORS BIOGRAPHY

P.Vijaya received her B.E degree in Dhanalaskhmi Srinivasan Engineering College Perambalur ,India and currently pursuing M.E degree in Jay Shriram Group of Institutions, Tiruppur, India. Her research interests include Cloud Computing,Networks and Operating System..System

Figure

Fig 1. Dataflow diagram of S-CP-ABE  B.System  Architecture

References

Related documents

Since quasigroups in general do not have algebraic properties such as associativity, commutativity, neutral elements, inverting these functions seems to require exponentially

a) To develop profile of contractual claim in term of head of claim, causes of claim, type of project, parties involved, standard form of contract, time of

Growing season means with standard error of MFI for (top down) Net Radiation, Latent Energy, Sensible Heat, Ground heat flux (all W/m 2 ), Bowen Ratio and Energy Balance

Identity provider (IP): IP is defined in the claim definition. It possesses knowledge about the subject and transforms it in the form of claims. It will be able to

Hossain et al Earth, Planets and Space 2014, 66 56 http //www earth planets space com/content/66/1/56 FULL PAPER Open Access Highly varying daytime sodium airglow emissions over an

Since the EPA2-EPA3 intergenic region is required for the silencing activity of Sil@-32kb in the absence of the original copy of Sil2126 (Figure 3A, line 4), we decided to

In the final story in The Toughest Indian in the World , Alexie is fully aware of the problems he has pointed out in his other stories in the volume and sets out to begin

F igure 3.—The statistical genetic signature of the biological interactions in motifs 1 and 10 as the proportion of genetic var- iance explained by marginal (additive and